c27a83c
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
73638b8
Name: firewalld
c27a83c
Version: 0.3.10
3bcc74d
Release: 4%{?dist}
73638b8
URL: http://fedorahosted.org/firewalld
73638b8
License: GPLv2+
73638b8
Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
c27a83c
%if 0%{?fedora}
3bcc74d
Source1: FedoraServer.xml
3bcc74d
Source2: FedoraWorkstation.xml
ecdf399
Patch0: firewalld-0.2.6-MDNS-default.patch
ef24a35
%endif
e7b59ed
BuildArch: noarch
73638b8
BuildRequires: desktop-file-utils
73638b8
BuildRequires: gettext
73638b8
BuildRequires: intltool
1f08039
# glib2-devel is needed for gsettings.m4
1f08039
BuildRequires: glib2, glib2-devel
56e929d
BuildRequires: systemd-units
e7b59ed
BuildRequires: docbook-style-xsl
b734914
Requires: dbus-python
15e74e1
Requires: python-slip-dbus
ecdf399
Requires: python-decorator
6dde4a6
Requires: pygobject3-base
b734914
Requires: iptables, ebtables
e7b59ed
Requires(post): systemd
e7b59ed
Requires(preun): systemd
e7b59ed
Requires(postun): systemd
7ab6dab
Requires: firewalld-config
73638b8
73638b8
%description
73638b8
firewalld is a firewall service daemon that provides a dynamic customizable 
c27a83c
firewall with a D-Bus interface.
73638b8
73638b8
%package -n firewall-applet
73638b8
Summary: Firewall panel applet
73638b8
Requires: %{name} = %{version}-%{release}
ecdf399
Requires: firewall-config = %{version}-%{release}
73638b8
Requires: hicolor-icon-theme
dae3b70
Requires: gtk3
6dde4a6
Requires: pygobject3-base
73638b8
73638b8
%description -n firewall-applet
73638b8
The firewall panel applet provides a status information of firewalld and also 
73638b8
the firewall settings.
73638b8
ecdf399
%package -n firewall-config
ecdf399
Summary: Firewall configuration application
ecdf399
Requires: %{name} = %{version}-%{release}
ecdf399
Requires: hicolor-icon-theme
6dde4a6
Requires: gtk3
6dde4a6
Requires: pygobject3-base
ecdf399
ecdf399
%description -n firewall-config
ecdf399
The firewall configuration application provides an configuration interface for 
ecdf399
firewalld.
73638b8
7ab6dab
%if 0%{?fedora} > 20
7ab6dab
%package config-standard
7ab6dab
Summary: Firewalld standard configuration settings
7ab6dab
Requires: firewalld = %{version}-%{release}
7ab6dab
Provides: firewalld-config
7ab6dab
Conflicts: system-release-server
7ab6dab
Conflicts: firewalld-config-server
7ab6dab
Conflicts: system-release-workstation
7ab6dab
Conflicts: firewalld-config-workstation
7ab6dab
7ab6dab
%description config-standard
7ab6dab
Standard product firewalld configuration settings.
7ab6dab
7ab6dab
%package config-server
7ab6dab
Summary: Firewalld server configuration settings
7ab6dab
Provides: firewalld-config
7ab6dab
Requires: firewalld = %{version}-%{release}
7ab6dab
Requires: system-release-server
7ab6dab
Conflicts: firewalld-config-workstation
7ab6dab
Conflicts: firewalld-config-standard
7ab6dab
7ab6dab
%description config-server
7ab6dab
Server product specific firewalld configuration settings.
7ab6dab
7ab6dab
%package config-workstation
7ab6dab
Summary: Firewalld workstation configuration settings
7ab6dab
Provides: firewalld-config
7ab6dab
Requires: firewalld = %{version}-%{release}
7ab6dab
Requires: system-release-workstation
7ab6dab
Conflicts: firewalld-config-server
7ab6dab
Conflicts: firewalld-config-standard
7ab6dab
7ab6dab
%description config-workstation
7ab6dab
Workstation product specific firewalld configuration settings.
7ab6dab
%endif
7ab6dab
73638b8
%prep
73638b8
%setup -q
c27a83c
%if 0%{?fedora}
bc23416
%patch0 -p1
ef24a35
%endif
73638b8
73638b8
%build
c802b43
%configure --enable-sysconfig
73638b8
73638b8
%install
b734914
make install DESTDIR=%{buildroot}
56e929d
73638b8
desktop-file-install --delete-original \
e7b59ed
  --dir %{buildroot}%{_sysconfdir}/xdg/autostart \
e7b59ed
  %{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
ecdf399
desktop-file-install --delete-original \
ecdf399
  --dir %{buildroot}%{_datadir}/applications \
ecdf399
  %{buildroot}%{_datadir}/applications/firewall-config.desktop
73638b8
3f62620
install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
3bcc74d
install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
3bcc74d
install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
3f62620
7ab6dab
%if 0%{?fedora} > 20
7ab6dab
# standard firewalld.conf
7ab6dab
mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \
7ab6dab
    %{buildroot}%{_sysconfdir}/firewalld/firewalld-standard.conf
7ab6dab
7ab6dab
# server firewalld.conf
7ab6dab
cp -a %{buildroot}%{_sysconfdir}/firewalld/firewalld-standard.conf \
7ab6dab
    %{buildroot}%{_sysconfdir}/firewalld/firewalld-server.conf
3bcc74d
sed -i 's|^DefaultZone=*|DefaultZone=FedoraServer|g' \
7ab6dab
    %{buildroot}%{_sysconfdir}/firewalld/firewalld-server.conf
7ab6dab
7ab6dab
# workstation firewalld.conf
7ab6dab
cp -a %{buildroot}%{_sysconfdir}/firewalld/firewalld-standard.conf \
7ab6dab
    %{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
3bcc74d
sed -i 's|^DefaultZone=*|DefaultZone=FedoraWorkstation|g' \
7ab6dab
    %{buildroot}%{_sysconfdir}/firewalld/firewalld-workstation.conf
7ab6dab
7ab6dab
rm -f %{buildroot}%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
%endif
7ab6dab
73638b8
%find_lang %{name} --all-name
73638b8
73638b8
%post
7fa1b0e
%systemd_post firewalld.service
73638b8
73638b8
%preun
7fa1b0e
%systemd_preun firewalld.service
73638b8
73638b8
%postun
7fa1b0e
%systemd_postun_with_restart firewalld.service 
7fa1b0e
73638b8
2b8e74f
%post -n firewall-applet
045dfa5
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
2b8e74f
2b8e74f
%postun -n firewall-applet
2b8e74f
if [ $1 -eq 0 ] ; then
045dfa5
    /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
045dfa5
    /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
045dfa5
    /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
2b8e74f
fi
2b8e74f
2b8e74f
%posttrans -n firewall-applet
045dfa5
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
1f08039
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
1f08039
73638b8
045dfa5
%post -n firewall-config
045dfa5
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
045dfa5
045dfa5
%postun -n firewall-config
045dfa5
if [ $1 -eq 0 ] ; then
045dfa5
