firewalld-0.9.3-150400.8.12.1<>,rԉdp9|ͨc%RIKM7~{ӥg$89Yۚ\m*d_顖F+ܯ: p*uOk1׻fnH㒥?7|Eܢ!(c.A2d9>lƲd/K)|, ~GxZK Ѝ:<'-ʤ*ޑZ͋b0C݀N^?^td   d/ Ef ;Bl- - z- - - d- f-j-p-vv-{l{|}~(}8}M9M:M=(>( ?(@(B(!F(=G(P-H--I1-X2Y2Z3 [3$\3(-]7-^I3 bKcLdM+eM0fM3lM5uMH-vQ wS-xXH-y\z]] ]^^^#^$^(^.^pCfirewalld0.9.3150400.8.12.1A firewall daemon with D-Bus interface providing a dynamic firewallfirewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface.dgoat21zSUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-laterhttps://www.suse.com/Productivity/Networking/Securityhttp://www.firewalld.orglinuxnoarch if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in firewalld.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi # Avoid restoring outdated stuff in posttrans for _f in firewalld-sysctls.conf; do [ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \ mv -f "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}.rpmsave.old" || : done if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in firewalld.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi PNAME=firewalld SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable firewalld.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop firewalld.service ) || : fi# We might a have runtime configuration which we haven't # made it permanent yet so restarting the service could be # dangerous. It's safer to not touch the firewall ourselves but # Let the user restart it whenever he feels like it. if [ $1 -eq 0 ]; then # Package removal for service in firewalld.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi  ].]zz}wUZzx& cH %},-@ZS3&I((1>ZvR00iwaGt~f4 D]W(DV%pOW \e) 67^IsD+&AV4w)7I PQ`6<CI!:;+%#0q;7(<IF0$& S +Iy Vv  kD H1JuA聤AAA聤AAA聤A큤AA큤A큤A큤A큤A큤A큤A큤AA큤A큤A큤AA큤A큤ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd_dddddddddddddddd_dd_ddddddddddddddddddddddd949dc7d955b10c9e0debc82320d8e60fdf2c87e1c5620e95f4434b97079ef6109f37ec609d7ab31ba0baa7bac50dab5a89aa07662745cd35b1b721e117e20b4044687bd20dace0050c4724eba5659ee249ec21b5b60d0300da9acdd2027ba241120a02e9b88ba74949224eca7385825e39880f5687f739ade07d94ee22ffe325051323c43bb3c0229be7faa4a10731c7d5a14d922553d3944b756f4d595890f5ddc63a9acc52208af896ebbdd53accf6e700f0e80c369381c993ae63805a812a45b313ce514bcaa63394d4ff04d1f0f19bb3f237fe26ffe3da996dad8fc03391bedddcff47fdcfc8b038361a10ca89878ef777304aa6abb6e754eba98663d32efc1396baaeb3c1394cc2edd53343e0ef58c144b8d2838c38a65aa100e3ae19aa2775fafd0aaa0c843c05089410dcd6f52795b2ec920325ae1bbb960ff43e68f25a36252226cea7e6c19dc9354819ac3c785ca19584baedce9b600912eb24a452b9208bc832178cc8e568db8e41756943eca7d9d8cac6ce721f11c1e27f7bb44e199aee6be87fb7e521bf18f7b9a887a7ef2cc2a3cced3e95045b076300c70e71a1a9ed19ec7e8407d408721a384a7b540ea84ac7b512d064c76295d0d320854e3dc1a43b83774e06bcb009e8edec65e1f436dc67ba173b7b931b8a1f6784c856101f49623d9031609fab630cba659b25dc0bef6755dc30b3533c87b031a62d8062f0c384313c589cd3653e3bb4b30fc99b862604c1a2f5a095bcf8e3da28a4bfa2e2f3c0f7499e4502e81343fd8e0252d64858f2862ea3848a68c07b0e5edaa6faec51e2397c0d508fa59a6f29c8fd6855292250ab4c4a72bd06dd688736241687533748f6dc4bbca3e3cdf8c94cf0acfd84dec365bfdaabaf910c8ee1ecc4bf5520541e5f8df310a5047000c62e17525180f2a86f6ce68e9a515b65dc530034c0dab1adb23553e78c7a09856b827a2a8f627adf5bdaa673d939710c4bdc00b75142a33df23b4bbbdbbe7839cb0a9606123019d2e10db1c7e8ba3fd22fe7ae91a9dd785836f3c5eb2722fc5d452a9a48d35c620ddb928b9ca73002bf788026dbf1cb22e847d20c5586ac7755245fe2b5703ffcaf8ef3e26e54cd12ad7f1bec610efd7cce04ec7aaa6fd1b5dbdd5197229e28a9140d2ec3330077b009e7adcb444c223255e501b772168a31cb8a7b7b32334dbc76c3a808d9b8fe81e4487c88c3b700fb29f8709261e69bdb327ec32e4cec986c6f4595a6e6d45cbb6ea766bd6b6efc4aeff39086a3abed5a35eece438f67c8a7badb9e48d1fe5bc6753dbe5b06d58fdde34afd628972b18b679631a693f8d7d5680c79e36ed9186066ec7d15615bec19eda90b1a47a57a44b2113b3f72b4d7baabf4a200909bf7f8bab098701c599d449eaa1a674bb9f1ef062b43f8303df864ac007e4e7026f53d0021ceff4da7082c395c04ef3f03e62c5315ff44cb6f526b17ddde31c6cc8bc590c31687d92c8b531f1085806a0c8c8f148f22916719259638b0a09701ff630db1e19d7b261fe4579baf77416679255a768a30b1c24122c5af4ea3de6b4f509e76874a802b40725ce6027337b344ad530dcf819ecd4eb457e922bdf3ae18dfcf9ab9a6a90b974000364b17ea5a97eb04dcba874203aaefaadb6d49e6dba604f2c56a86a40d1545628325b41597c43ad9d844a5f81a679eed87f0c0823532c1a4048aaa992627224cf6a6495e0918ccd10b74be16656832a919e2aa387204c7448c5881286588edb7d1caf35a624b359789c358f1960327298053213306b46686468e0a06174d343412f91ba070cae8857aac9918c4a5b01ec0cabb40a42d82333f9b9c4b188a31142ec3baaa690424032d46c444cce83e96ce078fa382d37c85ec9ceea4acbb2e0d625d33f1f8e60131dc0301f343f63a74d5d009a962b790b3b39e234754ec20cacaceb318f51e93b2f5bb04720029b75c7545dbe5b6b0a7d3056d680452b851542a35535f65f5df125f28ed354bda85ee118e7f27cc7d08008a6b4fa633a605c8ace6397da68050e859129269142254cb0862a578bf89fc93536581d2549cf02a04e67230416e7f6bd164ebdcf3ff99843741e4540ff406775f76022c742110062306bad0e4d08a8aafa61839f1cc3665fe1c23fd61bc163203ac6036847164c8610057d01ba92ddf1e152c42256780ce14f20560c5cf6277be0955ac236e37c8fa8972eb7238927b3b25adfebdc8771210298d34fce9370bd5b6f60f641166a3aebc9358e694a895b78c02ef97f15ea1fdc12906cad7d44149863f858039f9704f92b26e855f266be4fc6d86d2be4f8910fd61d10f7ca48fcb3f4f4de37586d800d92d04a1945a00648a116f895fa71e585c6f7fe945a82bac835f504c88def827aca86aaad3fa75e2cd178b49e1813f83588822080f1a720423ecdb84608e421b0c496a0c536b6013dfa457299680ea8cf619c84712de2329e1c80cb905b95afa657eb4c2ce36827de5dac30578be7673090fd7843cbe7b0060c8da576e360c4976bd8de87218e842edf514f4fe87290ba306daf33ccfffb779bdab4742a47d40e748ca2c98447a02e78c99e7ae3f33303cbcb65c6d2e0c5afb044d0e43751d2f574a3596e3a693907281e0d03e20199679de339ac0b5e64fd737311e3223dc4929952d4962c727208383786a5f498f22e63bc005fa8e888dd3d17bc4dc7fe07caddf55734354f09870a9aa97a4d4d43f5cfd94de26f81afd1e8e2336024037184b45c383a511d5b44892cf5656acb3c1bc34e2df5712463764a6432089b9a1179a763c7048a0a6d555dea3348a8fb4d04a79f02cf5ebd976986312394939b4d4e1f876b0d07f1b5a290e77b61cc9d25ce8a47f1261761b287113f80709d1337054cb570e5517741d40d434c4f7b4544ec0e60769ecb6d9ff9d7a52c0183e86c3186bc1a811a2c9a76df6ee4ac36fdd346b29e63578f4ff3661e9b05a08e2b4041fa2bd3cb6fe119ba329178b2438d7c153a77c37f2f3973a434e81f678622d34f6b5b578dd1f793f27f6e0bedcb525ff92c2e25ecdcabf57166fe8d8d2c82190a9bc92a5ed89f0de9e92b44dd38950db13ef9a68c47eaedd08f65b3e1481597783a38ac7bdb121ba6312b24040448a60544ea21d9a5f4fd4528d794d15b5d2b6f1454a5b1dfbe17d24096a52bc7b7a4ea25c8ad294fa181d3c2c275b311245fd16492fd98f2d41ae7bef6701fb5f86a4e65a416176acaee92d33c8b2311e0650712c774038e1d3af9fef6eea39a6c65bed7d3158520fd491749f473a9c5929f3ec40b785e6c5f893a5d2b78d1ebc9c6b0a458b3a7769f73c764ef6a455cf84707e6e6cb7da6f0cc2b8d6316cf50e7c96b60bdbaeea7078f71ea155c6a86d28e6d9b858569562eea06d083f7229f40031caf4364b910c8e2459ac2f0aaa956aaf3bd38a838ed20fadb782b5051d7b77c0149812846e5f16b50f13bb53fc36eb561b56f94100397f3ea8924cdea4360813a1660c4679e49868e59bd98c31baecd00d0686c55beceae3bd5a6f0b0b5fdd19c3d2c8143c3f500d3d8b2f9747ef18c6c7f485576eaa37e4080c554937b4e18503f54007310784922b51d4657d85ed08c754fc2666229616b30181ab40c720a91cffe0eb4a7e7fc8776d6001d329277c00003d7e7cc1a3084e76305c230c6c185298313accfa4d7902694a6513defe21fee5b962f6f951a7eaaf1cb8cb81ff06bd803e2e9a837c3dc33fd4a0cba8e8b741f4fa0c82708f712bda074b414a357c8bb9758d0955f6d4e9d828f6dcfe5a62af4e278d035b6607c27f19a580a83357f6bef45e579a36fb8b63df56a15a45ec36f0fb4ea428f374b1cbece77e2a5599d9fbc29807b2c687e99d30964fb572b817e67e1294408f2c5a0b583b4270c55e462ccca3962f74998a7b098a772733ef72dcbfda4a0c885676fd7f3414da386f2e2ac18169baebc4a1539a6b854b99d629df8673e94e19612c1a860db9b19ef19d87423f4bf87c444578db03dbc5fd661470724a4cdc65db29172db25009ac8d99012f3156f8c620ed87903148207ceb32469fb5de4fdcad7fcb94e2fc967dec92514a8956922e252c350f4b34d4b9a6c6345b4d55a3c9665170eacb8ca861c93100c4702bd37ab1fc29255f6a3ae0a89db8c2760002126891a365ceff8e2689f3d52613ab5bb7b0f845f829950cc8712878ff9af444802cf22c1744d36f38d028e3065f1d28e93b22ecb82c022c196d855dc82625e857c3ab0bbaad5ffc7c79e78ccc9f8421a66ba6f5e60e61884d00701245ffef25b30dc74c65a1898