Firewalld Versions Save

Stateful zone based firewall daemon with D-Bus interface

v2.0.4

1 month ago

This is a bug fix only release.

Eric Garver (1):

  • fix(policy): allow forward ports w/ to-addr for egress-zone=HOST (e8a234fe)

Thomas Haller (1):

  • fix(rich): fix range check for large rule limit (ca19dfd9)

v2.1.2

1 month ago

This is a bug fix only release.

Eric Garver (1):

  • fix(policy): allow forward ports w/ to-addr for egress-zone=HOST (c01891f2)

Thomas Haller (2):

  • fix(rich): fix range check for large rule limit (64cb406b)
  • fix(tests): fix skip detection in fw-in-container environment (7f3590f4)

v2.0.3

3 months ago

This is a bug fix only release.

Donald Yandt (5):

  • fix(offline-cmd): use family when creating ipset (4256ba1b)
  • fix(firewall-config): allow rich rule forwarded ports to be logged (842a144a)
  • fix(ipXtables): log forwarded ports only (e14f9d7e)
  • fix(nftables): log forwarded ports (faed4916)
  • fix(io.ipset): raise exception if entries exceed limit (ff3b8b55)

Eric Garver (2):

  • fix(policy): ipXtables: multiple policies using same zone (9b94f63d)
  • fix(policy): dispatch update for active policies (f7444579)

Thomas Haller (1):

  • fix(rich): validate service name of rich rule (1ce3a4d3)

v2.1.1

3 months ago

This is a bug fix only release.

Donald Yandt (5):

  • fix(offline-cmd): use family when creating ipset (64f78a9d)
  • fix(firewall-config): allow rich rule forwarded ports to be logged (d46ea62e)
  • fix(ipXtables): log forwarded ports only (07dc202e)
  • fix(nftables): log forwarded ports (5c26b73e)
  • fix(io.ipset): raise exception if entries exceed limit (a2da5fba)

Eric Garver (2):

  • fix(policy): ipXtables: multiple policies using same zone (b6f2f096)
  • fix(policy): dispatch update for active policies (7f6f0e2c)

v2.1.0

4 months ago

This is a feature release. It also includes all bug fixes since v2.0.0.

Thomas Haller (3):

  • feat(service): add DNS over QUIC (DoQ) Service (5130430c)
  • feat(icmp): add ICMPv6 Multicast Listener Discovery (MLD) types (dd88bbf8)
  • feat(fw): add ReloadPolicy option in firewalld.conf (0019371a)

Vinícius Ferrão (1):

  • feat(service): add submission service (tcp 587) (d6a95612)

Vixea (1):

  • feat(service): Add alvr (3a92358e)

nser77 (1):

  • feat(service): add vrrp (d62fc8db)

v2.0.2

5 months ago

This is a bug fix only release.

Eric Garver (2):

  • fix(policy): runtime dispatch update if *-zone=ANY (e8b96374)
  • fix(nm): release NM client after a timeout (d534f074)

v1.2.7

7 months ago

This is a bug fix only release.

Eric Garver (2):

  • fix(nftables): always flush main table on start (47914f61)
  • fix(runtimeToPermanent): deepcopy settings before mangling (c9a03ade)

Michael Biebl (1):

  • docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (c7b76147)

Sam Morris (1):

  • fix(firewall-config): escape markup stored in bindings store (703d2646)

Thomas Haller (6):

  • fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (0b7dd078)
  • fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (bfe09f49)
  • fix(ipset): fix configuring IP range for ipsets with nftables (3330e49e)
  • fix(ipset): fix configuring "timeout","maxelem" values for ipsets with nftables (1c3c5eba)
  • fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy (0b272b74)
  • docs(policy): fix wrong documentation of in man firewalld.policy (64014611)

till busch (1):

  • fix(applet): ActivationReason.Trigger (b20194be)

v1.3.4

7 months ago

This is a bug fix only release.