    /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null
045dfa5
    /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
87ffdf6
    /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
045dfa5
fi
045dfa5
045dfa5
%posttrans -n firewall-config
045dfa5
/usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
87ffdf6
/usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
045dfa5
7ab6dab
%if 0%{?fedora} > 20
7ab6dab
%post config-standard
7ab6dab
if [ $1 -eq 1 ]; then # Initial installation
7ab6dab
    # link standard config
7ab6dab
    rm -f %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
    ln -sf firewalld-standard.conf %{_sysconfdir}/firewalld/firewalld.conf || :
7ab6dab
fi
7ab6dab
7ab6dab
%triggerin config-standard -- firewalld
7ab6dab
if [ $1 -eq 1 ]; then
7ab6dab
    # link server policy
7ab6dab
    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
7ab6dab
fi
7ab6dab
7ab6dab
%post config-server
7ab6dab
if [ $1 -eq 1 ]; then # Initial installation
7ab6dab
    # link server config
7ab6dab
    rm -f %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
    ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
7ab6dab
fi
7ab6dab
7ab6dab
%triggerin config-server -- firewalld
7ab6dab
if [ $1 -eq 1 ]; then
7ab6dab
    # link server policy
7ab6dab
    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
7ab6dab
fi
7ab6dab
7ab6dab
%post config-workstation
7ab6dab
if [ $1 -eq 1 ]; then # Initial installation
7ab6dab
    # link workstation config
7ab6dab
    rm -f %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
    ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
7ab6dab
fi
7ab6dab
7ab6dab
%triggerin config-workstation -- firewalld
7ab6dab
if [ $1 -eq 1 ]; then
7ab6dab
    # link desktop policy
7ab6dab
    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
    ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
7ab6dab
fi
7ab6dab
%endif
7ab6dab
73638b8
%files -f %{name}.lang
e7b59ed
%doc COPYING README
73638b8
%{_sbindir}/firewalld
73638b8
%{_bindir}/firewall-cmd
a6b084e
%{_bindir}/firewall-offline-cmd
c802b43
%dir %{_datadir}/bash-completion/completions
c802b43
%{_datadir}/bash-completion/completions/firewall-cmd
b734914
%defattr(0640,root,root)
2b8e74f
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld
2b8e74f
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/icmptypes
2b8e74f
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/services
2b8e74f
%attr(0750,root,root) %dir %{_prefix}/lib/firewalld/zones
2b8e74f
%{_prefix}/lib/firewalld/icmptypes/*.xml
2b8e74f
%{_prefix}/lib/firewalld/services/*.xml
2b8e74f
%{_prefix}/lib/firewalld/zones/*.xml
b734914
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
7ab6dab
%if 0%{?fedora} <= 20
2b8e74f
%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
%endif
7b258f3
%config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml
b734914
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes
b734914
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services
b734914
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones
b734914
%defattr(0644,root,root)
73638b8
%config(noreplace) %{_sysconfdir}/sysconfig/firewalld
b734914
#%attr(0755,root,root) %{_initrddir}/firewalld
56e929d
%{_unitdir}/firewalld.service
73638b8
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
c27a83c
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy
c27a83c
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy
b734914
%attr(0755,root,root) %dir %{python_sitelib}/firewall
b734914
%attr(0755,root,root) %dir %{python_sitelib}/firewall/config
b734914
%attr(0755,root,root) %dir %{python_sitelib}/firewall/core
b734914
%attr(0755,root,root) %dir %{python_sitelib}/firewall/core/io
b734914
%attr(0755,root,root) %dir %{python_sitelib}/firewall/server
b734914
%{python_sitelib}/firewall/*.py*
b734914
%{python_sitelib}/firewall/config/*.py*
b734914
%{python_sitelib}/firewall/core/*.py*
b734914
%{python_sitelib}/firewall/core/io/*.py*
b734914
%{python_sitelib}/firewall/server/*.py*
e7b59ed
%{_mandir}/man1/firewall*cmd*.1*
e7b59ed
%{_mandir}/man1/firewalld*.1*
14ea6c4
%{_mandir}/man5/firewall*.5*
73638b8
73638b8
%files -n firewall-applet
73638b8
%{_bindir}/firewall-applet
73638b8
%defattr(0644,root,root)
e7b59ed
%{_sysconfdir}/xdg/autostart/firewall-applet.desktop
73638b8
%{_datadir}/icons/hicolor/*/apps/firewall-applet*.*
b734914
%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallApplet.gschema.xml
e7b59ed
%{_mandir}/man1/firewall-applet*.1*
73638b8
ecdf399
%files -n firewall-config
ecdf399
%{_bindir}/firewall-config
ecdf399
%defattr(0644,root,root)
a7e552c
%{_datadir}/firewalld/firewall-config.glade
7fa1b0e
%{_datadir}/firewalld/gtk3_chooserbutton.py*
ecdf399
%{_datadir}/applications/firewall-config.desktop
c27a83c
%{_datadir}/appdata/firewall-config.appdata.xml
a7e552c
%{_datadir}/icons/hicolor/*/apps/firewall-config*.*
87ffdf6
%{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
e7b59ed
%{_mandir}/man1/firewall-config*.1*
73638b8
7ab6dab
%if 0%{?fedora} > 20
7ab6dab
%files config-standard
7ab6dab
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
7ab6dab
%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
7ab6dab
%files config-server
7ab6dab
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
7ab6dab
%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
7ab6dab
%files config-workstation
7ab6dab
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
7ab6dab
%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
7ab6dab
%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
7ab6dab
%endif
7ab6dab
73638b8
%changelog
3bcc74d
* Tue Jul  8 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-4
3bcc74d
- renamed fedora specific zones to FedoraServer and FedoraWorkstation for 
3bcc74d
  zone name limitations (length and allowed chars)
3bcc74d
7ab6dab
* Mon Jul  7 2014 Thomas Woerner <twoerner@redhat.com> - 0.3.10-3
7ab6dab
- New support for Fedora per-product configuration settings for Fedora.next
7ab6dab
  https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft
3f62620
- Added Fedora server zone (RHBZ#1110711)
3f62620
- Added Fedora workstation zone(RHBZ#1113775)
7ab6dab
f51ba28
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.10-2
