]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add configuration option for new nftables firewall
[pve-firewall.git] / debian / changelog
CommitLineData
372869e0
WB		 1pve-firewall (5.0.3) bookworm; urgency=medium
2
3 * fix resolution of scoped aliases in ipsets
4
5 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2023 10:39:28 +0200
6
0d28aa2a
TL		 7pve-firewall (5.0.2) bookworm; urgency=medium
8
9 * fix #4556: api: return scoped IPSets and aliases
10
11 -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:17:19 +0200
12
35542089
WB		 13pve-firewall (5.0.1) bookworm; urgency=medium
14
15 * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets
16
17 -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 16:06:10 +0200
18
97f2bc6c
TL		 19pve-firewall (5.0.0) bookworm; urgency=medium
20
21 * switch to native versioning scheme
22
23 * build for Proxmox VE 8 / Debian 12 Bookworm
24
25 -- Proxmox Support Team <support@proxmox.com> Mon, 22 May 2023 14:43:58 +0200
26
d3bf672b
TL		 27pve-firewall (4.3-2) bullseye; urgency=medium
28
29 * fix variables declared in conditional statement
30
31 * fix #4730: add safeguards to prevent ICMP type misuse
32
33 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 11:17:58 +0200
34
4fffdd36 35pve-firewall (4.3-1) bullseye; urgency=medium
23b3e816 36
e3d08ca1 37 * allow entering IP address with the host bits (those inside the mask) not
23b3e816
TL		 38 being all zero non-zero, like 192.168.1.155/24 for example.
39
40 * api: firewall logger: add optional parameters `since` and `until` for
41 time-range filtering
42
43 * fix #4550: host options: add nf_conntrack_helpers to compensate that
44 kernel 6.1 and newer have removed the auto helpers
45
46 -- Proxmox Support Team <support@proxmox.com> Fri, 17 Mar 2023 15:24:56 +0100
47
b4577a25
TL		 48pve-firewall (4.2-7) bullseye; urgency=medium
49
50 * fix #4018: add firewall macro for SPICE proxy
51
52 * fix #4204: automatically update each usage of a group to the new ID when
53 it is renamed
54
55 * fix #4268: add 'force' parameter to delete IPSet with members
56
57 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 19:53:04 +0100
58
dd559e8a
TL		 59pve-firewall (4.2-6) bullseye; urgency=medium
60
61 * config defaults: document that the mac filter defaults to on
62
63 * fix #4175: ignore non-filter ebtables tables
64
65 * fix enabling ebtables if VM firewall config is invalid
66
67 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2022 09:43:53 +0200
68
fba392f2
TL		 69pve-firewall (4.2-5) bullseye; urgency=medium
70
71 * fix #3677 ipset get chains: handle newer ipset output for actual
72 change detection
73
74 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Nov 2021 16:37:13 +0100
75
bd63a439
TL		 76pve-firewall (4.2-4) bullseye; urgency=medium
77
78 * re-build to avoid issues stemming from semi-broken systemd-debhelper version
79
80 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Oct 2021 10:39:05 +0200
81
2a2b81b4
TL		 82pve-firewall (4.2-3) bullseye; urgency=medium
83
84 * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the
85 default drop and reject actions
86
87 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Sep 2021 13:00:07 +0200
88
dcdbb559
TL		 89pve-firewall (4.2-2) bullseye; urgency=medium
90
91 * re-set relevant sysctls on every apply round
92
93 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 11:31:42 +0200
94
ce9cfab8
TL		 95pve-firewall (4.2-1) bullseye; urgency=medium
96
97 * fix #967: source: dest: limit length
98
99 * re-build for Debian 11 Bullseye based releases (Proxmox VE 7)
100
101 * fix #2358: allow --<opt> in firewall rule config files
102
103 -- Proxmox Support Team <support@proxmox.com> Wed, 12 May 2021 20:32:30 +0200
104
8a4e5b69
TL		 105pve-firewall (4.1-3) pve; urgency=medium
106
107 * fix #2773: ebtables: keep policy of custom chains
108
109 * introduce new icmp-type parameter
110
111 -- Proxmox Support Team <support@proxmox.com> Fri, 18 Sep 2020 16:51:27 +0200
112
70718917
TL		 113pve-firewall (4.1-2) pve; urgency=medium
114
115 * revert: rules: verify referenced security group exists
116
117 -- Proxmox Support Team <support@proxmox.com> Wed, 06 May 2020 17:41:36 +0200
118
c5530455
TL		 119pve-firewall (4.1-1) pve; urgency=medium
120
121 * logging: add missing log message for inbound rules
122
123 * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP
124
125 * IPSets: parse the CIDR before checking for duplicates
126
127 * verify that a referenced security group exists
128
129 * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255'
130
131 * ICMP: allow one to specify the 'echo-reply' (0) type also as integer
132
133 * improve handling concurrent (parallel) access and modifications to rules
134
135 -- Proxmox Support Team <support@proxmox.com> Mon, 04 May 2020 15:01:57 +0200
136
56a47140
TL		 137pve-firewall (4.0-10) pve; urgency=medium
138
139 * macros: add macro for Proxmox Mail Gateway web interface
140
141 * api node: always pass cluster conf to node FW parser to fix false positive
142 error message about non existing aliases, or IP sets, when querying the
143 node FW options GET API call.