fa0e8e279607bf4212eccecb415803c6da50d96efbd09c00a89a3fe3e7ae7be4ea6850b2cb3881533d6f3303fe37cd55b9a3bb2d4c4d149f63ae7448df755a5d87cde2b563829723a57ae7cf0836db65f0e2ee28c8ab41b1524a748b6784d0193afe901650a67db7042e55ee26719eb794a46300bceed7262846f469f0b9ce3bbdcc44f988b1fb06b70193647961e59f5b4f3fe10ad3d9257a704363845ed7cc713a8cb8b361d6646d651c94d32459fbde573295f9ed593864ceafa85bb880fe8caf88cd9e1428cde3ad3f6e747c7dbfa875cb14eaa84ae5fd96dbfd8ef143ff82792648f15b7995abe893cf761d8d4e27f4e86eee727dcb36eb4be08cfeefb30009c78ee4331cce490c047cce3e07c529032433f27134e76b0c0c84a34c22e2e9edbd565b2eca4688737bc8d3ebdc793e778ee0da26be2d465cd980d7da3944887cff95f3069e22e3fa5795f141b1c749c02b50bde5438254aeb8ce5a98a26610b4af38716f4adebfffac1a8003e3cd63ba4b04c26136c1b100fbd2e6559192289038dc1c59aaf66b2916cba6691a465f31042f5c7042986bbd77e22391286a3838476096ff766d459b12e518cc5e5961b57c5f4f7ad65e9da5f5c36b88f98fab824e217b55a51e9c09c5b787ea5929ca679e5edaf05f6cc407ab44f94bf5ebc4ec738a58564cbe09e85da1ebc3714cb1b9c195cdd67bb9553c87a43dbecb964e7cfa430abc8f83decd663aba9b06bb69ab6dfce47cfe4b65cd7a618ca2f9828a8648606019f56fd67664081a5b6855d1311e3e9f8304d77b762865fef50aa05bb45c2b8d84de2a4a74b3a542c63af4f1c1b97b77859895053cccf94111e07c767a9f84096d964fcb989590769bd56d2ffacf5463b961c3fc7b11f1093e0488abce1681302cba572337896e1dc3e150dfbbcfbc22950622dfcab275152ba520e052f197f0a95d8f35c3211a4a59d0d4d919b0bc8648cc255d456fd2d3644b3953f14e8c526b7e244964202d606873b47811fa459f7364ce3eded1f816596df0dbb12a4f5ba2734ad31ad5bbd51bece67283d48f53980efd3195549a3c973a0dee0a960973e6238493ce413d7087b92cf4ec8fd783801d56e5255617a7e77590b7ce8a68340d461bc4bc17057e09b7d6f63387bd4b4eac4fa0be8bd3b6f7d1414cf632f6588e1ec70cc3046d4733413144c538f5b31ac4e99fd76efca42dde1fe800e0e7c0444289876354452049a1d2c5fbb3eb92f4f7b350a5514170242a0e885c40f859b8e7492ecec34692db6d8c3f09fa8dd5585c5f3e43ccbefbf7c35c2968e0d23586d0bf6c95a13f82c1db840dc49032aba8c8d9c117e6ab80e90bcd60e3092cc4ec549484774c0779073bfe44b30377ae6b172df1942184aa51f2669494911550d74f42274d1ae7ce6cc66bbefc5d7d443d0e3983300bdc6db114efe2bd4b51c6daf31e4b90129e00b0b3b016df15a9f0ec7eb6e331bb4e6a8e519c21bf1f8be32138925fb57c60fb14d156c972492084916053b985b8ce8f6ea739b22855041b6f9c1f00fff38c96995c35398840292a12c7804668d7856c04bb396a182eb5a92e54cd56dcb531e366274dc051e81a8a89bba0b312332069e630341b71fc02c7b94302a85323a448459de00a5cc0ce5bcbab2314660e64adf0d870868b2f7127ec155bc4a57de6ab4e3013e7ad07cbac53f0cab8ba4e91d0942bff0fa86669763f091122c4602fbfc580ecd10a6816918f236dc8b65f609b3af3b30e3109a6a6d0efd947e8e7110ea11d503deff5f77a6d32bffd22e2d30dd7418f0ab085d28880c5faaa001c0f4aa53acfe0beeb9d11ea8483db0e59020b127f184aed44cd656affba19cb7c18c3a6e340696ec79dfa4b86d4ac385d29f8dc56948f75d56c0d58fadd20aaca7dcc5fb9792f18e1531a863a165317c3ef38f74efdeb8f7423f10baa7baa197334d52eb5fb6479a9fc9654e034b16761bf37d118f5731556a1acf52e49ee576bcc10a466d14a05402ea238ad55284f5733ee4f5a74ed351df315164747e3f7c67cefa7cbd0b75fd4764066d725d1fdf411a36083614052881faab4c298a1c5da01baf1839c62df685b8ea110ec2d204a29084e67509a79e2f46659f6fde3fb40a12cd84c207a13d136cb9495d5048812dbd0fda2b106f7f37b9d6e5e3cfab11f13c84cc47c6c7ad5c85f27558363e36b04f08fdab43784d8716d4f7b28668a525949d56108c834b47444b2137fe06605ce110f0935c6205c03fd0a109f899db4bdb31765ce91919192a1b3c889fcc0caf91e72927f38cbef5ae936cfecf65c730e3b4bbb23f7832b0af7cd24cb7d6b050b4b158286fbd44eaf03b8025ee38be76cf98d438bea2522e60786ea9911eaba46c8168767c47a1f1022594c61dba1acd00786480220644652bbed0afde92fd6fcb9838438185d5f12bde6ce67dad532083a5eb72eb4a88ff398189fd3f1f1fba18126bc5b9d892f909a7b41ada30d96466d0db5455b3846ad7fe27107a1c0452d4974c79cd39bcb785f2e3aa7b36a1f8cd883f2bf4f3d1bd97183ae7fcf0246dd6b1e2fed73f630e22be315409c984d374658d61f5d546d717f146ae164809bf8266559a1f42a3c47a220f70e6a74d695f4c7dc6d7c1f82bbd4bf3560b7b96d38a8327f1888a05651ea6139eef97f74ff5ae74ce640f6df83c86894842e1ec6348c45c1a3689958df24d00eac2505b8c9f04be56860390a76dec536fd431cad1829036e104c805f0712db119ceebdd40c009bddd83ad612ff84d7db5600fe5ae2dbcdf748adf1de7204b8e2c222e5bc1603fd94419692c6975b7b1e49f67de2ce41fd76a3ed2cff83f6b36792798ee99ed2e442f98d78de6dc0f2b0cb8e475597224a094cf6dff24061650d5785242e369d909c202f99a3810ee5830dfff9a97e7ffd2fac2eae8a03ca61de100fb15594b4ad1afd5051ab54700863f6de6fc0551761e1bdee38cd2dd16cb23b96b7729f3ffa061a8e15c282a4b7421de7dbf54048680c8a1ff121743aba930e0d6383d90e122531ff66fd70eb5ced1f3d6d1898d23b605ad074d7bd9121da3cb3bb753b004473be069ea9ca3df0aa607435a4d1f69c67d8c01fd05859413d20f16cd95bef3b50a05aacdd4c115fc24bc233030cbf061432ac1e5c87ae80041ed7f1e60cb9c1b59843649fa610134ac5a80f1d0646f5cde3b2bf1458ecfa3c12847cd6266419075250596aadd7e8f01ae30c51887ff48e1c37e78dd5b3a75ad3e7eb4ef0a6cc5e4983c5672089ad4ffa43a1a2077ee091ddc1c6a99aa9a197f566d32c0ba08bb1959ac09fd7b618d2c50e3e51b7b3d2f62e3755de3fc22ef61aed727de79a85cc259dcab0fc6417171aeb053f0bfe056445759edaeb6f421431c21ee16e19fca257e02ad748d89d83aab48af2babcc2e570043b846772a9192cad20b2ef458f0fc2e6c0fbfeb76931a78223617fd0328ea24cc577c9a563b3279244fa3864cad213124e32a2a1357da7252c979aca82390c1a5081dfd94cec718d3c7229326a6fd90d3ca9fcba6fa35ff8172fdb96207047a1c61dbc62c3f44eaefbe7f88010ec0ec28fd1bf60f18faf6ea11f3698d184753e3c66c0fc525d13995c0a8fece6e78d164885e1ca3817b21814d52e065b9d498e44075cdf3f373cac4172779b41dc1b3758ad1a108ac478e11b28df899bc84a9ead8afd690065fe69c0b90c1753e8c3592fa1f8afc0bccc2a75de102cd259427b93671e03dc7a0c842c10f687b897e5d515a2b2253a62e179458d54b5a56f9b41b3d62ebff5bf535059b929fa239f59e8274202c37ddb2d19bd02b60473e56d1b8343682a9c6f5b82bda76248832d8cac360e25fa7a0dd0d9cdefcff7aac3db81fed513835e1b362453eda47aecf07eb2a31b2a7cfda86f33ec4f5dc3e0a92d4e9aa75aa110f86ebff3a8a7baab6b5d813ba26a649789af09b2295c4362f64352c094dc66a38db9e84764d4821b49b10616c11510f7e04144256e33d548420027ce98f2e54fb0b6bdf2d19e7751dfffb5fefd2d8ebad08a49ba31708da29cdcf500387e22afc7ba4c74eab36583af613559746a783d58fda602618616d135dc7eff0a8062352e2f1d36a9412496d03ce2364723ef0cfaa18d614dfc40dff999d61cac5ef41189b2581f74b6ee71ff6bc2323b7a111b2f2303270d39e22fcd46865a02477584488b5471012eb29c1ecbb2f74c43f2c5f9e0fab026117459bd5c399ca340d222228c7c136b34380ef8a8baf871b6b7584c295e89622172eec81979815d1750cdf9c3be68d71d08267cb065df399dcb5340d645ea6aa2fb671871a0ef84ee6dcd4d31ad6e221e5a286d5bf7b9f026e76ef26d6d8c83b760c70473db870e7753f8528f640525af6c67eccb8561d05c0c6cca9e8cec4503a223a86bcd08bc33ceda792942efd2a967b90a0f37b4327cf27f54f14f9ef8b90d8919c763f2c0eb8f56a5c69911150c25b3fe8b07ae410598b41c98f8e1dd7e113dd7d176e7101cb4e9f46224b8c71559a0f0f1bd22a0acd33ec60648729a63b0902da9e762284061f0a1bd8dc2f8a93fd393fe52d40450f4aafe639e643dc7f5e85426bc5b9e074b76b757b860cb8ecc79e11b52a5bd20ed57ff8afeaeffa9914a776c2684eb87bd75c3b9fb1632550b5ee46952fc55cea726fdd3485ed96226c8140393964a80f3f3e06dda77f25d351049b1dd4964f3d4996ddda1d50a74f6b6463770d1047fc49852d2c595fe295ba2db75476dbb053e21c59539e039bde113c368bd9c9fb3f165f5e63dc769264fdf3e42bf600a493a96c4ab853e57877452636b3a1cc969ec4c9dc644f6e90128811479e4eb676ec55b32388e449322fdb6230901725844a8ed6cc3c2c25e483cbf096d83551ede1be300e3670d86926954700579c4a1453f9fff573a2b9044d18d30a193da28a4c25d9e67380a8551e63b3391d5adfb2401dc6800e8dfcb59ea800ccb046f2d8495a4b1223958deff8b9a7bb00aa5db265e2c56a8b4d3a050bc6a9051aeebc23f8f387c48749c2f8cd5371f0a215c1097e30c0b814270539bdc25220ced1f9b159a9e67a0562f67d330066a2df9097fe70282d3f6709faaf0e1bdd89ead377d6d529a217c7c31a623232d257d2f2763be3b8c35c31601068213ac8cdf07766a1ddc50ebc79b6aca5976a9c914da4b4749ab44b849d256d96a74ecf29fd1ca8c0c362779cc62cf5e7530e9400577a42311da255e168832526fa471ff1d26c88e63184fd6b359d5c0ea97324fa251e6bb52320f3fd3f695a18ee14672e895f6c7a168dc852e8679c23122a76fd21de94ce714054ba2b6b4d2bbb85a945febb7c1d799f3dccbde083958e6edba185fc4e14fd7f9eb8f784021632bebe9ebdcf929bdb690b4ca7477bea940d8d4407aff9ef360ad3460842f81206e44e71413dfd9221ef764332f8c838438e3c840138ac370afaa97d6982ff54a749134e323bdb8885e267ba533f217a68f9080cfaed9a80941c633424dee2c59d26d3c4d37ffd40589a0baebe98ad10ed1848d0635c503ff0da8e3e005857ca992d36f946adc466dbdc28cc7caffa4492d5d6071afea20dd