f51ba28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
f51ba28
c27a83c
* Wed May 28 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.10-1
c27a83c
- new services: freeipa-*, puppermaster, amanda-k5, synergy,
c27a83c
                xmpp-*, tor, privoxy, sane
c27a83c
- do not use at_console in D-Bus policies (RHBZ#1094745)
c27a83c
- apply all rich rules for non-default targets
c27a83c
- AppData file (RHBZ#1094754)
c27a83c
- separate Polkit actions for desktop & server (RHBZ#1091068)
c27a83c
- sanitize missing ip6t_rpfilter (RHBZ#1074427)
c27a83c
- firewall/core/io/*: few improvements (RHBZ#1065738)
c27a83c
- no load failed error for absent direct.xml file
c27a83c
- new DBUS_INTERFACE.getZoneSettings to get all run-time zone settings
c27a83c
- fixed creation and deletion of zones, services and icmptypes over D-Bus signals
c27a83c
- FirewallClientZoneSettings: Set proper default target
c27a83c
- if Python2 then encode strings from sax parser (RHBZ#1059104, RHBZ#1058853)
c27a83c
- firewall-cmd:
c27a83c
  - don't colour output of query commands (RHBZ#1097841)
c27a83c
  - use "default" instead of {chain}_{zone} (RHBZ#1075675)
c27a83c
  - New --get-target and --set-target
c27a83c
  - Create and remove permanent zones, services and icmptypes
c27a83c
- firewall-config:
c27a83c
  - Adding services and icmptypes resulted in duplicates in UI
c27a83c
  - Use left button menu of -applet in Option menu
c27a83c
- firewall-offline-cmd: same functionality as 'firewall-cmd --permanent'
c27a83c
- firewall-applet: ZoneConnectionEditor was missing the Default Zone entry
c27a83c
- bash-completion: getting zones/services/icmps is different with/without --permanent
c27a83c
- firewalld.zone(5): removed superfluous slash (RHBZ#1091575)
c27a83c
- updated translations
c27a83c
cabfc2d
* Wed Feb 05 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9.3-1
cabfc2d
- Fixed persistent port forwarding (RHBZ#1056154)
cabfc2d
- Stop default zone rules being applied to all zones (RHBZ#1057875)
cabfc2d
- Enforce trust, block and drop zones in the filter table only (RHBZ#1055190)
cabfc2d
- Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505)
cabfc2d
- Fix writing of rule.audit in zone_writer()
cabfc2d
660f9ab
* Fri Jan 17 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9.2-1
660f9ab
- fix regression introduced in 0.3.9 (RHBZ#1053932)
660f9ab
3c3e49e
* Thu Jan 16 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9.1-1
3c3e49e
- fix regressions introduced in 0.3.9 (RHBZ#1054068, RHBZ#1054120)
3c3e49e
ad89fb7
* Mon Jan 13 2014 Jiri Popelka <jpopelka@redhat.com> - 0.3.9-1
ad89fb7
- translation updates
ad89fb7
- New IPv6_rpfilter setting to enable source address validation (RHBZ#847707)
ad89fb7
- Do not mix original and customized zones in case of target changes,
ad89fb7
  apply only used zones
ad89fb7
- firewall-cmd: fix --*_lockdown_whitelist_uid to work with uid 0
ad89fb7
- Don't show main window maximized. (RHBZ#1046811)
ad89fb7
- Use rmmod instead of 'modprobe -r' (RHBZ#1031102)
ad89fb7
- Deprecate 'enabled' attribute of 'masquerade' element
ad89fb7
- firewall-config: new zone was added twice to the list
ad89fb7
- firewalld.dbus(5)
ad89fb7
- Enable python shebang fix again
ad89fb7
- firewall/client: handle_exceptions: Use loop in decorator
ad89fb7
- firewall-offline-cmd: Do not mask firewalld service with disabled option
ad89fb7
- firewall-config: richRuleDialogActionRejectType Entry -> ComboBox
ad89fb7
- Rich_Rule: fix parsing of reject element (RHBZ#1027373)
ad89fb7
- Show combined zones in permanent configuration (RHBZ#1002016)
ad89fb7
- firewall-cmd(1): document exit code 2 and colored output (RHBZ#1028507)
ad89fb7
- firewall-config: fix RHBZ#1028853
ad89fb7
15e74e1
* Tue Nov 05 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.8-1
15e74e1
- fix memory leaks
15e74e1
- New option --debug-gc
15e74e1
- Python3 compatibility
15e74e1
- Better non-ascii support
15e74e1
- several firewall-config & firewall-applet fixes
15e74e1
- New --remove-rules commands for firewall-cmd and removeRules methods for D-Bus
15e74e1
- Fixed FirewallDirect.get_rules to return proper list
15e74e1
- Fixed LastUpdatedOrderedDict.keys()
15e74e1
- Enable rich rule usage in trusted zone (RHBZ#994144)
15e74e1
- New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and INVALID_UID
15e74e1
71ed813
* Thu Oct 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.7-1
71ed813
- Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376)
71ed813
- bash-completion: --permanent --direct options
71ed813
- firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087)
71ed813
- firewall-cmd: use client's exception_handler instead of catching exceptions ourselves
71ed813
- FirewallClientZoneSettings: fix {add|remove|query}RichRule()
71ed813
- Extend amanda-client service with 10080/tcp (RHBZ#1016867)
71ed813
- Simplify Rich_Rule()_lexer() by using functions.splitArgs()
71ed813
- Fix encoding problems in exception handling (RHBZ#1015941)
71ed813
f9bb7ae
* Fri Oct 04 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.2-1
f9bb7ae
- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958)
f9bb7ae
- firewall-cmd: fix variable name (RHBZ#1015011)
f9bb7ae
8606b62
* Thu Oct 03 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6.1-1
8606b62
- remove superfluous po files from archive
8606b62
87ffdf6
* Wed Oct 02 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.6-1
87ffdf6
- firewalld.richlanguage.xml: correct log levels (RHBZ#993740)
87ffdf6
- firewall-config: Make sure that all zone settings are updated properly on firewalld restart
87ffdf6
- Rich_Limit: Allow long representation for duration (RHBZ#994103
87ffdf6
- firewall-config: Show "Changes applied." after changes (RHBZ#993643)
87ffdf6
- Use own connection dialog to change zones for NM connections
87ffdf6
- Rename service cluster-suite to high-availability (RHBZ#885257)
87ffdf6
- Permanent direct support for firewall-config and firewall-cmd
87ffdf6
- Try to avoid file descriptor leaking (RHBZ#951900)
87ffdf6
- New functions to split and join args properly (honoring quotes)
87ffdf6
- firewall-cmd(1): 2 simple examples
87ffdf6
- Better IPv6 NAT checking.
