#3 please use firewalld
Merged 3 months ago by bevhost. Opened 3 months ago by bevhost.

file removed
-6

@@ -1,6 +0,0 @@ 

- system-config-firewall-1.2.21.tar.bz2

- system-config-firewall-1.2.23.tar.bz2

- system-config-firewall-1.2.25.tar.bz2

- system-config-firewall-1.2.27.tar.bz2

- /system-config-firewall-1.2.28.tar.bz2

- /system-config-firewall-1.2.29.tar.bz2

file added
+1

@@ -0,0 +1,1 @@ 

+ please use firewalld

file removed
-1

@@ -1,1 +0,0 @@ 

- c4c9957218e95dad08fb307bf66fb60c  system-config-firewall-1.2.29.tar.bz2

@@ -1,48 +0,0 @@ 

- diff -up system-config-firewall-1.2.27/src/fw_dbus.py.rhbz#717985 system-config-firewall-1.2.27/src/fw_dbus.py

- --- system-config-firewall-1.2.27/src/fw_dbus.py.rhbz#717985	2010-08-10 12:37:57.000000000 +0200

- +++ system-config-firewall-1.2.27/src/fw_dbus.py	2011-07-08 11:20:37.579654226 +0200

- @@ -23,7 +23,7 @@ import dbus.service

-  import dbus.mainloop.glib

-  import slip.dbus

-  import slip.dbus.service

- -import pickle

- +import json

-  

-  import fw_sysconfig

-  import fw_lokkit

- @@ -53,7 +53,7 @@ class DBusProxy(object):

-      def read(self):

-          rep = self.dbus_obj.read(dbus_interface=DBUS_DOMAIN)

-          try:

- -            args = pickle.loads(rep.encode('utf-8'))

- +            args = json.loads(rep.encode('utf-8'))

-          except:

-              return None

-          return args

- @@ -61,7 +61,7 @@ class DBusProxy(object):

-      @slip.dbus.polkit.enable_proxy

-      def write(self, args):

-          try:

- -            rep = pickle.dumps(args)

- +            rep = json.dumps(args)

-          except:

-              return -1

-          return self.dbus_obj.write(rep.encode('utf-8'),

- @@ -91,7 +91,7 @@ class DBusService(slip.dbus.service.Obje

-      def read(self):

-          args = fw_sysconfig.read_sysconfig_args()

-          try:

- -            rep = pickle.dumps(args)

- +            rep = json.dumps(args)

-          except:

-              return None

-          return rep.encode('utf-8')    

- @@ -102,7 +102,7 @@ class DBusService(slip.dbus.service.Obje

-      @dbus.service.method(DBUS_DOMAIN, in_signature='s', out_signature='i')

-      def write(self, rep):

-          try:

- -            args = pickle.loads(rep.encode('utf-8'))

- +            args = json.loads(rep.encode('utf-8'))

-          except:

-              return -1

-  

@@ -1,13 +0,0 @@ 

- diff -up system-config-firewall-1.2.29/src/fw_iptables.py.ipv6-dhcp system-config-firewall-1.2.29/src/fw_iptables.py

- --- system-config-firewall-1.2.29/src/fw_iptables.py.ipv6-dhcp	2012-04-20 18:44:49.788614086 +0200

- +++ system-config-firewall-1.2.29/src/fw_iptables.py	2012-04-23 23:14:31.745233715 +0200

- @@ -368,6 +368,9 @@ class iptablesClass:

-          self._icmp(conf, fd, "INPUT", reject_type)

-          # trust lo

-          fd.write("-A INPUT -i lo -j ACCEPT\n")

- +        # Always allow ipv6-dhcp

- +        if self.type == "ipv6":

- +            fd.write("-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT\n")

-          # trusted interfaces

-          if conf.trust:

-              for dev in conf.trust:

@@ -1,21 +0,0 @@ 

- diff -up system-config-firewall-1.2.29/src/fw_services.py.rhbz#758826 system-config-firewall-1.2.29/src/fw_services.py

- --- system-config-firewall-1.2.29/src/fw_services.py.rhbz#758826	2011-01-04 17:15:26.000000000 +0100

- +++ system-config-firewall-1.2.29/src/fw_services.py	2013-11-26 17:19:57.334530177 +0100

- @@ -205,6 +205,17 @@ service_list = [

-                 "machine management with TLS encryption, x509 certificates "

-                 "and optional SASL authentication. The libvirtd service is "

-                 "needed for this option to be useful.")),

- +

- +    _Service("msa", _("Mail Submission Agent"), [ ("587", "tcp"), ],

- +             _("This option allows a mail user agent to submit mails to the "

- +               "MSA for further delivery. The use of an MSA is in common more "

- +               "secure, because a MUA need to be authorized and authenticated "

- +               "to use the mail submission service.")),

- +

- +    _Service("ntp", _("Network Time Protocol"), [ ("123", "udp"), ],

- +             _("The Network Time Protocol is used to synchronize hardware "

- +               "clocks to one or more high-precision reference clocks (GPS, "

- +               "WWVB, atomic, etc).")),

-      ]

-  

-  def getByKey(key):

@@ -1,60 +0,0 @@ 

- diff --git a/src/convert-config b/src/convert-config

- index fb804cf..605300a 100755

- --- a/src/convert-config

- +++ b/src/convert-config

- @@ -1,4 +1,4 @@

- -#!/usr/bin/python

- +#!/usr/bin/python2

-  #

-  # Copyright (C) 2007, 2008 Red Hat, Inc.