5103fc6f717330a585d15d2d6dc8c368dfa22e6ff6b009321f96c06f8d4e0c1a512a2e5be527835f10be4d14f7f53c11840c4581420804b264267c5b6ea4b7595a0b7aaf0318af7e462e79a1e2450e2831ca58eebc5dba3f163e9c58d07f4f768baf26daebd0f88e712f488eb7550837d40cdf4789dd5e3e8088a8f263b2632e2355fff581e4c61f7174e04d593c01088d952bfda83883640a8d368c9ebedfc135f60fa1294a4c1794a2e0fdaba1c5f70e2f011a9d9b987e43368ce1d582ee4b43006da4dd528bf35cb182af12dfefeed7d3dcbcde08a17475e86be6b3d3c9721d8490c4adcfa2ee5f8c949e4b3bcfd87abf128a77f3f5cdd538e507911e5109ee6330983a0149b2f231db5f2d4c14825e1d6778be669e9521c4273fd4e1ff37e5c839b2e100b9bf853191a3ddb4c9fbad4d13f0123139c60bafc79f7ea5105ee6e745e7825bc674c4f519edd8eb9060aeaaba876d7171f3063eb56beaf3cb3d1b3b567b5b3fd2e47b450d8a2a9c5b2467570eb4e0759e7a52881913d7d67713348e34be07a6fd1fd4c205c8184147cec4223451f4f48ccb459649e4e0dc4c30fd5f29e26830311f0940aa7a183f3cbc19188fc8c42a127da16edc3f5ba2416eb99f2c821307105f59b2414b3d3cfd0234a758d53a315f291f1c95c9c9df21ea81e56b144d6c9af4b87957be81a23d6e5a12ad601608b138e628fd744bee1509fd28f5cb7a4023031d95c3fbbe6811f1c6cadf0538b8fbfd56a74ae5992c133cda474652e3cfcb494b2ec2cb17eadd9987c0968211e14dc9eba4027d9d256c5fe2bbe907f8ca8eaad41128a48d735eb71db3519e41f3a5ba7c65a37d57c18cf2df8b3df2da09c628444bba5189af9f3a621140425b182a72532bcca784c71d2442eda18b3127700729e38980489d2d54b4e4c6fec216a741d3b1bd54f8c9deb14cc862376931342230a191572188ff3e4cbba0ce374d08ebb584c2560907e76c093a5c1943c5b9f79eed25f366aaff0c47f76dbbe64c176d0a2c4bf9b10555907b6ead1b5404b096d0b4c499853715604b459ab23425c0e5e1ae733785b8664b7e793a934b74d8268a90e745ae669c7f2a940e6af4f2835f734fd37ca77d4811b791ba415a1a19a3bf9ebf0685d4d45a4dd3fcf45a6517404a1e8f7c5755c5bc0491063e370de26e3700768c6607ab6c3b03a45750253c5b8aecaf4b839de68d658b0722bbaaaca11460bf452de2dfb29cc1a16d2bead1192299e5a6c15158126f0ecaf0c2e0548f70e5af12dbda57838c2e77f2f0b258dbf9b12141e46bb2a72bb02dfb197a6db6246e23bef9276188981835cb56daad6b41f68f185bb75c453f128bcdb9ff200308a5d60f9f917ff88bd768a0772f0872f039dc8e7790e15442280249a07c30b1bb8bfa7fa696015c94a3cd44d0cea8b4c6a8d27034fb7890fa2bb34f0da83b0682156e042e46af35c4a0ee770a5a7985bbe2fa3d0150e45be60e508a8b2b923bc6f0e25a4325756ebc1ca8330303705c8add2c5ac77b8950cfdf90256fda78c137f6f421020f305f76180f59e3000667e79ea338bd1316062eb58efbad16e56176cd24c2256e3454e6763950157cc5ae6f910c549622684081fccf13821a3da08e3b78177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643284ca04a3e95b11e03883e723fd4055ce915bcbb1d2d9f0b3b4345fea6011cc793ff4a5f3a0931213408fc64d955e25f520bc9b7aff0d4179f260fccd0160dfba6c3dbcbfca71c27426b35768f71055aad2dbceeea61196960674f6b4b5f044a397ff80c65895b3ab39e73d26fddb98be7fb12bc4f6a53209cd3343c292078e5ea390d4f67cad60499787d8879d7f70f016b7dcae3cd6701094aab7415d3cb2f2c02c9acdd56753bba1d22472f6e1c870134dea796c099ee74f137ba8e3ef5fbc6546afda6c60d8f27b9574d46ed3c8dd443042a8cd264612a88614efeebbd6079407b762b286ec7bfb7e74310b96065e60dc1e7ebf8d4b6fcaa6905313e4427b290499aad4710cef78b5e7990f5487b07805f47c7a552f0effe774627f3392134ad878d61fc50a85b2dae1e1fc91aacecea3e9d324b1f88094e2aace1985b352d1cac1dd23856799392c55a436c5f2c628d45a14670b6d3ebaa720c45ba53fb9315b94eda06407a2bcd78f1c959ab473423f9a3fb349ee9b483a26c36b6bad09a69048985692081ff7c84ac36e312d6aeeb3d7a96de1024d4a9dc2bb84285f0d8153d7522f4661eacf7a3230e0cb89c65908fec967d7e005a5616efbe6db3d54365c14dfead2b6d2012746620b1c278ec3ea8bce0d348483c814e8499138df542bfaba4096fe14b49af32fb6ef280f1a8895797ebe74a56d18db6557aa9af69c14448bb66ac4f7f9cf7e52ddf67950eb8118f87670bb55187d6832c1d50aa6562e368410acad3e1a582a246021cf692d395a1f448c1dce7709556b08461fbeb0b2e30bc7d752d7a52135a71e14b400b1b401ce1ac2ddbb07e58040ba1b47481serviceorg.fedoraproject.FirewallD1.server.policy.choicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfirewalld-0.9.3-150400.8.12.1.src.rpmconfig(firewalld)firewalldfirewalld-prometheus-config  @    @/bin/sh/bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/python3config(firewalld)coreutilsdiffutilsebtablesfillupgrepipsetiptableslogrotatenftablespython3-firewallpython3-gobjectpython3-nftablesrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sysconfigsystemdsystemdsystemdsystemdtypelib(GObject)0.9.3-150400.8.12.10.9.33.0.4-14.6.0-14.0-15.2-14.14.3dD@cGby@bA@b1@b!@`m`@``2@_/@_[f_X_R,@_9_3^%@^d@^9\]p]@]4@]4@]v>\\\@\s\Z@\73[ā@[[@[[@[[qr[m~@[h8@[?YZz@Z3@ZZ@Zs@Zp^@Zk@Z;@Z@ZOZ@Zr@Z }Z ,@ZY6@XXXEVX)@X2@WiW@W{@WrfWj}WXWM|W,@W#LWV޾VՄ@V2V@V@VHmohd.saquib@suse.commohd.saquib@suse.comsflees@suse.dewitold.bedyk@suse.commrostecki@suse.commwilck@suse.commrostecki@suse.commrostecki@suse.commrostecki@suse.comrfrohl@suse.commrostecki@suse.comfbui@suse.commrostecki@suse.comcallumjfarmer13@gmail.comdmueller@suse.commrostecki@suse.comMathias.Homann@opensuse.orghpj@urpla.netbjorn.lie@gmail.comngompa13@gmail.comMathias.Homann@opensuse.orgMathias.Homann@opensuse.orgMathias.Homann@opensuse.orgmrostecki@opensuse.orgmrostecki@opensuse.orgdimstar@opensuse.orgdimstar@opensuse.orgmrostecki@opensuse.orgmrostecki@opensuse.orgmrostecki@suse.demchandras@suse.demchandras@suse.deluizluca@gmail.commchandras@suse.demchandras@suse.deluc14n0@linuxmail.orgmchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.desbrabec@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dedimstar@opensuse.orgmchandras@suse.derbrown@suse.commpluskal@suse.commchandras@suse.demchandras@suse.dempluskal@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejengelh@inai.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejslaby@suse.commchandras@suse.de- Fix firewalld does not longer understand IPv4 network masks of type `255.255.255.0` Added following patch (boo#1212974) [+ 0004-fix_rich_source_address_with_netmask.patch]- Fix firewall-offline-cmd fails with ERROR: Calling pre func Added following patch (bsc#1206928) [+ 0003-firewall-offline-cmd-fail-fix.patch]- Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) * feature-upstream-new-check-config-1.patch * feature-upstream-new-check-config-2.patch- Provide dummy firewalld-prometheus-config package (bsc#1197042)- Add patch which fixes the zone configuration (bsc#1191837) * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch- Fix modprobe.d directory for SLE15 SP3 - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)- Remove dependency on firewalld from firewall-macros (bsc#1183404)- Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option. * 0002-Disable-FlushAllOnReload-option.patch- Update to 0.9.3 (jsc#SLE-17336): * docs(dbus): fix invalid method names * fix(forward): iptables: ipset used as zone source * fix(rich): non-printable characters removed from rich rules * docs(firewall-cmd): small description grammar fix * fix(rich): limit table to strip non-printables to C0 and C1 * fix(zone): add source with mac address- Add dependency for firewall-offline-cmd (bsc#1180883)- Remove the patch which enforces usage of iptables instead of nftables (jsc#SLE-16300): * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Add firewalld zone for the docker0 interface. This is the workaround for lack of nftables support in docker. Without that additional zone, containers have no Internet connectivity. (rhbz#1817022, jsc#SLE-16300) - Update to 0.9.1: * Bugfixes: * docs(firewall-cmd): clarify lockdown whitelist command paths * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active * fix(policy): zone interface/source changes should affect all using zone- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- Add python3-nftables as a requirement.