87ffdf6
- Ship firewalld.direct(5).
87ffdf6
606593b
* Mon Sep 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.5-1
606593b
- Only use one PK action for configuration (RHBZ#994729)
606593b
- firewall-cmd: indicate non-zero exit code with red color
606593b
- rich-rule: enable to have log without prefix & log_level & limit
606593b
- log-level warn/err -> warning/error (RHBZ#1009436)
606593b
- Use policy DROP while reloading, do not reset policy in restart twice
606593b
- Add _direct chains to all table and chain combinations
606593b
- documentation improvements
606593b
- New firewalld.direct(5) man page docbook source
606593b
- tests/firewall-cmd_test.sh: make rich language tests work
606593b
- Rich_Rule._import_from_string(): improve error messages (RHBZ#994150)
606593b
- direct.passthrough wasn't always matching out_signature (RHBZ#967800)
606593b
- firewall-config: twist ICMP Type IP address family logic.
606593b
- firewall-config: port-forwarding/masquerading dialog (RHBZ#993658)
606593b
- firewall-offline-cmd: New --remove-service=<service> option (BZ#969106)
606593b
- firewall-config: Options->Lockdown was not changing permanent.
606593b
- firewall-config: edit line on doubleclick (RHBZ#993572)
606593b
- firewall-config: System Default Zone -> Default Zone (RHBZ#993811)
606593b
- New direct D-Bus interface, persistent direct rule handling, enabled passthough
606593b
- src/firewall-cmd: Fixed help output to use more visual parameters
606593b
- src/firewall-cmd: New usage output, no redirection to man page anymore
606593b
- src/firewall/core/rich.py: Fixed forwad port destinations
606593b
- src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask
606593b
- doc/xml/firewalld.zone.xml: Added more information about masquerade use
606593b
- Prefix to log message is optional (RHBZ#998079)
606593b
- firewall-cmd: fix --permanent --change-interface (RHBZ#997974)
606593b
- Sort zones/interfaces/service/icmptypes on output.
606593b
- wbem-https service (RHBZ#996668)
606593b
- applet&config: add support for KDE NetworkManager connection editor
606593b
- firewall/core/fw_config.py: New method update_lockdown_whitelist
606593b
- Added missing file watcher for lockdown whitelist in config D-Bus interface
606593b
- firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct
606593b
- Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)
606593b
e7b59ed
* Tue Jul 30 2013 Thomas Woerner <twoerner@redhat.com> 0.3.4-1
e7b59ed
- several rich rule check enhancements and fixes
e7b59ed
- firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505)
e7b59ed
- firewall-cmd(1): improve description of direct options (RHBZ#970509)
e7b59ed
- several firewall-applet enhancements and fixes
e7b59ed
- New README
e7b59ed
- several doc and man page fixes
e7b59ed
- Service definitions for PCP daemons (RHBZ#972262)
e7b59ed
- bash-completion: add lockdown and rich language options
e7b59ed
- firewall-cmd: add --permanent --list-all[-zones]
e7b59ed
- firewall-cmd: new -q/--quiet option
e7b59ed
- firewall-cmd: warn when default zone not active (RHBZ#971843)
e7b59ed
- firewall-cmd: check priority in --add-rule (RHBZ#914955)
e7b59ed
- add dhcpv6 (for server) service (RHBZ#917866)
e7b59ed
- firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source
e7b59ed
- firewall-cmd: print result (yes/no) of all --query-* commands
e7b59ed
- move permanent-getZoneOf{Interface|Source} from firewall-cmd to server
e7b59ed
- Check Interfaces/sources when updating permanent zone settings.
e7b59ed
- FirewallDConfig: getZoneOfInterface/Source can actually return more zones
e7b59ed
- Fixed toaddr check in forward port to only allow single address, no range
e7b59ed
- firewall-cmd: various output improvements
e7b59ed
- fw_zone: use check_single_address from firewall.functions
e7b59ed
- getZoneOfInterface/Source does not need to throw exception
e7b59ed
- firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask
e7b59ed
- firewall.core.io.service: Properly check port/proto and destination address
e7b59ed
- Install applet desktop file into /etc/xdg/autostart
e7b59ed
- Fixed option problem with rich rule destinations (RHBZ#979804)
e7b59ed
- Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790)
e7b59ed
- Updated firewall-offline-cmd
e7b59ed
- Use priority in add, remove, query and list of direct rules (RHBZ#979509)
e7b59ed
- New documentation (man pages are created from docbook sources)
e7b59ed
- firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods
e7b59ed
- direct: pass priority also to client.py and firewall-cmd
e7b59ed
- applet: New blink and blink-count settings
e7b59ed
- firewall.functions: New function ppid_of_pid
e7b59ed
- applet: Check for gnome3 and fix it, use new settings, new size-changed cb
e7b59ed
- firewall-offline-cmd: Fix use of systemctl in chroot
e7b59ed
- firewall-config: use string.ascii_letters instead of string.letters
e7b59ed
- dbus_to_python(): handle non-ascii chars in dbus.String.
e7b59ed
- Modernize old syntax constructions.
e7b59ed
- dict.keys() in Python 3 returns a "view" instead of list
e7b59ed
- Use gettext.install() to install _() in builtins namespace.
e7b59ed
- Allow non-ascii chars in 'short' and 'description'
e7b59ed
- README: More information for "Working With The Source Repository"
e7b59ed
- Build environment fixes
e7b59ed
- firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base
e7b59ed
- firewall-applet: New setting show-inactive
e7b59ed
- Don't stop on reload when lockdown already enabled (RHBZ#987403)
e7b59ed
- firewall-cmd: --lockdown-on/off did not touch firewalld.conf
e7b59ed
- FirewallApplet.gschema.xml: Dropped unused sender-info setting
e7b59ed
- doc/firewall-applet.xml: Added information about gsettings
e7b59ed
- several debug and log message fixes
e7b59ed
- Add chain for sources so they can be checked before interfaces (RHBZ#903222)
e7b59ed
- Add dhcp and proxy-dhcp services (RHBZ#986947)
e7b59ed
- io/Zone(): don't error on deprecated family attr of source elem
e7b59ed
- Limit length of zone file name (to 12 chars) due to Netfilter internals.
e7b59ed
- It was not possible to overload a zone with defined source(s).