-  # Authors:

- diff --git a/src/gtk_chooserbutton.py b/src/gtk_chooserbutton.py

- index db7d220..30ee020 100755

- --- a/src/gtk_chooserbutton.py

- +++ b/src/gtk_chooserbutton.py

- @@ -1,4 +1,4 @@

- -#!/usr/bin/python

- +#!/usr/bin/python2

-  #

-  # Copyright (C) 2008 Red Hat, Inc.

-  # Authors:

- diff --git a/src/lokkit b/src/lokkit

- index 5b00f6c..3b0c4c3 100755

- --- a/src/lokkit

- +++ b/src/lokkit

- @@ -1,4 +1,4 @@

- -#!/usr/bin/python

- +#!/usr/bin/python2

-  #

-  # Copyright (C) 2007, 2008 Red Hat, Inc.

-  # Authors:

- diff --git a/src/system-config-firewall b/src/system-config-firewall

- index 08be995..60dc6db 100755

- --- a/src/system-config-firewall

- +++ b/src/system-config-firewall

- @@ -1,4 +1,4 @@

- -#!/usr/bin/python

- +#!/usr/bin/python2

-  #

-  # Copyright (C) 2007 Red Hat, Inc.

-  # Authors:

- diff --git a/src/system-config-firewall-mechanism.py b/src/system-config-firewall-mechanism.py

- index e891821..dedfa67 100755

- --- a/src/system-config-firewall-mechanism.py

- +++ b/src/system-config-firewall-mechanism.py

- @@ -1,4 +1,4 @@

- -#!/usr/bin/python

- +#!/usr/bin/python2

-  #

-  # Copyright (C) 2007, 2008 Red Hat, Inc.

-  # Authors:

- diff --git a/src/system-config-firewall-tui b/src/system-config-firewall-tui

- index be2f27a..25b6517 100755

- --- a/src/system-config-firewall-tui

- +++ b/src/system-config-firewall-tui

- @@ -1,4 +1,4 @@

- -#!/usr/bin/python

- +#!/usr/bin/python2

-  #

-  # Copyright (C) 2008 Red Hat, Inc.

-  # Authors:

@@ -1,712 +0,0 @@ 

- # This package depends on automagic byte compilation

- # https://fedoraproject.org/wiki/Changes/No_more_automagic_Python_bytecompilation_phase_2

- %global _python_bytecompile_extra 1

- 

- %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6

-   %bcond_with usermode

-   %bcond_with polkit0

-   %bcond_without polkit1

- %else

-   %if 0%{?fedora} >= 10

-     %bcond_with usermode

-     %bcond_without polkit0

-   %else

-     %bcond_without usermode

-     %bcond_with polkit0

-   %endif

-   %bcond_with polkit1

- %endif

- 

- Summary: A graphical interface for basic firewall setup

- Name: system-config-firewall

- Version: 1.2.29

- Release: 24%{?dist}

- URL: http://fedorahosted.org/system-config-firewall

- License: GPLv2+

- ExclusiveOS: Linux

- BuildArch: noarch

- Source0: https://fedorahosted.org/released/system-config-firewall/%{name}-%{version}.tar.bz2

- # replace pickle by json (CVE-2011-2520):

- Patch0: system-config-firewall-1.2.27-rhbz#717985.patch

- # always allow ipv6-dhcp

- Patch1: system-config-firewall-1.2.29-ipv6-dhcp.patch

- # msa and ntp services

- Patch2: system-config-firewall-1.2.29-rhbz#758826.patch

- # ambiguous python shebangs error

- Patch3: system-config-firewall-1.2.29-shebang.patch

- BuildRequires: desktop-file-utils

- BuildRequires: gettext

- BuildRequires: intltool

- BuildRequires: python3

- Obsoletes: system-config-securitylevel

- Provides: system-config-securitylevel = 1.7.0

- Requires: system-config-firewall-base = %{version}-%{release}

- Requires: system-config-firewall-tui = %{version}-%{release}

- Requires: hicolor-icon-theme

- Requires: pygtk2

- Requires: pygtk2-libglade

- Requires: gtk2 >= 2.6

- Requires: python2-dbus

- %if %{with usermode}

- Requires: usermode-gtk >= 1.94

- %endif

- %if %{with polkit0}

- Requires: python2-slip-dbus >= 0.1.15

- %endif

- %if %{with polkit1}

- Requires: python2-slip-dbus >= 0.2.7

- %endif

- 

- %description

- system-config-firewall is a graphical user interface for basic firewall setup.

- 

- %package base

- Summary: system-config-firewall base components and command line tool

- Obsoletes: lokkit

- Provides: lokkit = 1.7.0

- Requires: python2

- Requires: iptables >= 1.4.16.2-4

- Requires: libselinux-utils >= 1.19.1

- 

- %description base

- Base components of system-config-firewall with lokkit, the command line tool 

- for basic firewall setup.