- update to 0.9.0: * New major features * prevention of Zone Drifting * Intra Zone Forwarding * Policy Objects * For a full list of changes, see https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0- update to 0.8.3: * nftables: convert to libnftables JSON interface * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. * allow custom helpers using standard helper modules (rhbz 1733066) * testsuite is now shipped in the dist tarball * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting * fix: add logrotate policy * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: ipset types using “port” * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify –set-target values “default” vs “reject” * fix: update dynamic DCE RPC ports in freeipa-trust service * fix: nftables: ipset: port ranges for non-default protocols * fix(systemd): Conflict with nftables.service * fix(direct): rule in a zone chain * fix(client): addService needs to reduce tuple size * fix(doc): dbus: signatures for zone tuple based APIs * fix(config): bool values in dict based import/export * fix(dbus): service: don’t cleanup config for old set APIs * fix(ipset): flush the set if IndividiualCalls=yes * fix(firewall-offline-cmd): remove instances of “[P]” in help text * fix(rich): source mac with nftables backend * docs: replace occurrences of the term blacklist with denylist * fix: core: rich: Catch ValueError on non-numeric priority values * docs(README): add libxslt for doc generation * fix(cli): add –zone is an invalid option with –direct * fix(cli): add ipset type hash:mac is incompatible with the family parameter- Update to version 0.7.5 (jsc#SLE-12281): * release: v0.7.5 * chore(translation): merge from master * fix(cli): add ipset type hash:mac is incompatible with the family parameter Fixes: rhbz1541077 * test(rhbz1483921): better test name * fix(cli): add --zone is an invalid option with --direct * fix: core: rich: Catch ValueError on non-numeric priority values * fix: update dynamic DCE RPC ports in freeipa-trust service * docs: replace occurrences of the term blacklist with denylist * docs(README): add libxslt for doc generation * test(rich): source mac with nftables backend * fix(firewall-offline-cmd): remove instances of "[P]" in help text * test(check-container): add support for centos8 stream * test(functions): use IndividualCalls if host doesn't support nft rule index * test(functions): add macro IF_HOST_SUPPORTS_NFT_RULE_INDEX * test(dbus): better way to check IPv6_rpfilter expected value * fix(ipset): flush the set if IndividiualCalls=yes * test(ipv6): skip square bracket address tests if ipv6 not available * test(gh509): only run test for nftables backend * fix(dbus): service: don't cleanup config for old set APIs * fix(config): bool values in dict based import/export * fix(doc): dbus: signatures for zone tuple based APIs * test(dbus): zone: fix zone runtime functional test title * test(dbus): zone: fix false failure due to list order * fix(client): addService needs to reduce tuple size * test(direct): rule in a zone chain * fix(direct): rule in a zone chain * test(dbus): zone: verify runtime config APIs * test(dbus): zone: verify permanent config APIs * fix(systemd): Conflict with nftables.service * fix: test/regression/gh599: use expr to be more portable * test: dbus: zone: verify runtime config API signatures * test: dbus: zone: verify permanent config API signatures * fix: test/regression/gh599: fix if not using debug output * test: log: verify logging still works after truncate * test: ipset: verify port ranges for non-default protocol- Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/*.at changes * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject"- Update to version 0.7.3: * release: v0.7.3 * chore: update translations * doc: README: add note about integration tests * test: check-container: also run check-integration * test: integration: NM zone overrides interface on reload * test: build: support integration tests * test: functions: add macro NMCLI_CHECK * test: functions: new macros for starting/stopping NetworkManager * fix: test: leave "cleanup" for tests cases * test: check-container: add support for fedora rawhide * test: check-container: add support for debian sid * test: build: add support for running in containers * fix: test/functions: FWD_END_TEST: improve grep for errors/warnings * fix: test: direct passthrough: no need to check for dummy module * fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version * fix: reload: let NM interface assignments override permanent config * chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES * fix: tests: convert host ipv6 checks to runtime * fix: tests: convert ip6tables checks to runtime * fix: tests: convert probe of nft numeric args to runtime * fix: tests: convert nftables fib checks to runtime * fix: build: distribute testsuite * fix: don't probe for available kernel modules * fix: failure to load modules no longer fatal * fix: tests/functions: canonicalize XML output * chore: doc: update authors * fix: test: use debug output based on autotest variable * fix: src/tests/Makefile: distclean should clean atconfig- No longer recommend -lang: supplements are in use.- Replace incorrect usage of %_libexecdir with %_prefix/lib- rebased the original patch from revision 19- Added a patch to make iptables the default again on openSUSE- Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4- Update to version 0.7.1: * Rich Rule Priorities * Service Definition Includes - Service definitions can now include lines like: which will include all the ports, etc from the https service. * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in firewalld.conf is available. It does filtering based on RFC3964 in regards to IPv4 addresses. This functionality was traditionally in network-scripts. * FlushAllOnReload - A new option FlushAllOnReload in firewalld.conf is available. Older release retained some settings (direct rules, interface to zone assignments) during a - -reload. With the introduction of this configuration option that is no longer the case. Old behavior can be restored by setting FlushAllOnReload=no. * 15 new service definitions * fix: firewall-offline-cmd: service: use dict based APIs * fix: client: service: use dict based dbus APIs * test: dbus: coverage for new service APIs * fix: dbus: new dict based APIs for services * test: dbus: service API coverage * test: functions: add macro DBUS_INTROSPECT * test: functions: add CHOMP macro for shell output * fix: tests/functions: use gdbus instead of dbus-send * fix: dbus: add missing APIs for service includes - Remove patch for using iptables instead of nftables - we should finally switch to nftables and fix its issues properly if they occur again: * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Remove patch which was released upstream: * 0002-Add-FlushAllOnReload-config-option.patch- Update to version 0.6.4: * chore: update translations * treewide: fix over indentation (flake8 E117) * test: travis: add another test matrix for omitting ip6tables * chore: travis: split test matrix by keywords * chore: tests: add AT_KEYWORDS for firewall-offline-cmd * improvement: tests: Use AT_KEYWORDS for backends * fix: tests: guard occurrences of IPv6 * fix: tests/functions: ignore warnings about missing ip6tables * test: add macro IF_IPV6_SUPPORTED- Move RPM macros to %_rpmmacrodir.- Revert last change: the macros DO reference firewall-cmd, but as they are expanded during build time of the package, not at runtime, the point in time is wrong to require firewalld. The consumer of the macro is responsible to ask for the right commands to be present at runtime of the scripts (boo#1125775#c9).