e7b59ed
- DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone}
e7b59ed
- New runtime get<X>Settings for services and icmptypes, fixed policies callbacks
e7b59ed
- functions: New functions checkUser, checkUid and checkCommand
e7b59ed
- src/firewall/client: Fixed lockdown-whitelist-updated signal handling
e7b59ed
- firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule
e7b59ed
- Rich rule service: Only add modules for accept action
e7b59ed
- firewall/core/rich: Several fixes and enhanced checks
e7b59ed
- Fixed reload of direct rules
e7b59ed
- firewall/client: New functions to set and get the exception handler
e7b59ed
- firewall-config: New and enhanced UI to handle lockdown and rich rules
e7b59ed
- zone's immutable attribute is redundant
e7b59ed
- Do not allow to set settings in config for immutable zones.
e7b59ed
- Ignore deprecated 'immutable' attribute in zone files.
e7b59ed
- Eviscerate 'immutable' completely.
e7b59ed
- FirewallDirect.query_rule(): fix it
e7b59ed
- permanent direct: activate firewall.core.io.direct:Direct reader
e7b59ed
- core/io/*: simplify getting of character data
e7b59ed
- FirewallDirect.set_config(): allow reloading
e7b59ed
e7b59ed
* Thu Jun 20 2013  Jiri Popelka <jpopelka@redhat.com>
e7b59ed
- Remove migrating to a systemd unit file from a SysV initscript
e7b59ed
- Remove pointless "ExclusiveOS" tag
e7b59ed
158ba25
* Fri Jun  7 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-2
87ffdf6
- Fixed rich rule check for use in D-Bus
158ba25
09913de
* Thu Jun  6 2013 Thomas Woerner <twoerner@redhat.com> 0.3.3-1
09913de
- new service files
09913de
- relicensed logger.py under GPLv2+
09913de
- firewall-config: sometimes we don't want to use client's exception handler
09913de
- When removing Service/IcmpType remove it from zones too (RHBZ#958401)
09913de
- firewall-config: work-around masquerade_check_cb() being called more times
09913de
- Zone(IO): add interfaces/sources to D-Bus signature
09913de
- Added missing UNKNOWN_SOURCE error code
09913de
- fw_zone.check_source: Raise INVALID_FAMILY if family is invalid
09913de
- New changeZoneOfInterface method, marked changeZone as deprecated
09913de
- Fixed firewall-cmd man page entry for --panic-on
09913de
- firewall-applet: Fixed possible problems of unescaped strings used for markup
09913de
- New support to bind zones to source addresses and ranges (D-BUS, cmd, applet
09913de
- Cleanup of unused variables in FirewallD.start
09913de
- New firewall/fw_types.py with LastUpdatedOrderedDict
09913de
- direct.chains, direct.rules: Using LastUpdatedOrderedDict
09913de
- Support splitted zone files
09913de
- New reader and writer for stored direct chains and rules
09913de
- LockdownWhitelist: fix write(), add get_commands/uids/users/contexts()
09913de
- fix service_writer() and icmptype_writer() to put newline at end of file
09913de
- firewall-cmd: fix --list-sources
09913de
- No need to specify whether source address family is IPv4 or IPv6
09913de
- add getZoneOfSource() to D-Bus interface
09913de
- Add tests and bash-completion for the new "source" operations
09913de
- Convert all input args in D-Bus methods
09913de
- setDefaultZone() was calling accessCheck() *after* the action
09913de
- New uniqify() function to remove duplicates from list whilst preserving order
09913de
- Zone.combine() merge also services and ports
09913de
- config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518)
09913de
- firewall-applet: more fixes to make the address sources family agnostic
09913de
- Better defaults for lockdown white list
09913de
- Use auth_admin_keep for allow_any and allow_inactive also
09913de
- New D-Bus API for lockdown policies
09913de
- Use IPv4, IPv6 and BRIDGE for FirewallD properties
09913de
- Use rich rule action as audit type
09913de
- Prototype of string-only D-Bus interface for rich language
09913de
- Fixed wrongly merged source family check in firewall/core/io/zone.py
09913de
- handle_cmr: report errors, cleanup modules in error case only, mark handling
09913de
- Use audit type from rule action, fixed rule output
09913de
- Fixed lockdown whitelist D-Bus handling method names
09913de
- New rich rule handling in runtime D-Bus interface
09913de
- Added interface, source and rich rule handling (runtime and permanent)
09913de
- Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown
09913de
- Write changes in setLockdownWhitelist
09913de
- Fixed typo in policies log message in method calls
09913de
- firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling
09913de
- Don't check access in query/getLockdownWhitelist*()
09913de
- firewall-cmd: Also output masquerade flag in --list-all
09913de
- firewall-cmd: argparse is able to convert argument to desired type itself
09913de
- firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist
09913de
- Makefile.am: add missing files
09913de
- firewall-cmd_test.sh: tests for rich rules
09913de
- Added lockdown, source, interface and rich rule docs to firewall-cmd
09913de
- Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098)
09913de
- Use <rule> in metavar for firewall-cmd parser
09913de
153e91a
* Fri May 10 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-2
153e91a
- removed unintentional en_US.po from tarball
153e91a
621401b
* Tue Apr 30 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.2-1
621401b
- Fix signal handling for SIGTERM
621401b
- Additional service files (RHBZ#914859)
621401b
- Updated po files
621401b
- s/persistent/permanent/ (Trac Ticket #7)
621401b
- Better behaviour when running without valid DISPLAY (RHBZ#955414)
621401b
- client.handle_exceptions(): do not loop forever
621401b
- Set Zone.defaults in zone_reader (RHBZ#951747)
621401b
- client: do not pass the dbus exception name to handler
621401b
- IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741)
621401b
- firewall-cmd: do not use deprecated BaseException.message
621401b
- client.py: fix handle_exceptions() (RHBZ#951314)
621401b
- firewall-config: check zone/service/icmptype name (RHBZ#947820)
621401b
- Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257)
621401b
- firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230)
621401b
- FirewallError.get_code(): check for unknown error
621401b
266373a
* Wed Apr 17 2013 Jiri Popelka <jpopelka@redhat.com> - 0.3.1-2
266373a
- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)
266373a
c802b43
* Thu Mar 28 2013 Thomas Woerner <twoerner@redhat.com> 0.3.1-1
c802b43
- Use explicit file lists for make dist
c802b43
- New rich rule validation check code
c802b43
- New global check_port and check_address functions
c802b43
- Allow source white and black listing with the rich rule
c802b43
- Fix error handling in case of unsupported family in rich rule
c802b43
- Enable ip_forwarding in masquerade and forward-port
c802b43
- New functions to read and write simple files using filename and content
c802b43
- Add --enable-sysconfig to install Fedora-specific sysconfig config file.