- 

- %package tui

- Summary: A text interface for basic firewall setup

- Obsoletes: system-config-securitylevel-tui

- Provides: system-config-securitylevel-tui = 1.7.0

- Requires: system-config-firewall-base = %{version}-%{release}

- #Requires: system-config-network-tui

- Requires: python2-newt

- 

- %description tui

- system-config-firewall-tui is a text user interface for basic firewall setup.

- 

- %prep

- %setup -q

- %patch0 -p1 -b .rhbz#717985

- %patch1 -p1 -b .ipv6-dhcp

- %patch2 -p1 -b .rhbz#758826

- %patch3 -p1

- 

- %build

- intltoolize --force

- autoreconf --force -v --install --symlink

- %configure %{?with_usermode: --enable-usermode} \

- 	   %{?with_polkit0: --enable-policykit0} \

- 	   %{!?with_polkit1: --disable-policykit1}

- 

- %install

- rm -rf %{buildroot}

- 

- make install DESTDIR=%{buildroot}

- 

- desktop-file-install --vendor system --delete-original \

- 	--dir %{buildroot}%{_datadir}/applications \

- 	%{buildroot}%{_datadir}/applications/system-config-firewall.desktop

- 

- %find_lang %{name} --all-name

- 

- %post

- if [ $1 -eq 2 ]; then

-    # kill the D-BUS mechanism on update

-    killall -TERM system-config-firewall-mechanism.py >&/dev/null || :

- fi

- 

- %triggerpostun -- %{name} < 1.1.0

- %{_datadir}/system-config-firewall/convert-config

- 

- %triggerpostun -- system-config-securitylevel

- %{_datadir}/system-config-firewall/convert-config

- 

- %files

- %{_bindir}/system-config-firewall

- %if %{with usermode}

- %{_datadir}/system-config-firewall/system-config-firewall

- %endif

- %defattr(0644,root,root)

- %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Config.Firewall.conf

- %{_datadir}/dbus-1/system-services/org.fedoraproject.Config.Firewall.service

- %if %{with polkit0}

- %{_datadir}/PolicyKit/policy/org.fedoraproject.config.firewall.0.policy

- %endif

- %if %{with polkit1}

- %{_datadir}/polkit-1/actions/org.fedoraproject.config.firewall.policy

- %endif

- %{_datadir}/system-config-firewall/fw_gui.*

- %{_datadir}/system-config-firewall/fw_dbus.*

- %{_datadir}/system-config-firewall/fw_nm.*

- %{_datadir}/system-config-firewall/gtk_*

- #%{_datadir}/system-config-firewall/__pycache__/fw_dbus.*

- #%{_datadir}/system-config-firewall/__pycache__/fw_nm.*

- #%{_datadir}/system-config-firewall/__pycache__/gtk_*

- %{_datadir}/system-config-firewall/*.glade

- %attr(0755,root,root) %{_datadir}/system-config-firewall/system-config-firewall-mechanism.*

- %{_datadir}/applications/system-config-firewall.desktop

- %{_datadir}/icons/hicolor/*/apps/preferences-system-firewall*.*

- %if %{with usermode}

- %config /etc/security/console.apps/system-config-firewall

- %config /etc/pam.d/system-config-firewall

- %endif

- 

- %files base -f %{name}.lang

- %doc COPYING

- %{_sbindir}/lokkit

- %attr(0755,root,root) %{_datadir}/system-config-firewall/convert-config

- %dir %{_datadir}/system-config-firewall

- #%dir %{_datadir}/system-config-firewall/__pycache__

- %defattr(0644,root,root)

- %{_datadir}/system-config-firewall/etc_services.*

- %{_datadir}/system-config-firewall/fw_compat.*

- %{_datadir}/system-config-firewall/fw_config.*

- %{_datadir}/system-config-firewall/fw_firewalld.*

- %{_datadir}/system-config-firewall/fw_functions.*

- %{_datadir}/system-config-firewall/fw_icmp.*

- %{_datadir}/system-config-firewall/fw_iptables.*

- %{_datadir}/system-config-firewall/fw_lokkit.*

- %{_datadir}/system-config-firewall/fw_parser.*

- %{_datadir}/system-config-firewall/fw_selinux.*

- %{_datadir}/system-config-firewall/fw_services.*

- %{_datadir}/system-config-firewall/fw_sysconfig.*

- %{_datadir}/system-config-firewall/fw_sysctl.*

- #%{_datadir}/system-config-firewall/__pycache__/fw_config.*

- #%{_datadir}/system-config-firewall/__pycache__/fw_functions.*

- #%{_datadir}/system-config-firewall/__pycache__/fw_icmp.*

- #%{_datadir}/system-config-firewall/__pycache__/fw_selinux.*

- #%{_datadir}/system-config-firewall/__pycache__/fw_services.*

- %ghost %config(missingok,noreplace) /etc/sysconfig/system-config-firewall

- 

- %files tui

- %{_bindir}/system-config-firewall-tui

- %{_datadir}/system-config-firewall/fw_tui.*

- 

- %changelog

- * Mon Jun 17 2019 David Beveridge <dave@bevhost.com> - 1.2.29-24

- - Added Shebang Patch (change /usr/bin/python to python2)

- - remove all __pycache__

- 

- * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-23

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

- 

- * Tue Nov 27 2018 Frediano Ziglio <fziglio@redhat.com> - 1.2.29-22

- - Fix https://bugzilla.redhat.com/show_bug.cgi?id=1536815 (bad macro substitution)