- Add dependency between firewall-macros and firewalld. (boo#1125775)- Fix --with-ifcfgdir configure parameter. (boo#1124212)- Add upstream patch to make --reload/--complete-reload forget the runtime configuration and always load the permanent one (bsc#1121277) * 0002-Add-FlushAllOnReload-config-option.patch- Update to 0.6.3. Some of the changes are: * update translations * nftables: fix reject statement in "block" zone * shell-completion: bash: don't check firewalld state * firewalld: fix --runtime-to-permanent if NM not in use. * firewall-cmd: sort --list-protocols output * firewall-cmd: sort --list-services output * command: sort services/protocols in --list-all output * services: add audit * nftables: fix rich rule log/audit being added to wrong chain * nftables: fix destination checks not allowing masks * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361) * fw_zone: expose _ipset_match_flags() * tests/firewall-cmd: exercise multiple interfaces and zones * fw_transaction: On clear zone transaction, must clear fw and other zones * Fix translating labels (gh#firewalld/firewalld#392) - Remove patches which have made it upstream: * 0001-Fix-translating-labels-392.patch * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch- Add upstream patch to mark more strings as translatable which is required by firewall UI when creating rich rules (bsc#1096542) * 0001-Fix-translating-labels-392.patch- Add upstream patch to fix rich rules that uses ipset (bsc#1104990) * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch- Update to 0.6.2. Some of the changes are: * update translations * nftables: fix log-denied with values other than "all" or "off" * fw_ipset: raise FirewallError if backend command fails * ipset: only use "-exist" on restore * fw_ipset: fix duplicate add of ipset entries * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) * ipXtables: increase wait lock to 10s * nftables: fix rich rules ports/protocols/source ports not considering ct state * ports: allow querying a single added by range * fw_zone: do not change rich rule errors into warnings * fw_zone: fix services with multiple destination IP versions (bsc#1105899) * fw_zone: consider destination for protocols * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) * fw: If direct rules fail to apply add a "Direct" label to error msg * fw: if startup fails on reload, reapply non-perm config that survives reload * nftables: fix rich rule audit log * ebtables: replace RETURN policy with explicit RETURN at end of chain * direct backends: allow build_chain() to build multiple rules * fw: if failure occurs during startup set state to FAILED * fw: on restart set policy from same function * ebtables: drop support for broute table - Remove upstream patches * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch * firewalld-fix-firewalld-config-crash.patch- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821) * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch - Add upstream patch to fix building rules for multiple IP families (bsc#1105899) * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch- Add firewalld-fix-firewalld-config-crash.patch: set nm_get_zone_of_connection to return 'None' instead of 'False' for automatically generated connections to avoid firewall-config crashes. Patch provided by upstream (boo#1106319, gh#firewalld/firewalld#370).- Also switch firewall backend fallback to 'iptables' (bsc#1102761) This ensures that existing configuration files will keep working even if FirewallBackend option is missing. * 0001-firewall-backend-Switch-default-backend-to-iptables.patch- Update to 0.6.1. Some of the changes are: * Correct source/destination in rich rule masquerade * Only modify ifcfg files for permanent configuration changes * Fix a backtrace when calling common_reverse_rule() * man firewalld.conf: Show nftables is the default FirewallBackend * firewall-config: fix some untranslated strings that caused a UI bug causing rich rules to not be modify-able (bsc#1096542) * fw_direct: avoid log for untracked passthrough queries * fixed many issues if iptables is actually iptables-nft * Use preferred location for AppData files * ipXtables: fix ICMP block inversion with set-log-denied * fixes ICMP block inversion with set-log-denied with IndividualCalls=yes * nftables: fix set-log-denied if target is not ACCEPT * fw_direct: strip _direct chain suffix if using nftables * NetworkManager integration bugfixes.- Switch back to 'iptables' backend as default (bsc#1102761)- Update to 0.6.0. Some of the changes are: * update translations * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) * IPv6 rpfilter: explicitly allow neighbor solicitation * nftables backend (default) * Added loads of new services * firewall-cmd: add --check-config option * firewall-offline-cmd: add --check-config option * firewallctl: completely remove all code and references * dbus: expose FirewallBackend * dbus: fix erroneous fallback for AutomaticHelpers - Remove patches which have made it upstream * firewalld-add-additional-services.patch - spec-cleaner fixes- Update to 0.5.3 (bsc#1093120) * tests/regression: add test for ipset with timeout * ipset: allow adding entries to ipsets with timeout * translations: update * helpers: load helper module explicitly if no port given * helpers: nf_conntrack_proto-* helpers needs name cropped * config/Makefile: correct name of proto-gre helper * tests/regression: test helper nf_conntrack_proto_gre (#263) * functions: get_nf_nat_helpers() should look in other directories too * functions: Allow nf_conntrack_proto_* helpers * services: Add GRE * helpers: Add proto-gre * tests/regression: add test to verify ICMP block in forward chain * ipXtables: fix ICMP block not being present in FORWARD chain- Translations update (bsc#1081623).- Backport upstream patches to add additional services (bsc#1082033) * firewalld-add-additional-services.patch- Update to 0.5.2 * fix rule deduplication causing accidental removal of rules * log failure to parse direct rules xml as an error * firewall-config: Break infinite loop when firewalld is not running * fix set-log-denied not taking effect * po: update translations- Remove high-availability service. SUSE HA uses the cluster service provided by the yast2-cluster package (bsc#1078223)- Update to 0.5.1 * ipXtables: fix iptables-restore wait option detection * python3: use "foo in dict" not dict.has_key(foo) * Fix potential python3 keys() incompatibility in watcher * Fixed python3 compatibility * ebtables: fix missing default value to set_rule() * fw_zone: fix invalid reference to __icmp_block_inversion * zones: Correct and defer check_name for combined zones- Update to 0.5.0 * firewallctl: mark deprecated (gh#firewalld/firewalld##261) * Add nmea-0183 service * Add sycthing-gui service * Add syncthing service * Adding FirewallD jenkins service (gh#firewalld/firewalld#256) * services/high-availability: Add port 9929 * Fix and improve firewalld-sysctls.conf * firewalld: also reload dbus config interface for global options * Add MongoDB service definition * src: firewall: Add support for SUSE ifcfg scripts * Add UPnP client service * firewalld: Allow specifying log file location * firewalld/firewall-offline-cmd: Allow setting system config directories - Drop obsolete patch * 0001-suse-ifcfg-files.patch - Drop tests installation- Introduce new python3-firewall and firewall-macros subpackages. The first one contains the firewalld python3 bindings and the second one contains the RPM macros for firewalld.- Replace dbus-1-python requires with dbus-1-python3: since firewalld was migrated to python3, we also have to require the python3 dependencies (boo#1070310).