c802b43
- Add chains for security table (RHBZ#927015)
c802b43
- firewalld.spec: no need to specify --with-systemd-unitdir
c802b43
- firewalld.service: remove syslog.target and dbus.target
c802b43
- firewalld.service: replace hard-coded paths
c802b43
- Move bash-completion to new location.
c802b43
- Revert "Added configure for new build env"
c802b43
- Revert "Added Makefile.in files"
c802b43
- Revert "Added po/Makefile.in.in"
c802b43
- Revert "Added po/LINGUAS"
c802b43
- Revert "Added aclocal.m4"
c802b43
- Amend zone XML Schema
c802b43
7b258f3
* Wed Mar 20 2013 Thomas Woerner <twoerner@redhat.com> 0.3.0-1
7b258f3
- Added rich language support
7b258f3
- Added lockdown feature
7b258f3
- Allow to bind interfaces and sources to zones permanently
7b258f3
- Enabled IPv6 NAT support
7b258f3
  masquerading and port/packet forwarding for IPv6 only with rich language
7b258f3
- Handle polkit errors in client class and firewall-config
7b258f3
- Added priority description for --direct --add-rule in firewall-cmd man page
7b258f3
- Add XML Schemas for zones/services/icmptypes XMLs
7b258f3
- Don't keep file descriptors open when forking
7b258f3
- Introduce --nopid option for firewalld
7b258f3
- New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782)
7b258f3
- Update cluster-suite service (RHBZ#885257)
7b258f3
- firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912)
7b258f3
- Fix interaction problem of changed event of gtk combobox with polkit-kde
7b258f3
  by processing all remaining events (RHBZ#915892)
7b258f3
- Stop default zone rules being applied to all zones (RHBZ#912782)
7b258f3
- Firewall.start(): don't call set_default_zone()
7b258f3
- Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages
7b258f3
- firewalld-cmd: make --state verbose (RHBZ#886484)
7b258f3
- improve firewalld --help (RHBZ#910492)
7b258f3
- firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834)
7b258f3
- Continue loading zone in case of wrong service/port etc. (RHBZ#909466)
7b258f3
- Check also services and icmptypes in Zone() (RHBZ#909466)
7b258f3
- Increase the maximum length of the port forwarding fields from 5 to 11 in
7b258f3
  firewall-config
7b258f3
- firewall-cmd: add usage to fail message
7b258f3
- firewall-cmd: redefine usage to point to man page
7b258f3
- firewall-cmd: fix visible problems with arg. parsing
7b258f3
- Use argparse module for parsing command line options and arguments
7b258f3
- firewall-cmd.1: better clarify where to find ACTIONs
7b258f3
- firewall-cmd Bash completion
7b258f3
- firewall-cmd.1: comment --zone=<zone> usage and move some options
7b258f3
- Use zone's target only in %s_ZONES chains
7b258f3
- default zone in firewalld.conf was set to public with every restart (#902845)
7b258f3
- man page cleanup
7b258f3
- code cleanup
7b258f3
241828c
* Thu Mar 07 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-5
d79f3b3
- Another fix for RHBZ#912782
d79f3b3
1fc1c98
* Wed Feb 20 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-4
dd3c207
- Stop default zone rules being applied to all zones (RHBZ#912782)
dd3c207
40d875c
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.12-3
40d875c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
40d875c
045dfa5
* Tue Jan 22 2013 Jiri Popelka <jpopelka@redhat.com> - 0.2.12-2
045dfa5
- Default zone in firewalld.conf was reseted with every restart (RHBZ#902845)
045dfa5
- Add icon cache related scriptlets for firewall-config (RHBZ#902680)
045dfa5
- Fix typo in firewall-config (RHBZ#895812)
c802b43
- Fix few mistakes in firewall-cmd(1) man page
045dfa5
2c00316
* Mon Jan 14 2013 Thomas Woerner <twoerner@redhat.com> 0.2.12-1
2c00316
- firewall-cmd: use -V instead of -v for version info (RHBZ#886477)
2c00316
- firewall-cmd: don't check reload()'s return value (RHBZ#886461)
2c00316
- actually install firewalld.zones.5
2c00316
- firewall-config: treat exceptions when adding new zone/service/icmp
2c00316
  (RHBZ#886602)
2c00316
- firewalld.spec: Fixed requirements of firewall-config to use gtk2 and
2c00316
  pygobject3
2c00316
- Fail gracefully when running in non X environment.(RHBZ#886551)
2c00316
- offline-cmd: fail gracefully when no s-c-f config
2c00316
- fix duplicated iptables rules (RHBZ#886515)
2c00316
- detect errors and duplicates in config file (RHBZ#886581)
2c00316
- firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive
2c00316
- firewalld.spec: fixed requirements, require pygobject3-base
2c00316
- frewall-applet: Unused code cleanup
2c00316
- firewall-applet: several usability fixes and enhancements
2c00316
  (RHBZ#886531) (RHBZ#886534)
2c00316
- firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558)
2c00316
- Moved fallback zone and minimal_mark to firewall.config.__init__
2c00316
- Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again
2c00316
  (RHBZ#886432)
2c00316
- Make default zone default for all unset connections/interfaces
2c00316
  (RHBZ#888288) (RHBZ#882736)
2c00316
- firewall-config: Use Gtk.MessageType.WARNING for warning dialog
2c00316
- firewall-config: Handle unknown services and icmptypes in persistent mode
2c00316
- firewall-config: Do not load settings more than once
2c00316
- firewall-config: UI cleanup and fixes (RHBZ#888242)
2c00316
- firewall-cmd: created alias --change-zone for --change-interface
2c00316
- firewall-cmd man page updates (RHBZ#806511)
2c00316
- Merged branch 'build-cleanups'
2c00316
- dropped call to autogen.sh in build stage, not needed anymore due to 
2c00316
  'build-cleanups' merge
2c00316
6dde4a6
* Thu Dec 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-2
6dde4a6
- require pygobject3-base instead of pygobject3 (no cairo needed) (RHBZ#874378)
6dde4a6
- fixed dependencies of firewall-config to use gtk3 with pygobject3-base and 
6dde4a6
  not pygtk2
6dde4a6
144b73b
* Tue Dec 11 2012 Thomas Woerner <twoerner@redhat.com> 0.2.11-1
144b73b
- Fixed more _xmlplus (PyXML) incompatibilities to python xml
144b73b
- Several man page updates
144b73b