- 

- * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-21

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

- 

- * Fri Mar 23 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.2.29-20

- - Update Python 2 dependency declarations to new packaging standards

-   (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)

- 

- * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-19

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

- 

- * Thu Jan 18 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.2.29-18

- - Remove obsolete scriptlets

- 

- * Tue Aug 08 2017 Than Ngo <than@redhat.com> - 1.2.29-17

- - Buildrequires python3

- 

- * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-16

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

- 

- * Fri Feb 10 2017 Thomas Woerner <twoerner@redhat.com> - 1.2.29-15

- - Do not require iptables-ipv6, but iptables >= 1.4.16.2-4

- - Fix build for F-26: autoreconf, add __pycache__ for some files

- 

- * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-14

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

- 

- * Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-13

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

- 

- * Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-12

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

- 

- * Tue Nov 26 2013 Thomas Woerner <twoerner@redhat.com> 1.2.29-11

- - Added msa and ntp services (RHBZ#758826)

-   Thanks to Philip Prindeville

- 

- * Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-10

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

- 

- * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-9

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

- 

- * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-8

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

- 

- * Mon Apr 23 2012 Thomas Woerner <twoerner@redhat.com> 1.2.29-7

- - only write ipv6-dhcp for ipv6 (rhbz#815555)

-  

- * Fri Apr 20 2012 Thomas Woerner <twoerner@redhat.com> 1.2.29-6

- - Always allow ipv6-dhcp

- 

- * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-5

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

- 

- * Fri Jul 22 2011 Thomas Woerner <twoerner@redhat.com> 1.2.29-4

- - fixed possible privilege escalation flaw via use of python pickle

-   (CVE-2011-2520), replaced pickle by json (rhbz#717985) and (rhbz#722991)

- - stop D-BUS firewall mechanism on update

- 

- * Sat May 07 2011 Christopher Aillon <caillon@redhat.com> - 1.2.29-3

- - Update icon cache scriptlet

- 

- * Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-2

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

- 

- * Tue Jan  4 2011 Thomas Woerner <twoerner@redhat.com> 1.2.29-1

- - fixed firewalld check for lokkit (rhbz#667128)

- - translation updates: bn_IN, gu, ja, nl, pl, uk

- 

- * Tue Dec 21 2010 Thomas Woerner <twoerner@redhat.com> 1.2.28-1

- - added firewalld check to prevent usage of s-c-fw if firewalld is running

- - fixed gtk_label_autowrap not to change alignments

- - fixed port of libvirt-tls (rhbz#565625)

- - fixed requirement for newt-python (was newt before)

- - return -2 for ports > 65535 in fw_functions.getPortID for better port error

-   reporting

- - hide dialogs before going on (rhbz#643966)

- - updated translations: ca, de, he, hi, ja, nb, pa, pt, sk, sv, ta, uk, zh_TW

- 

- * Tue Aug 10 2010 Thomas Woerner <twoerner@redhat.com> 1.2.27-1

- - updated translations: bn_IN, de, fi, fr, gu, hi, it, ja, kn, ko, ml, mr, or,

-                         pt_BR, ru, ta, te, zh_CN, zh_TW

- 

- * Tue Jun 29 2010 Thomas Woerner <twoerner@redhat.com> 1.2.26-1

- - added libvirt services (rhbz#565625)

- - added Bakula service (rhbz#588377)

- - fixed DBUS mechanism to report complete syslog message (rhbz#604623)

- - fixed crash because of missing /etc/services file (rhbz#604726)

- - updated translations: ar, as, bn_IN, da, de, es, fi, fr, gu, he, hi, is, it,

-                         ja, kn, ko, ml, mr, nl, or, pa, pl, pt, ru, ta, te, 

-                         zh_CN

- 

- * Mon Apr 26 2010 Thomas Woerner <twoerner@redhat.com> 1.2.25-1

- - fixed lokkit: do not create or alter firewall in selinux only mode

-   (rhbz#583986)

- - use new icons (rhbz#583715)

- - fixed treeviewtooltips to not show the tooltip if an overlapping window has

-   the focus

- - updated translations: bn_IN, de, es, gu, it, kn, ml, mr, nl, or, pa, pl, pt,

-                         pt_BR, ru, sk, sr, sr@latin, te

- 

- * Tue Mar 23 2010 Thomas Woerner <twoerner@redhat.com> 1.2.24-1

- - DBUS-mechanism: report errors to syslog and print traceback (rhbz#563354)

- - fixed minor misspellings (rhbz#566468)

- - msgmerged po files

- - added missing default values for ip*tables-config content (rhbz#566869)

- - autofoo utils update

- - fixed max length of user defined interface name in interfaceDialog

- - added missing range check to port_entry_changed_cb

- - fixed sensitiveness of protocol label in portDialog

- - fixed misuse of MARK extension in nat table, now in mangle table

- - port forwarding dialog usability fixes (rhbz#507638)

- - use new fw_functions.checkInterface function in tui and gui

- - new function to check interface names in fw_functions

- - use new checkInterface function in parser for trust, masq and forward-port

- - add wlan standard device

- - fixed build (fw_nm.py not packaged)