Eric Garver (2):

  • fix(nftables): always flush main table on start (4b005c26)
  • fix(runtimeToPermanent): deepcopy settings before mangling (7d0618b1)

Michael Biebl (1):

  • docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (047f64e7)

Thomas Haller (6):

  • fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (ebf398c5)
  • fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (762fbf4f)
  • fix(ipset): fix configuring IP range for ipsets with nftables (5c5924b0)
  • fix(ipset): fix configuring "timeout","maxelem" values for ipsets with nftables (60bf2928)
  • fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy (f7bc46cd)
  • docs(policy): fix wrong documentation of in man firewalld.policy (56eaf880)

till busch (1):

  • fix(applet): ActivationReason.Trigger (0bfffb3f)

v2.0.1

7 months ago

This is a bug fix only release.

Eric Garver (6):

  • fix(cli): all --list-all-zones output identical (d30bc61e)
  • fix(cli): properly show default zone attribute (ea8d9a87)
  • fix(cli): properly show active attribute for zones and policies (b2024038)
  • fix(cli): --get-active-zones should include the default zone (dae9112b)
  • fix(nftables): always flush main table on start (cd209811)
  • fix(runtimeToPermanent): deepcopy settings before mangling (9c536394)

Michael Biebl (1):

  • docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (1c772059)

Sam Morris (1):

  • fix(firewall-config): escape markup stored in bindings store (c876fd04)

Thomas Haller (6):

  • fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (29351195)
  • fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (af3c35b4)
  • fix(ipset): fix configuring IP range for ipsets with nftables (6a050ec2)
  • fix(ipset): fix configuring "timeout","maxelem" values for ipsets with nftables (7d3340c0)
  • fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy (ff612093)
  • docs(policy): fix wrong documentation of in man firewalld.policy (21026d91)

v2.0.0

10 months ago

This is a major release. The major version is being bumped symbolically to reflect significant changes done in commit f4d2b80adc84 ("fix(policy): disallow zone drifting"). It does not contain any deliberate breaking changes.

Feature Blogs:

Additionally the release contains the below new features.

Eric Garver (4):

  • b7faa74db15e ("feat(direct): avoid iptables flush if using nftables backend")
  • cb1d47611131 ("feat(zone): add support for priority")
  • a0d0a760db4b ("feat(nftables): add support for flowtable (software fastpath)")
  • 99894f70e313 ("feat(nftables): support counters")

Juris Lambda (2):

  • db13db701b85 ("feat(service): add Zabbix Java Gateway")
  • 81b17fd5da35 ("feat(service): add Zabbix Web Service")

Nikolas Koesling (14):

  • 3127b16cb566 ("feat(service): add game 0AD")
  • eac23ccb0772 ("feat(service): add game anno 1602")
  • 547a9ecad827 ("feat(service): add game anno 1800")
  • ab5e46893cf1 ("feat(service): add game Civilization IV")
  • edbcaecb13b8 ("feat(service): add game Civilization V")
  • d99683cae26e ("feat(service): add game factorio")
  • 4697e148aaa8 ("feat(service): add game Minecraft")
  • 69649c599e63 ("feat(service): add game Need For Speed: Most Wanted")
  • a87426fd99d7 ("feat(service): add game Stellaris")
  • 1f7d664a6f31 ("feat(service): add game Stronghold Crusader")
  • aa6bce9149c5 ("feat(service): add game Super Tux kart")
  • 2c246f3224c7 ("feat(service): add game Terraria")
  • 4d5bef92ac09 ("feat(service): add game Zero K")
  • e9fc8c812bf7 ("feat(service): add game Settlers")

Pat Riehecky (3):

  • 77c7061cc191 ("feat(service): add OpenTelemetry (OTLP) service")
  • c2a6c8fc6315 ("feat(service): define statsrv from RFC 996")
  • 2b58cb7d4a97 ("feat(service): Add syscomlan")