- Fixed error in addForwardPort, removeForwardPort and queryForwardPort
144b73b
- firewall-cmd: use already existing queryForwardPort()
144b73b
- Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394)
144b73b
- firewall-config: Do not force to show labels in the main toolbar
144b73b
- firewall-config: Dropped "Change default zone" from toolbar
144b73b
- firewall-config: Added menu entry to change zones of connections
144b73b
- firewall-applet: Zones can be changed now using nm-connection-editor
144b73b
  (rhbz#876661)
144b73b
- translation updates: cs, hu, ja
144b73b
802d926
* Tue Nov 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.10-1
802d926
- tests/firewalld_config.py: tests for config.service and config.icmptype
802d926
- FirewallClientConfigServiceSettings(): destinations are dict not list
802d926
- service/zone/icmptype: do not write deprecated name attribute
802d926
- New service ntp
802d926
- firewall-config: Fixed name of about dialog
802d926
- configure.in: Fixed getting of error codes
802d926
- Added coding to all pyhton files
802d926
- Fixed copyright years
802d926
- Beautified file headers
802d926
- Force use of pygobject3 in python-slip (RHBZ#874378)
802d926
- Log: firewall.server.config_icmptype, firewall.server.config_service and
802d926
  firewall.server.config_zone: Prepend full path
802d926
- Allow ":" in interface names for interface aliases
802d926
- Add name argument to Updated and Renamed signal
802d926
- Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments
802d926
- firewall-config.glade file cleanup
802d926
- firewall-config: loadDefaults() can throw exception
802d926
- Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services
802d926
  and icmp types
802d926
- New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035)
802d926
- firewall-cmd: Fix typo in help output, allow default zone usage for
802d926
  permanenent options
802d926
- Translation updates: cs, fr, ja, pt_BR and zh_CN
802d926
a6b084e
* Wed Oct 17 2012 Thomas Woerner <twoerner@redhat.com> 0.2.9-1
a6b084e
- firewall-config: some UI usability changes
a6b084e
- firewall-cmd: New option --list-all-zones, output of --list-all changed,
a6b084e
  more option combination checks
a6b084e
- firewall-applet: Replaced NMClient by direct DBUS calls to fix python core
a6b084e
  dumps in case of connection activates/deactivates
a6b084e
- Use fallback 'C' locale if current locale isn't supported (RHBZ#860278)
a6b084e
- Add interfaces to zones again after reload
a6b084e
- firewall-cmd: use FirewallClient().connected value
a6b084e
- firewall-cmd: --remove-interface was not working due to a typo
a6b084e
- Do not use restorecon for new and backup files
a6b084e
- Fixed use of properties REJECT and DROP
a6b084e
- firewalld_test.py: check interfaces after reload
a6b084e
- Translation updates
a6b084e
- Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by
a6b084e
  anaconda for firewall configuration (e.g. kickstart)
a6b084e
- Fix python shebang to use -Es at installation time for bin_SCRIPTS and
a6b084e
  sbin_SCRIPTS and at all times in gtk3_chooserbutton.py
a6b084e
- tests/firewalld_config.py: update test_zones() test case
a6b084e
- Config interface: improve renaming of zones/services/icmp_types
a6b084e
- Move emiting of Added signals closer to source.
a6b084e
- FirewallClient(): config:ServiceAdded signal was wrongly mapped
a6b084e
- Add argument 'name' to Removed signal
a6b084e
- firewall-config: Add callbacks for config:[service|icmp]-[added|removed]
a6b084e
- firewall-config: catch INVALID_X error when removing zone/service/icmp_type
a6b084e
- firewall-config: remove unused code
a6b084e
- Revert "Neutralize _xmlplus instead of conforming it"
a6b084e
- firewall-applet: some UI usability changes
a6b084e
- firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings
a6b084e
7fa1b0e
* Fri Sep  7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.8-1
7fa1b0e
- Do not apply old settings to zones after reload
7fa1b0e
- FirewallClient: Added callback structure for firewalld signals
7fa1b0e
- New firewall-config with full zone, service and icmptype support
7fa1b0e
- Added Shields Up/Down configuration dialog to firewall-applet
7fa1b0e
- Name attribute of main tag deprecated for zones, services and icmptypes,
7fa1b0e
  will be ignored if present
7fa1b0e
- Fixed wrong references in firewalld man page
7fa1b0e
- Unregister DBus interfaces after sending out the Removed signal
7fa1b0e
- Use proper DBus signature in addIcmpType, addService and addZone
7fa1b0e
- New builtin property for config interfaces
7fa1b0e
- New test case for Config interface
7fa1b0e
- spec: use new systemd-rpm macros (rhbz#850110)
7fa1b0e
- More config file verifications
7fa1b0e
- Lots of smaller fixes and enhancements
7fa1b0e
7fa1b0e
* Tue Aug 21 2012 Jiri Popelka <jpopelka@redhat.com> 0.2.7-2
7fa1b0e
- use new systemd-rpm macros (rhbz#850110)
7fa1b0e
a7e552c
* Mon Aug 13 2012 Thomas Woerner <twoerner@redhat.com> 0.2.7-1
a7e552c
- Update of firewall-config
a7e552c
- Some bug fixes
a7e552c
ecdf399
* Tue Aug  7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.6-1
ecdf399
- New D-BUS interface for persistent configuration
ecdf399
- Aded support for persistent zone configuration in firewall-cmd
ecdf399
- New Shields Up feature in firewall-applet
ecdf399
- New requirements for python-decorator and pygobject3
ecdf399
- New firewall-config sub-package
ecdf399
- New firewall-convert-scfw-config config script
ecdf399
dae3b70
* Fri Apr 20 2012 Thomas Woerner <twoerner@redhat.com> 0.2.5-1
dae3b70
- Fixed traceback in firewall-cmd for failed or canceled authorization, 
dae3b70
  return proper error codes, new error codes NOT_RUNNING and NOT_AUTHORIZED
dae3b70
- Enhanced firewalld service file (RHBZ#806868) and (RHBZ#811240)
dae3b70
- Fixed duplicates in zone after reload, enabled timed settings after reload
dae3b70
- Removed conntrack --ctstate INVALID check from default ruleset, because it
dae3b70
  results in ICMP problems (RHBZ#806017).