- - updated translations: bn_IN, cs, da, de, el, en_GB, es, fi, fr, hu, is, it,

-                         ja, nb, nl, or, pl, pt, pt_BR, ru, sr, sr@latin, sv,

-                         te, uk

- 

- * Thu Feb 25 2010 Thomas Woerner <twoerner@redhat.com> 1.2.23-2

- - fixed missing execution bits for convert-config according to review

- 

- * Mon Jan 18 2010 Thomas Woerner <twoerner@redhat.com> 1.2.23-1

- - fixed build (fw_nm.py not packaged)

- - dropped dbus requirement for tui version

- 

- * Fri Jan 15 2010 Thomas Woerner <twoerner@redhat.com> 1.2.22-1

- - using NetworkManager DBUS interface to replace NCDeviceList from

-   system-config-network

- - not opening orig port for local port forwarding, only new port is open

- - added isakmp support for IPsec (rhbz#504446)

- - added amanda client support (rhbz#541679)

- - fixed requirement for setenforce: libselinux-utils instead of libselinux

- - removed unused import socket

- - added download url to Source tag in spec file

- - fixed wrong license header in src/fw_tui.py (LGPL instead of GPL)

- - update cluster-suite service: disable rgmanager and cssd

- - removed separator at the end of the Options menu (rhbz#531635)

- - removed 2049/udp from NFS4 service (rhbz#532491)

- 

- * Thu Oct  8 2009 Thomas Woerner <twoerner@redhat.com> 1.2.21-1

- - fixed Policykit v0 compatibility for Fedora version 10 and 11: python-slip

-   for PolicyKit v0 does not provide dbus

- - updated translations: bn_IN, uk, zh_CN

- 

- * Tue Sep 29 2009 Thomas Woerner <twoerner@redhat.com> 1.2.20-1

- - new sub-package base containing the base components and the command line tool

-   (rhbz#525153)

- 

- * Tue Sep 29 2009 Thomas Woerner <twoerner@redhat.com> 1.2.19-1

- - enhanced build environment to support usermode and policykit switches, new

-   options for configure and spec file

- - make toplevel invisible to not show half initialized window while policykit

-   dialog is shown

- - system-config-firewall.desktop.in moved to config subdir

- - disable dbus usage if gui is used as root (needed for policykit v0)

- - do not report dbus error if there is no firewall configuration (empty or

-   missing /etc/sysconfig/system-config-firewall)

- - resize main window to comfortably fit in a 800x600 gnome desktop

- - moved all config files into config subdir: sysconfig, dekstop, pam and console

- - new infrastructure to enable policy translations

- - print exception if polkit authorization failes to console

- - show dbus error dialog if dbus conection can not be established

- - set title to APP_NAME for dialogs if there is no title

- - center dialogs on screen if there is no parent

- - make main app invisible at first to prevent to show an empty app while

-   PolicyKit password dialog is visible

- - updated translations: as, bn_IN, ca, da, de, ca, cs, es, fi, fr, gu, hi, it,

-                         ja, kn, ko, ml, mr, nl, or, pa, pl, pt, pt_BR, ru, sk,

-                         sr, sr@latin, sv, ta, te, uk, zh_TW

- 

- * Fri Sep 11 2009 Thomas Woerner <twoerner@redhat.com> 1.2.18-1

- - added support for PolicyKit

- - removed unused inconsistent flag from CellRendererToggle in serviceView (rhbz#521144)

- - made "Port/Protocol" cell resizable in "Trusted Services"-view

- - fixed hidden one line label after resize caused by fix for bgo#315462

- - fixed startup busy loops if assistive technologies is enabled (rhbz#515048)

-   by moving set_model after adding the columns to a TreeView

- - fixed tui to create valid empty self.config object (rhbz#518210)

- - failing to load the icon in fw_gui.setupScreen should not be fatal

-   (rhbz#508186)

- - made description column in settings dialog resizable

- - removed rhpl usage (rhbz#508991)

- - fixed not reappearing TreeViewTooltips if mouse moved in the tooltip popup

- - hide TreeViewTooltips while scrolling

- - code cleanup

- - sort ports in fw_services by protocol, id

- - updated translations: as, bn_IN, ca, da, de, es, fi, fr, gu, hi, kn, hu, it, 

-                         ja, ko, ml, mr, nl, or, pa, pl, pt, pt_BR, ru, sk, sr,

- 			sr@latin, ta, te, uk, zh_CN, zh_TW

- 

- * Mon Jul 27 2009 Thomas Woerner <twoerner@redhat.com> 1.2.17-1

- - Added Red Hat Cluster Suite to trusted services (rhbz#493668)

- - Fixed wrong patch for system-config-firewall-tui (rhbz#461046)

- - Fixed sysctl parser to also support ';' for comments

- - Fixed port range check for service names containing '-'

- - New column in serviceView for conntrack helper, removed from tooltip

- - New column in icmpView for protocol types, removed from tooltip

- - Added TFTP and TFTP client support (rhbz#494417)

- - Fixed sensitiveness of OK button in portDialog if editing an Port

-   (rhbz#500380)

- - Added missing tooltips for buttons in mainNotebook tabs. (rhbz#493872)

- - updated po files

- 

- * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.16-3

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

- 

- * Mon Apr 13 2009 Thomas Woerner <twoerner@redhat.com> 1.2.16-2

- - release bump

- 

- * Mon Apr 13 2009 Thomas Woerner <twoerner@redhat.com> 1.2.16-1

- - fixed build system to update desktop file from desktop.in

-   fixes icon reference in desktop file (rhbz#493674)