- Add missing python3-gobject-Gdk dependency (boo#1069952)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Make sure to use python3 everywhere (boo#1068778)- Add combined upstream patch to support SUSE ifcfg network files. * 0001-suse-ifcfg-files.patch (gh#firewalld/firewalld#262, fate#323460)- Update to version 0.4.4.6 * firewall.core.fw_config: Fix check for icmp builtin name * config.services: docker-swarm: fix incorrect attribute * xmlschema/service.xsd: Fix protocol looking for name instead of value * Add docker swarm service (gh#firewalld/firewalld#230) * Adding FirewallD redis service (gh#firewalld/firewalld#248) * Adding firewalld zabbix server and agent services (gh#firewalld/firewalld#221) * firewall-offline-cmd: Don't require root for help output * doc: firewall-cmd: Document --query-* options return codes * firewall-cmd: Use colors only if output is a TTY * core: Log unsupported ICMP types as informational only * add bgp service to predefined services edit to config/Makefile.am * Add git service * Add kprop service * minidlna definitions (gh#firewalld/firewalld#236) * SpiderOak ONE listens on port 21327 and 21328 * autogen.sh: Allow skipping configure via NOCONFIGURE env var * Add missing ports to RH-Satellite-6 service * Reload nf_conntrack sysctls after the module is loaded * Add NFSv3 service. * config/Makefile.am: Add murmur service (a95eed1) * add new service IRC * firewall.core.prog: Simplify runProg output: Combine stderr and stdout * firewall.core.fw: Fix possible dict size change in for loop * firewall.core.fw: Use new firewalld git repo in firewalld organization * config/firewall-config.appdata.xml.in: Use new firewalld git repo in firewalld organization * firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting family * firewall.core.rich: Add checks for Rich_Source validation * Handle also IPv6 with the zone masquerade flag * Add IPv6 support for forward-ports in zones * firewall.command: Enable parse_forward_port to work with IPv6 adresses * firewall.core.fw_zone: Fix IPv6 address in rich rule forward ports * add Murmur (Mumble server) service - spec file fixes to avoid rpmlint warnings about duplicate files.- Switch to python3 - Run spec cleaner - Move autogen to build section - Add systemd requirements- Update to version 0.4.4.5 * firewall-offline-cmd: Fix --remove-service-from-zone option (rh#1438127) * Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules * firewall-cmd: Fix --{set,get}-{short,description} for zone * firewall.core.ipXtables: Use new wait option for restore commands if available * Adding ovirt-vmconsole service file * Adding oVirt storage-console service. * Adding ctdb service file. * Adding service file for nrpe. * Rename extension for policy choices (server and desktop) to .policy.choice (rh#1449754) * D-Bus interfaces: Fix GetAll for interfaces without properties (rh#1452017) * firewall.core.fw_config: Fix wrong variable use in repr output * firewall.core.fw_icmptype: Add missing import for copy * firewall.core.fw_test: Fix wrong format string in repr * firewall.core.io.zone: Fix getattr use on super(Zone) * firewall.functions: New function get_nf_nat_helpers * firewall.core.fw: Get NAT helpers and store them internally. * firewall.core.fw_zone: Load NAT helpers with conntrack helpers * firewalld.dbus: Add missing properties nf_conntrach_helper_setting and nf_conntrack_helpers * firewall.server.firewalld: New property for NAT helpers supported by the kernel- Update to version 0.4.4.4 * Drop references to fedorahosted.org from spec file and Makefile.am * firewall-config: Show invalid ipset type in the ipset dialog in the bad label * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env * firewall.server.firewalld: Provide information about the supported icmp types * firewall.core.fw_icmptype: Add ICMP type only if the type is supported * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types * firewall.core.ipXtables: New method supported_icmp_types * firewall-config: Deactivate edit buttons if there are no items * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594) * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions - Remove upstream patch: * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch- Update to version 0.4.4.3 * New service freeipa-trust (rh#1411650) * Complete icmp types for IPv4 and IPv6 * New h323 helper container * Support helper container: h323 * firewall.server.decorators: ALREADY_ errors should be logged as warnings * firewall.command: ALREADY_SET should also result in zero exit code * tests/firewall-offline-cmd_test.sh: Only use firewall-offline-cmd * Support more ipset types: hash:ip,port, hash:ip,port,ip, hash:ip,port,net, hash:ip,mark, hash:net,net, hash:net,port, hash:net,port,net, hash:net,iface * New checks for ipset entry validation * Use ipset dimension for match * firewall.core.base: New ZONE_SOURCE_IPSET_TYPES list * New firewall.core.icmp providing names and types for icmp and icmpv6 values * firewall.core.fw_ipset: New methods to get ipset dimension and applied state * firewall.errors: New error NOT_APPLIED * firewall-cmd man page: Add missing --get-ipset-types * firewall.core.fw_nm: No trace back on failed get_connection call (rh#1413345) * firewall.core.prog: Fix addition of the error output in runProg * Speed up ipset handling, (re)loading and import from file * Support --family option for --new-ipset * Handle FirewallError for query sequences in command line tools * Fail to alter entries of ipsets with timeout * Extended tests for ipset options * Return empty list for ipsets using timeouts * firewall.functions: Fix checks in checkIPnMask and checkIP6nMask (gh#t-woerner/firewalld#186) * firewalld.conf man page: New section about AutomaticHelpers * firewall-offline-cmd man page: Added -v and -q options, fixed section ids * firewall{-cmd, ctl}: Fix scope of final return in try_set_zone_of_interface * firewall.core.fw_zone: Limit masquerading forward rule to new connections * firewall-config: Update active zones on reloaded signal * firewall-applet: Update active zones and tooltip on reloaded signal * firewall.core.fw_zone: Fix missing chain for helper in rich rules using service (rh#1416578) * Support icmp-type usage in rich rules (rh#1409544) * firewall[-offline]-cmd: Fix --{set,get}-{short,description} for ipset and helper (rh#1416325) * firewall.core.ipset: Solve ipset creation issues with -exist and more flag tests * Speed up start and restart for ipsets with lots of entries (rh#1416817) * Speed up of ipset alteration by adding and removing entries using a file (rh#1416817) * Code cleanup and minor bug fixes * firewall.core.prog: Fix addition of the error output in runProg * New services mssql, kibana, elasticsearch, quassel, bitcoin-rpc, bitcoin-testnet-rpc, bitcoin-testnet, bitcoin and spideroak-lansync * Translation updates - Add upstream patch to fix ipset overloading from /etc/firewalld/ipsets (gh#t-woerner/firewalld#206) * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch- Update to version 0.4.4.2 * firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem * firewall.core.fw_nm: create NMClient lazily * Do not use hard-coded path for modinfo, use autofoo to detect it * firewall.core.io.ifcfg: Dropped invalid option warning with bad format string * firewall.core.io.ifcfg: Properly handle quoted ifcfg values * firewall.core.fw_zone: Do not reset ZONE with ifdown * Updated translations from zanata * firewall-config: Extra grid at bottom to visualize firewalld settings- Update to version 0.4.4.1 * Translation updates form zanata * firewallctl: New support for helpers * firewallctl: Use sys.excepthook to force exception_handler usage always * firewall-config: Use proper source check in sourceDialog- Update to version 0.4.4 * firewall-applet: Use PyQt5 * firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property * New helpers Q.931 and RAS from nf_conntrack_h323 * firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table * firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table * New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp * firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones * firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences * Misc bug fixes. * For the complete list of changes please see: https://github.com/t-woerner/firewalld/releases/tag/v0.4.4- Relax permissions for default installation files. The files in /usr/lib/firewalld are the default ones as shipped by the package and there is nothing secret in them.