dae3b70
- Update interfaces in default zone after reload (rhbz#804814)
dae3b70
- New man pages for firewalld(1), firewalld.conf(5), firewalld.icmptype(5),
dae3b70
  firewalld.service(5) and firewalld.zone(5), updated firewall-cmd man page
dae3b70
  (RHBZ#811257)
dae3b70
- Fixed firewall-cmd help output
dae3b70
- Fixed missing icon for firewall-applet (RHBZ#808759)
dae3b70
- Added root user check for firewalld (RHBZ#767654)
dae3b70
- Fixed requirements of firewall-applet sub package (RHBZ#808746)
dae3b70
- Update interfaces in default zone after changing of default zone (RHBZ#804814)
dae3b70
- Start firewalld before NetworkManager (RHBZ#811240)
dae3b70
- Add Type=dbus and BusName to service file (RHBZ#811240)
dae3b70
56e955b
* Fri Mar 16 2012 Thomas Woerner <twoerner@redhat.com> 0.2.4-1
56e955b
- fixed firewalld.conf save exception if no temporary file can be written to 
56e955b
  /etc/firewalld/
56e955b
8c3ae5b
* Thu Mar 15 2012 Thomas Woerner <twoerner@redhat.com> 0.2.3-1
8c3ae5b
- firewall-cmd: several changes and fixes
8c3ae5b
- code cleanup
8c3ae5b
- fixed icmp protocol used for ipv6 (rhbz#801182)
8c3ae5b
- added and fixed some comments
8c3ae5b
- properly restore zone settings, timeout is always set, check for 0
8c3ae5b
- some FirewallError exceptions were actually not raised
8c3ae5b
- do not REJECT in each zone
8c3ae5b
- removeInterface() don't require zone
8c3ae5b
- new tests in firewall-test script
8c3ae5b
- dbus_to_python() was ignoring certain values
8c3ae5b
- added functions for the direct interface: chains, rules, passthrough
8c3ae5b
- fixed inconsistent data after reload
8c3ae5b
- some fixes for the direct interface: priority positions are bound to ipv,
8c3ae5b
  table and chain
8c3ae5b
- added support for direct interface in firewall-cmd:
8c3ae5b
- added isImmutable(zone) to zone D-Bus interface
8c3ae5b
- renamed policy file
8c3ae5b
- enhancements for error messages, enables output for direct.passthrough
8c3ae5b
- added allow_any to firewald policies, using at leas auth_admin for policies
8c3ae5b
- replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by
8c3ae5b
  COMMAND_FAILED, resorted error codes
8c3ae5b
- new firewalld configuration setting CleanupOnExit
8c3ae5b
- enabled polkit again, found a fix for property problem with slip.dbus.service
8c3ae5b
- added dhcpv6-client to 'public' (the default) and to 'internal' zones.
8c3ae5b
- fixed missing settings form zone config files in
8c3ae5b
  "firewall-cmd --list=all --zone=<zone>" call
8c3ae5b
- added list functions for services and icmptypes, added --list=services and
8c3ae5b
  --list=icmptypes to firewall-cmd
8c3ae5b
2b8e74f
* Tue Mar  6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.2-1
2b8e74f
- enabled dhcpv6-client service for zones home and work
2b8e74f
- new dhcpv6-client service
2b8e74f
- firewall-cmd: query mode returns reversed values
2b8e74f
- new zone.changeZone(zone, interface)
2b8e74f
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
2b8e74f
  by files in /etc/firewalld (no overload of immutable zones block, drop,
2b8e74f
  trusted)
2b8e74f
- reset MinimalMark in firewalld.cnf to default value
2b8e74f
- fixed service destination (addresses not used)
2b8e74f
- fix xmlplus to be compatible with the python xml sax parser and python 3
2b8e74f
  by adding __contains__ to xml.sax.xmlreader.AttributesImpl
2b8e74f
- use icon and glib related post, postun and posttrans scriptes for firewall
2b8e74f
- firewall-cmd: fix typo in state
2b8e74f
- firewall-cmd: fix usage()
2b8e74f
- firewall-cmd: fix interface action description in usage()
2b8e74f
- client.py: fix definition of queryInterface()
2b8e74f
- client.py: fix typo in getInterfaces()
2b8e74f
- firewalld.service: do not fork
2b8e74f
- firewall-cmd: fix bug in --list=port and --port action help message
2b8e74f
- firewall-cmd: fix bug in --list=service
2b8e74f
2b8e74f
* Mon Mar  5 2012 Thomas Woerner <twoerner@redhat.com>
2b8e74f
- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded
2b8e74f
  by files in /etc/firewalld (no overload of immutable zones block, drop,
2b8e74f
  trusted)
2b8e74f
50e8c24
* Tue Feb 21 2012 Thomas Woerner <twoerner@redhat.com> 0.2.1-1
50e8c24
- added missing firewall.dbus_utils
50e8c24
1f08039
* Tue Feb  7 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-2
1f08039
- added glib2-devel to build requires, needed for gsettings.m4
1f08039
- added --with-system-unitdir arg to fix installaiton of system file
1f08039
- added glib-compile-schemas calls for postun and posttrans
1f08039
- added EXTRA_DIST file lists
1f08039
b734914
* Mon Feb  6 2012 Thomas Woerner <twoerner@redhat.com> 0.2.0-1
b734914
- version 0.2.0 with new FirewallD1 D-BUS interface
b734914
- supports zones with a default zone
b734914
- new direct interface as a replacement of the partial virt interface with 
b734914
  additional passthrough functionality
b734914
- dropped custom rules, use direct interface instead
b734914
- dropped trusted interface funcionality, use trusted zone instead
b734914
- using zone, service and icmptype configuration files
b734914
- not using any system-config-firewall parts anymore
b734914
066a5d2
* Mon Feb 14 2011 Thomas Woerner <twoerner@redhat.com> 0.1.3-1
066a5d2
- new version 0.1.3
066a5d2
- restore all firewall features for reload: panic and virt rules and chains
066a5d2
- string fixes for firewall-cmd man page (by Jiri Popelka)
066a5d2
- fixed firewall-cmd port list (by Jiri Popelka)
066a5d2
- added firewall dbus client connect check to firewall-cmd (by Jiri Popelka)
066a5d2
- translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta,
066a5d2
                       uk, zh_CN
066a5d2
73638b8
* Mon Jan  3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.2-1
73638b8
- fixed package according to package review (rhbz#665395):
73638b8
  - non executable scripts: dropped shebang
73638b8
  - using newer GPL license file
73638b8
  - made /etc/dbus-1/system.d/FirewallD.conf config(noreplace)
73638b8
  - added requires(post) and (pre) for chkconfig
73638b8
73638b8
* Mon Jan  3 2011 Thomas Woerner <twoerner@redhat.com> 0.1.1-1
73638b8
- new version 0.1.1
73638b8
- fixed source path in POTFILES*
73638b8
- added missing firewall_config.py.in
73638b8
- added misssing space for spec_ver line
73638b8
- using firewall_config.VARLOGFILE
73638b8
- added date to logging output
73638b8
- also log fatal and error logs to stderr and firewall_config.VARLOGFILE
73638b8
- make log message for active_firewalld fatal
73638b8
73638b8
* Mon Dec 20 2010 Thomas Woerner <twoerner@redhat.com> 0.1-1
73638b8
- initial package (proof of concept implementation)