- - updated translations: fr

- 

- * Mon Apr 13 2009 Thomas Woerner <twoerner@redhat.com> 1.2.15-1

- - fixed icon reference in desktop file (rhbz#493674)

- - fixed po/POTFILES.in

- - updated translations: as, bn_IN, el, fi, gu, hi, hu, it, kn, ko, mai, ml, mr, or, pa, pt, ru, sk, sv, ta, te, zh_TW

- 

- * Fri Mar 27 2009 Thomas Woerner <twoerner@redhat.com> 1.2.14-1

- - new build environment using configure, autofoo and intltool

- - fixed typo in router-solicitation description (rhbz#490979)

- - new themable application icon: preferences-system-firewall (rhbz#454402)

- - make backup copies before overwriting files (rhbz#437374)

- - updated translations: 

- 

- * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.13-4

- - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

- 

- * Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.13-3

- - Rebuild for Python 2.6

- 

- * Tue Oct 28 2008 Thomas Woerner <twoerner@redhat.com> 1.2.13-2

- - fixed system-config-firewall-tui path (rhbz#457485)

- 

- * Tue Oct 28 2008 Thomas Woerner <twoerner@redhat.com> 1.2.13-1

- - fixed two typos in fw_icmp (rhbz#467334)

- - added ability to sort custom rules files (rhbz#467696)

- - fixed modified test in sysctl writer: fixes rhbz#462325

-   also removed quotes around values for new keys

- - some build fixes

- - updated translations for: as, de, fi, fr, he, hi, ko, hu, it, ja, ko, ml,

-                             pl, pt_BR, ru, sk, sr, sr@latin, sv, ta, te, 

-                             zh_CN, zh_TW

- 

- * Tue Oct 21 2008 Thomas Woerner <twoerner@redhat.com> 1.2.12-2

- - require usermode-gtk instead of usermode

- 

- * Tue Oct  7 2008 Thomas Woerner <twoerner@redhat.com> 1.2.12-1

- - only provide lang files in tui sub-package (rhbz#465572)

- - updated translations for: as, bn_IN, ca, cs, es, fr, gu, it, ja, kn, mr, nl,

-                             pa, or, pl, pt_BR, sk, zh_CN, zh_TW

- 

- * Fri Sep 19 2008 Thomas Woerner <twoerner@redhat.com> 1.2.11-1

- - use dialogs for parser errors in tui (rhbz#457485)

- - enable to add protocol specific (IPv4, IPv6) icmp types for ICMP filtering

- - updated translations for he, ja, ko and zh_CN

- 

- * Tue Jul  8 2008 Thomas Woerner <twoerner@redhat.com> 1.2.10-1

- - lokkit: fixed path for system-config-firewall-tui (rhbz#454108)

- - updated translations for: it, fr, nl, ru, sr, sr@latin

- 

- * Wed Jun 11 2008 Thomas Woerner <twoerner@redhat.com> 1.2.9-1

- - fixed format string to silence inttool

- - new remider to check if the ip*tables services are enabled

- - use proper dialog functions in the tui

- - updated translations: cs, de, es, gu, pl

- 

- * Fri May 23 2008 Thomas Woerner <twoerner@redhat.com> 1.2.8-1

- - new tui interface

- - new system-config-firewall-tui

- - new client services for ipp and samba

- - lokkit: fixed disabling of firewall in force mode (rhbz#443411)

- - disabled port forwarding for IPv6

- - some minor fixes and enhancements

- 

- * Thu Apr  3 2008 Thomas Woerner <twoerner@redhat.com> 1.2.7-1

- - fixed crash if encoding is not UTF-8 (rhbz#439902)

- - updated translations: bn_IN, cs, de, es, fi, fr, gu, hi, it, kn, ko, ml,

-                         mr, pa, pl, pt_BR, ru, sr, sr@latin, ta, te, zh_CN

- 

- * Tue Mar  4 2008 Thomas Woerner <twoerner@redhat.com> 1.2.6-1

- - new ICMP filter to block specified ICMP types

- - fixed minor problem in lokkit (initialize old_config)

- - set starting diretory for custom rules files to /etc/sysconfig

- - more build environment changes for git

- - use gtk.CellRendererToggle instead of own CellRendererCheck

- - several parser changes for transparent error handling and output

- - some minor enhancements

- - translation updates

- 

- * Wed Feb 20 2008 Thomas Woerner <twoerner@redhat.com> 1.2.5-1

- - dropped system-config-securitylevel compatibility files

- - project moved to git.fedoraproject.org

- 

- * Thu Feb 14 2008 Thomas Woerner <twoerner@redhat.com> 1.2.4-1

- - fixed overwrite problem if IPTABLES_SAVE_ON_RESTART is set (rhbz#431961)

- - use SELECTION_NONE for trustedView 

- 

- * Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.2.3-2

- - fixed usermode version (rhbz#428392)

- 

- * Fri Feb  8 2008 Thomas Woerner <twoerner@redhat.com> 1.2.3-1

- - fixed traceback for empty configuration use in life installer (rhbz#430963)

- - use config-util for userhelper configuration (rhbz#428392)