- Update to version 0.4.3.3 * Fixes CVE-2016-5410 (bsc#992772) * Standard error is now used for errors and warnings * Several fixes for use in change roots * Systemd service file changes * Fixed translations in firewall-config * Command line clients * Fixes infinite event handling loop in firewall-{config,applet} (bsc#992082)- Update to version 0.4.3.2 * Fix regression with unavailable optional commands * All missing backend messages should be warnings * Individual calls for missing restore commands * Only one authenticate call for add and remove options and also sequences * New service RH-Satellite-6- Update to version 0.4.3.1 * firewall.command: Fix python3 DBusException message not interable error * src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing * firewallctl: Do not trace back on list command without further arguments * firewallctl (man1): Added remaining sections zone, service, .. * firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting * firewall.server.config: Allow to set IndividualCalls property in config interface * Fix missing icmp rules for some zones * runProg: Fix issue with running programs * firewall-offline-cmd: Fix issues with missing system-config-firewall * firewall.core.ipXtables: Split up source and dest addresses for transaction * firewall.server.config: Log error in case of loading malformed files in watcher * Install and package the firewallctl man page * Translation updates- Update to version 0.4.3 * New firewallctl utility (rh#1147959) * doc.xml.seealso: Show firewalld.dbus in See Also sections * firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (rh#1339251) * {zone,service,ipset,icmptype}_writer: Do not fail on failed backup * firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd * firewall-cmd: Dropped duplicate setType call in --new-ipset * radius service: Support also tcp ports (RBZ#1219717) * xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources * config.xmlschema.service.xsd: Fix service destination conflicts (rh#1296573) * firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg * firewall.command: Only print summary and description in print_X_info with verbose * firewall.command: print_msg should be able to print empty lines * firewall-config: No processing of runtime passthroughs signals in permanent * Landspace.io fixes and pylint calm downs * firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes * firewall-config: Fixed titles of command and context dialogs, also entry lenths * firewall-config: pylint calm downs * firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit * firewall-config: Use self.active_zoens in conf_zone_added_cb * firewall.command: New parse_port, extended parse methods with more checks * firewall.command: Fixed parse_port to use the separator in the split call * firewall.command: New [de]activate_exception_handler, raise error in parse_X * services ha: Allow corosync-qnetd port * firewall-applet: Support for kde5-nm-connection-editor * tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications * firewall-offline-cmd: Use FirewallCommand for simplification and sequence options * tests/firewall-cmd_test.sh: New tests for service and icmptype modifications * firewall-cmd: Fixed set, remove and query destination options for services * firewall.core.io.service: Source ports have not been checked in _check_config * firewall.core.fw_zone: Method check_source_port is not used, removed * firewall.core.base: Added default to ZONE_TARGETS * firewall.client: Allow to remove ipv:address pair for service destinations * tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent * firewall-cmd: Landscape.io fixes, pylint calm downs * firewall-cmd: Use FirewallCommand for simplification and sequence options * firewall.command: New FirewallCommand for command line client simplification * New services: kshell, rsh, ganglia-master, ganglia-client * firewalld: Cleanup of unused imports, do not translate some deamon messages * firewalld: With fd close interation in runProg, it is not needed here anymore * firewall.core.prog: Add fd close iteration to runProg * firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function * firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib * firewall-config: New add/remove ipset entries from file, remove all entries * firewall-applet: Fix tooltip after applet start with connection to firewalld * firewall-config: Select new zone, service or icmptype if the view was empty * firewalld.spec: Added build requires for iptables, ebtables and ipset * Adding nf_conntrack_sip module to the service SIP * firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist * Drop unneeded python shebangs * Translation updates - Remove obsolete patches: * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch - Add missing %{?_smp_mflags} during install. This will speed up the installation phase as well as expose build system's problems due to higher level of parallelism. - Run make during %build to ensure missing documentation is generated. - spec file cleanups.- Add upstream patch to prevent unconditional dependencies to the NetworkManager typelib (gh#t-woerner/firewalld#119) * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch- Update to version 0.4.2 * New module to search for and change ifcfg files for interfaces not under control of NM * firewall_config: Enhanced messages in status bar * firewall-config: New message window as overlay if not connected * firewall-config: Fix sentivity of option, view menus and main paned if not connected * firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup * firewall-[offline]cmd: Show target in zone information * D-Bus: Completed masquerade methods in FirewallClientZoneSettings * Fixed log-denied rules for icmp-blocks * Keep sorting of interfaces, services, icmp-blocks and other settings in zones * Fixed runtime-to-permanent not to save interfaces under control of NM * New icmp-block-inversion flag in the zones * ICMP type filtering in the zones * New services: sip, sips, managesieve * rich rules: Allow destination action (rh#1163428) * firewall-offline-cmd: New option -q/--quiet * firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file * firewall-[offline-]cmd: Fix option for setting the destination address * firewall-config: Fixed resizing behaviour * New transaction model for speed ups in start, restart, stop and other actions * firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults * Fixed memory leak in dbus_introspection_add_properties * Landscape.io fixes, pylint calm downs * New D-Bus getXnames methods to speed up firewall-config and firewall-cmd * ebtables-restore: No support for COMMIT command * Source port support in services, zones and rich rules * firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets * firewall-config: New active bindings side bar for simple binding changes * Reworked NetworkManager module * Proper default zone handling for NM connections * Try to set zone binding with NM if interface is under control of NM * Code cleanup and bug fixes * Include test suite in the release and install in /usr/share/firewalld/tests * New Travis-CI configuration file * Fixed more broken frensh translations * Translation updates - Add upstream patches * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes unneeded python shebangs * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do not try to access the network-scripts ifcfg directory. - Drop rejected patch * drop-standard-output-error-systemd.patch - Minor spec file clean-up- Avoid runtime dependency on systemd, the macros can all deal with its absence.- Suggest the susefirewall2-to-firewalld package which could assist in migrating the SuSEFirewall2 iptables rules to FirewallD.