- - mark dirty after applying new default configuration

- - do not overwrite attributes filename and converted in config

- - use new shared ChooserButton

- - fixed forward dialog and labels to use current dialog width

- - use tempfile.mkdtemp for better security

- - updated translations: fi, fr, it, ja, nl, pt_BR, sr and sr@latin

- 

- * Fri Feb  1 2008 Thomas Woerner <twoerner@redhat.com> 1.2.2-1

- - fixed icmp handling for ip6tables in FORWARD chain

- - do state established, related test early in FORWARD chain

- - fixed typo in address for port-forwarding

- - added IPv4 only message to masquerading and port-forwarding for lokkit

- - updated translations: es, pl

- 

- * Thu Jan 31 2008 Thomas Woerner <twoerner@redhat.com> 1.2.1-1

- - fixed traceback for clean selinux configuration (rhbz#430963)

- - fixed icmp handling for ip6tables

- - updated translations: as, de, it, ja, pl, pt_BR, zh_CN

- 

- * Fri Jan 25 2008 Thomas Woerner <twoerner@redhat.com> 1.2.0-1

- - added port forwarding

- - using INPUT chain in table filter instead of RH-Firewall-1-INPUT

- - fixed masquerading

- - rewrite of firewall generation code

- - trusted hosts now also allowed for FORWARD

- - lots of bug fixes

- - gui enhancements

- 

- * Wed Jan 16 2008 Thomas Woerner <twoerner@redhat.com> 1.1.3-2

- - added fw_compat files to files section

- 

- * Tue Jan 15 2008 Thomas Woerner <twoerner@redhat.com> 1.1.3-1

- - new fw_compat, used in config-convert and fw_sysconfig to automatically 

-   convert old system-config-securitylevel configurations

- - new wizard look

- - fixed range check for user defined ports

- - some code cleanup

- - updated translations for fi, fr and ja

- 

- * Mon Jan  7 2008 Thomas Woerner <twoerner@redhat.com> 1.1.2-1

- - fw_gui: fixed row activation for masquerading

- - fw_gui: fixed _setInterfaces to use internal functions to correctly set

-   toggles

- - fw_gui: show info dialog if no config exists and firewall gets enabled: new

-   function enableFirewall

- - fw_gui, fw_tui: disable firewall if no config exists

- - fw_gui, fw_tui: do not print traceback if NCDeviceList.getDeviceList raises

-   and exception

- - forward masqueraded connections

- - gtk_cellrenderercheck: fixed size calculations

- - fw_sysconfig: set config.filename to None for merged configuration in

-   read_sysconfig_config if no configuration exists

- - new translations

- 

- * Fri Dec 21 2007 Thomas Woerner <twoerner@redhat.com> 1.1.1-1

- - use radio buttons for skill menu entries to show active level

- - fixed convert-config problem if there is no configuration to convert

-   (rhbz#426477)

- - minor string changes

- - new it and pt_BR translations

- 

- * Thu Dec 20 2007 Thomas Woerner <twoerner@redhat.com> 1.1.0-1

- - new default configurations: server, desktop

- - cleanup of wizard: dropped network connection tab

- - new option in wizard to keep configuration or load a default configuration

- - new menu entry and dialog to configure iptables and ip6tables service settings

- - some enhancements to the gtk_cellrenderercheck for better look and feel

- 

- * Fri Dec 14 2007 Thomas Woerner <twoerner@redhat.com> 1.1.0-0

- - ports are ports and services are services: there is a new service tag to

-   enable services; a port is not enabling a service anymore

- - new conversion tool for 1.0.X to 1.1.X configuration

- - new version option for lokkit

- - wizard

-   - dropped network connection selection tab

-   - using keep configuration check instead of clear configuration check

-   - added default configuration selection

- - gui: new menu for skill level and load default configuration

- - use choices in optparse, removed obsolete check functions

- 

- * Thu Dec 13 2007 Thomas Woerner <twoerner@redhat.com> 1.0.12-2

- - fixed lokkit command problem for non english languages

- - using latest translations

- 

- * Mon Dec 10 2007 Thomas Woerner <twoerner@redhat.com> 1.0.12-1

- - allow to activate checkboxes by row activation in treeviews

- - code cleanup in view_toggle_cb

- - fixed port display for IPSec

- - use system icons where possible, new wizard icons

- - added fallback for CellRendererCheck if icons are missing, size fixes

- - added tooltips for toolbar and menu entries (if needed)

- - improved more english texts (rhbz#395801)

-   thanks to Paul W. Frields for the initial patch

- 

- * Wed Nov 21 2007 Thomas Woerner <twoerner@redhat.com> 1.0.11-1

- - fixed crash on startup for network device aliases (rhbz#384891)

-   thanks to Loran Freval for the patch

- - added port entry max length in other ports dialog (rhbz#385931)

- - added version number to about dialog (rhbz#387891)

- - improved some english texts (rhbz#383741)

-   thanks to Paul W. Frields for the initial patch

- - code cleanup with start speedup

- - do not allow to add custm rules for ipv6:nat

- - also translate parser error messages

- 

- * Fri Nov  9 2007 Thomas Woerner <twoerner@redhat.com> 1.0.10-1

- - fixed problem with network devices (rhbz#331671)

- - dropped obsolete translation no.po (rhbz#332331)

- 

- * Mon Nov  5 2007 Thomas Woerner <twoerner@redhat.com> 1.0.9-1

- - do not report configuration failed if ipv6 is disabled (rhbz#355561)

- - print messages if lokkit failed

- - lokkit be more verbose on restarting ipXtables in verbose mode

- 

- * Fri Oct 26 2007 Thomas Woerner <twoerner@redhat.com> 1.0.8-2

- - lokkit: write new config with nostart option (rhbz#353961)

- - translation fixes for de, it, nb, sr@latin

- 

- * Mon Oct  1 2007 Thomas Woerner <twoerner@redhat.com> 1.0.8-1

- - use extension match for protocols (rhbz#229879)

- - use ipv6-icmp instead of icmpv6 (rhbz#291001)

- - use ':' in tui as port/proto delimiter for other ports (rhbz#292171)

- - some translation fixes

- 

- * Tue Sep 25 2007 Thomas Woerner <twoerner@redhat.com> 1.0.7-1

- - new translations

- - added openvpn to services (rhbz#)

- - fixed typo in description text for ipsec

- - using port numbers instead of port names for services

- - renamed some variables to be consistent

- - make tolltip better: bigger text, helper modules

- - dropped unused code: inconsistent handling

- - make port check button inactive in add_port_cb

- - new function _addDevice: code cleanup

- - allow to set variables in ipXtablesConfig, which were not set before

- - fixed os.system calls in ipXtablesClass to return proper return values

- - fixed status funciton in ipXtablesClass

- - new _append_unique function in fw_parser to prevent duplicates

- - added warning dialog for missing or unusable /etc/sysconfig/ip*tables files

- - fixed expand of the warning label in the startup dialog

- 

- * Wed Sep 12 2007 Thomas Woerner <twoerner@redhat.com> 1.0.6-1

- - dropped --stop option from fw_gui::genArgs

- - new translations

- - sysctl support for masquerading (net.ipv4.ip_forward will be set)

- - glade file: fixed spacings, dropped not needed containers

- 

- * Wed Sep  5 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-4

- - fixed problem if /etc/sysconfig/system-config-securtylevel and 

-   /etc/sysconfig/system-config-firewall are not readable

- 

- * Fri Aug 31 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-3

- - fixed problem if IP*TABLES_MODULES is not set in config files

- 

- * Fri Aug 31 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-2

- - fixed lokkit problem if selinux configuration is not available (rhbz#269601)

- 

- * Thu Aug 30 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-1

- - more translations

- - fixed IPsec description

- - fixed po file generation to use xgettext only

- 

- * Wed Aug 22 2007 Thomas Woerner <twoerner@redhat.com> 1.0.4-1

- - more translations

- - build environment changes

- - dropped build stage, because it is not needed at all

- 

- * Tue Aug 21 2007 Thomas Woerner <twoerner@redhat.com> 1.0.3-1

- - added missing system-config-securitylevel compatibility files

- - string and documentation fixes

- - fixed typos reported by Alain Portal

- - more translations

- - fixed buildroot

- - cleanup and changes according to review (rhbz#253232)

- - moved doc to tui sub package

- 

- * Fri Aug 17 2007 Thomas Woerner <twoerner@redhat.com> 1.0.2-2

- - fixed license headers for GPLv2+

- 

- * Thu Aug 16 2007 Thomas Woerner <twoerner@redhat.com> 1.0.2-1

- - obsolete and provide system-config-securitylevel package

- - added compat files for anaconda, firstboot and system-config-kickstart

- - lokkit fixes for nostart option:

-   - only write config for iptables and ip6tables if enabled

-   - stop iptables and ip6tables if disabled

-   - unlink iptables and ip6tables rule files if disabled

- - lokkit: new option --update to regenerate firewall configuration if not 

-   disabled

- - check for include files only when writing firewall configuration

- - clean buildroot in install

- - made system-config-securitylevel a synonym for system-config-firewall

- - ip6tables: reject with icmp6-adm-prohibited instead of icmp6-port-unreachable

-   (rhbz#250915)

- - moved config files from /etc/sysconfig into tui sub package

- - removed x bit from import files

- 

- * Mon Jul 23 2007 Thomas Woerner <twoerner@redhat.com> 1.0.1-2

- - fixed disabled string in fw_gui

- - set mode after copying of ip*tables-config to 0600

- - fixed categories in desktop file

- 

- * Mon Jun  4 2007 Thomas Woerner <twoerner@redhat.com> 1.0.1-1

- - fixed startup and description texts

- - added missing requirement for system-config-network-tui

- - moved base python files into tui sub package

- - fixed requirements

- - made package noarch

- 

- * Fri Jun  1 2007 Thomas Woerner <twoerner@redhat.com> 1.0.0-1

- - initial package

This package used newt, which it now being built against python3 instead of python2.
The TUI is part of a larger echo system which includes setuptool, system-config-network-tui & authconfig-tui.
system-config-network-tui has been replaced by nmtui,
authconfig replaced by authselect
So right now it appears like even though setuptool itself installs, there is nothing left for it.
Only the command line utility still works, but is only for iptables, not compatible with firewalld.
lokkit has largely been replaced by firewalld-cmd

Pull-Request has been merged by bevhost

3 months ago