- Update to version 0.4.1.2 * Install fw_nm module * firewalld: Do not fail if log file could not be opened * Make ipsets visible per default in firewall-config * Fixed translations with python3 [changes in 0.4.1.1] * Fix for broken frensh translation [changes in 0.4.1] * Enhancements of ipset handling * No cleanup of ipsets using timeouts while reloading * Only destroy conflicting ipsets * Only use ipset types supported by the system * Add and remove several ipset entries in one call using a file * Reduce time frame where builtin chains are on policy DROP while reloading * Include descriptions in --info-X calls * Command line interface support to get and alter descriptions of zones, * services, ipsets and icmptypes with permanent option * Properly watch changes in combined zones * Fix logging in rich rule forward rules * Transformed direct.passthrough errors into warnings * Rework of import structures * Reduced calls to get ids for port and protocol names (rh#1305434) * Build and installation fixes by Markos Chandras * Provide D-Bus properties in introspection data * Fix for flaws found by landscape.io * Fix for repeated SUGHUP * New NetworkManager module to get and set zones of connections, used in firewall-applet and firewall-config * configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset) * Code cleanups * Bug fixes - Fix drop-standard-output-error-systemd.patch tagging - Add libxslt-tools build dependency- Do not recommend a specific version for the lang subpackage- Move translations to a new subpackage- Set DISABLE_RESTART_ON_UPDATE to 'yes' instead of '1'. The macros in /etc/rpm/macros.systemd only check for the 'yes' value so fix it to properly prevent the firewalld service from being restarted during updates.- Drop typelib(NetworkManager), NetworkManager-glib, gtk3 and libnotify dependencies (see OBS SR#360792)- firewall-config needs typelib(NetworkManager) to run- Initial commit. Version 0.4.0 * drop-standard-output-error-systemd.patch (gh#t-woerner/firewalld/pull/67)/bin/sh/bin/sh/bin/sh/bin/shfirewalld-prometheus-configgoat21 1689251308  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-0.9.3-150400.8.12.10.9.3-150400.8.12.10.20.2     firewalldfirewalld.confhelpersicmptypesipsetslockdown-whitelist.xmlpoliciesserviceszonesfirewalldmodprobe.dfirewalld-sysctls.conffirewall-cmdfirewall-offline-cmdfirewalldhelpersQ.931.xmlRAS.xmlamanda.xmlftp.xmlh323.xmlirc.xmlnetbios-ns.xmlpptp.xmlproto-gre.xmlsane.xmlsip.xmlsnmp.xmltftp.xmlicmptypesaddress-unreachable.xmlbad-header.xmlbeyond-scope.xmlcommunication-prohibited.xmldestination-unreachable.xmlecho-reply.xmlecho-request.xmlfailed-policy.xmlfragmentation-needed.xmlhost-precedence-violation.xmlhost-prohibited.xmlhost-redirect.xmlhost-unknown.xmlhost-unreachable.xmlip-header-bad.xmlneighbour-advertisement.xmlneighbour-solicitation.xmlnetwork-prohibited.xmlnetwork-redirect.xmlnetwork-unknown.xmlnetwork-unreachable.xmlno-route.xmlpacket-too-big.xmlparameter-problem.xmlport-unreachable.xmlprecedence-cutoff.xmlprotocol-unreachable.xmlredirect.xmlreject-route.xmlrequired-option-missing.xmlrouter-advertisement.xmlrouter-solicitation.xmlsource-quench.xmlsource-route-failed.xmltime-exceeded.xmltimestamp-reply.xmltimestamp-request.xmltos-host-redirect.xmltos-host-unreachable.xmltos-network-redirect.xmltos-network-unreachable.xmlttl-zero-during-reassembly.xmlttl-zero-during-transit.xmlunknown-header-type.xmlunknown-option.xmlipsetsREADMEpoliciesallow-host-ipv6.xmlservicesRH-Satellite-6-capsule.xmlRH-Satellite-6.xmlamanda-client.xmlamanda-k5-client.xmlamqp.xmlamqps.xmlapcupsd.xmlaudit.xmlbacula-client.xmlbacula.xmlbb.xmlbgp.xmlbitcoin-rpc.xmlbitcoin-testnet-rpc.xmlbitcoin-testnet.xmlbitcoin.xmlbittorrent-lsd.xmlceph-mon.xmlceph.xmlcfengine.xmlcockpit.xmlcollectd.xmlcondor-collector.xmlctdb.xmldhcp.xmldhcpv6-client.xmldhcpv6.xmldistcc.xmldns-over-tls.xmldns.xmldocker-registry.xmldocker-swarm.xmldropbox-lansync.xmlelasticsearch.xmletcd-client.xmletcd-server.xmlfinger.xmlforeman-proxy.xmlforeman.xmlfreeipa-4.xmlfreeipa-ldap.xmlfreeipa-ldaps.xmlfreeipa-replication.xmlfreeipa-trust.xmlftp.xmlganglia-client.xmlganglia-master.xmlgit.xmlgrafana.xmlgre.xmlhttp.xmlhttps.xmlimap.xmlimaps.xmlipp-client.xmlipp.xmlipsec.xmlirc.xmlircs.xmliscsi-target.xmlisns.xmljenkins.xmlkadmin.xmlkdeconnect.xmlkerberos.xmlkibana.xmlklogin.xmlkpasswd.xmlkprop.xmlkshell.xmlkube-apiserver.xmlldap.xmlldaps.xmllibvirt-tls.xmllibvirt.xmllightning-network.xmlllmnr.xmlmanagesieve.xmlmatrix.xmlmdns.xmlmemcache.xmlminidlna.xmlmongodb.xmlmosh.xmlmountd.xmlmqtt-tls.xmlmqtt.xmlms-wbt.xmlmssql.xmlmurmur.xmlmysql.xmlnbd.xmlnfs.xmlnfs3.xmlnmea-0183.xmlnrpe.xmlntp.xmlnut.xmlopenvpn.xmlovirt-imageio.xmlovirt-storageconsole.xmlovirt-vmconsole.xmlplex.xmlpmcd.xmlpmproxy.xmlpmwebapi.xmlpmwebapis.xmlpop3.xmlpop3s.xmlpostgresql.xmlprivoxy.xmlprometheus.xmlproxy-dhcp.xmlptp.xmlpulseaudio.xmlpuppetmaster.xmlquassel.xmlradius.xmlrdp.xmlredis-sentinel.xmlredis.xmlrpc-bind.xmlrquotad.xmlrsh.xmlrsyncd.xmlrtsp.xmlsalt-master.xmlsamba-client.xmlsamba-dc.xmlsamba.xmlsane.xmlsip.xmlsips.xmlslp.xmlsmtp-submission.xmlsmtp.xmlsmtps.xmlsnmp.xmlsnmptrap.xmlspideroak-lansync.xmlspotify-sync.xmlsquid.xmlssdp.xmlssh.xmlsteam-streaming.xmlsvdrp.xmlsvn.xmlsyncthing-gui.xmlsyncthing.xmlsynergy.xmlsyslog-tls.xmlsyslog.xmltelnet.xmltentacle.xmltftp-client.xmltftp.xmltile38.xmltinc.xmltor-socks.xmltransmission-client.xmlupnp-client.xmlvdsm.xmlvnc-server.xmlwbem-http.xmlwbem-https.xmlwsman.xmlwsmans.xmlxdmcp.xmlxmpp-bosh.xmlxmpp-client.xmlxmpp-local.xmlxmpp-server.xmlzabbix-agent.xmlzabbix-server.xmlzonesblock.xmldmz.xmldocker.xmldrop.xmlexternal.xmlhome.xmlinternal.xmlpublic.xmltrusted.xmlwork.xmlfirewalld.servicefirewalldrcfirewalldcompletionsfirewall-cmddbus-1system.dFirewallD.conffirewalldREADMEsysconfig.firewalldfirewalldCOPYINGfirewall-cmd.1.gzfirewall-offline-cmd.1.gzfirewalld.1.gzfirewalld.conf.5.gzfirewalld.dbus.5.gzfirewalld.direct.5.gzfirewalld.helper.5.gzfirewalld.icmptype.5.gzfirewalld.ipset.5.gzfirewalld.lockdown-whitelist.5.gzfirewalld.policies.5.gzfirewalld.policy.5.gzfirewalld.richlanguage.5.gzfirewalld.service.5.gzfirewalld.zone.5.gzfirewalld.zones.5.gzpolkit-1actionsorg.fedoraproject.FirewallD1.desktop.policy.choiceorg.fedoraproject.FirewallD1.policyorg.fedoraproject.FirewallD1.server.policy.choicesite-functions_firewalld/etc//etc/firewalld//etc/logrotate.d//lib//lib/modprobe.d//usr/bin//usr/lib//usr/lib/firewalld//usr/lib/firewalld/helpers//usr/lib/firewalld/icmptypes//usr/lib/firewalld/ipsets//usr/lib/firewalld/policies//usr/lib/firewalld/services//usr/lib/firewalld/zones//usr/lib/systemd/system//usr/sbin//usr/share/bash-completion//usr/share/bash-completion/completions//usr/share//usr/share/dbus-1//usr/share/dbus-1/system.d//usr/share/doc/packages//usr/share/doc/packages/firewalld//usr/share/fillup-templates//usr/share/licenses//usr/share/licenses/firewalld//usr/share/man/man1//usr/share/man/man5//usr/share/polkit-1//usr/share/polkit-1/actions//usr/share/zsh//usr/share/zsh/site-functions/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:29798/SUSE_SLE-15-SP4_Update/51c12b89f485962de6a3978421f43c04-firewalld.SUSE_SLE-15-SP4_Updatedrpmxz5noarch-suse-linuxdirectoryASCII textXML 1.0 document, ASCII textPython script, ASCII text executableXML 1.0 document, ASCII text, with very long linestroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)ASCII text, with very long linesRRRRRHWCs;SXQ# Migration of modprobe.conf files to _modprobedir for _f in firewalld-sysctls.conf; do [ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \ mv -fv "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}" || : done/bin/shsusefirewall2-to-firewalldutf-8dcfffc1372243e1f0fed5ea9792409153e633b21df3cf1d25acf8fe43e8dde62? 7zXZ !t/'&]"k%Yskӆ 8XR 49y_8 ""] T,ԧ;aK0}h@ N9Ř'>t{v~.L壭 咉\BjY#j#Ck?=FMTL~7pa0:ń*3ዩ!SNL|oFSrZvGqWSr!P% gi sP$fjΐLo$;=?@^Ou$jsqk+{7X)'/D/eH!ŭ' k\\ПJg |bsBDXxdfW#:j^ Q;2*#-w +lcp6Fx1qIeꮹt2/oL 2a7kwKObwXUV_TM ndU3YJdaӑQE13Xnt0)7A[Hf["`Jojrp`Ֆ O+ -, ,bOFhd>0 Ưs!?9}skSy½X+O\׆hO)4+[L"Uw*i31 T0?y1yPljҕ/-h^]v?DYb.YE_˂jd+ZOj#H݇4uKꀡ@7 ZSDT~1+JZ$Yѹ__#G0Qc3g# 7؃aV1lo_dP'fG.QZ7aa]Ì*|k*ao|PH R(N/ Y [ WE i? 77"})BUi]( N`HLZ}{.%թZ]j!MXkHáZ'_4 %BSឣ"r 'Yڸe%|$U.Ɏ&R1' ~rI3VșFK"Rkմ v^DaoD<-K~gfJI84 z] /WDEJޏ"ʶ" :mK`]OKVGx@#: IƷVUsk8"$y4(F 'm_Mk+tvΔGwC:|&nn'1lPL`↝:4Č E A/PXi]/~d4ɉ^Vb,:(foFIYi}nm a~~ɿ4q|HҪdؐCZ@@H:(UDA^w˄l` _yXY-qdQ(7@OipT|Xt0ެ1\ m` QRR<v'l4)-F1+r@~ͬBVQ4 P֧tew cv ;OVfsc dA%sr@hNYfe"EicRCm__يE=Y7s7u&сVtb0zfLX|BBi(:A7&kMCޟ Tި 1ЍIB rI[@DvJq|ub:geU8By;cpF4N[Ll  YZ