144
145 * grammar fix: s/does not exists/does not exist/g
146
147 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jan 2020 19:25:49 +0100
148
5162c268
TL		 149pve-firewall (4.0-9) pve; urgency=medium
150
151 * ensure port range used for offline storage migration and insecure migration
152 traffic is allowed by default rule set.
153
154 -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100
155
5ac03b1c
WB		 156pve-firewall (4.0-8) pve; urgency=medium
157
158 * increase default nf_conntrack_max to the kernel's default
159
160 * fix some "use of uninitialized value" warnings when updating CIDRs
161
162 * update schema documentation
163
164 * add explicit dependency on libpve-cluster-perl
165
166 * add support for "raw" tables
167
168 * add options for synflood protection for host firewall:
169 - nf_conntrack_tcp_timeout_syn_recv
170 - protection_synflood: boolean
171 - protection_synflood_rate: SYN rate limit (default 200 per second)
172 - protection_synflood_burst: SYN burst limit (default 1000)
173
174 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100
175
bd368955
FG		 176pve-firewall (4.0-7) pve; urgency=medium
177
178 * only add VM chains and rules if VM firewall is enabled
179
180 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
181
c8f3e1ee
TL		 182pve-firewall (4.0-6) pve; urgency=medium
183
184 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
185
186 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
187
6fc572dc
TL		 188pve-firewall (4.0-5) pve; urgency=medium
189
190 * don't use any base path at all for calls to external binaries to make use
191 compativle with bot, /usr merged and unmerged setups
192
193 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
194
b1379400
TL		 195pve-firewall (4.0-4) pve; urgency=medium
196
197 * ebtables: remove PVE chains properly
198
199 * ebtables: treat chain deletion as change
200
201 * use /usr/sbin as base path
202
203 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
204
9e01d77d
TL		 205pve-firewall (4.0-3) pve; urgency=medium
206
207 * Create corosync firewall rules independently of localnet~
208
209 * Display corosync rule info on localnet call
210
211 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
212
9429bd35
TL		 213pve-firewall (4.0-2) pve; urgency=medium
214
215 * fix systemd warning about PIDFile directory
216
217 * fix CT rule generation with ipfilter set
218
219 * pve-firewall service: update-alternative iptables and ebtables to working
220 legacy versions
221
222 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
223
6b9da9b0
TL		 224pve-firewall (4.0-1) pve; urgency=medium
225
226 * re-build for Debian Buster / PVE 6
227
228 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
229
dd7d737b
TL		 230pve-firewall (3.0-21) unstable; urgency=medium
231
232 * fix ipv6 PVEFW-reject
233
234 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
235 ebtables doing the wrong thing here
236
237 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
238
bbf77725
TL		 239pve-firewall (3.0-20) unstable; urgency=medium
240
241 * use IPCC to read config and rule files, if the are backed by pmxcfs which
242 has better handling for pmxcfs restarts
243
244 * fix #2178: endless loop on ipv6 extension headers
245
246 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
247
baba607a
TL		 248pve-firewall (3.0-19) unstable; urgency=medium
249
250 * ebtables: add arp filtering
251
252 * fix: #2123 Logging of user defined firewall rules
253
254 * fix Razor macro
255
256 * allow to enable/disable and modify cluster wide log ratelimits
257
258 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
259
d8ea08e3
TL		 260pve-firewall (3.0-18) unstable; urgency=medium
261
262 * fix #1606: Add nf_conntrack_allow_invalid option
263
264 * log reject : add space after policy REJECT like drop
265
266 * fix #1891: Add zsh command completion for pve-firewall
267
268 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
269
91d88bc5
TL		 270pve-firewall (3.0-17) unstable; urgency=medium
271
272 * fix #2005: only allow ascii port digits
273
274 * fix #2004: do not allow backwards ranges
275
276 * add conntrack logging via libnetfilter_conntrack and allow one to enable
277 it through the firewall host configuration
278
279 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
280
81d13a9d
TL		 281pve-firewall (3.0-16) unstable; urgency=medium
282
283 * api/rules: fix macro return type
284
285 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
286
bed701bc
TL		 287pve-firewall (3.0-15) unstable; urgency=medium
288
289 * fix #1971: display firewall rule properties
290
291 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
292
a24b157b
WB		 293pve-firewall (3.0-14) unstable; urgency=medium
294
295 * fix #1841: avoid ebtable reloads when containers have multiple network
296 interfaces
297
298 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
299
cf7dd94b
WB		 300pve-firewall (3.0-13) unstable; urgency=medium
301
302 * avoid unnecessary reloads of ebtable ruleset
303
304 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
305
dd03bf6e
WB		 306pve-firewall (3.0-12) unstable; urgency=medium
307
308 * fix deleted iptables chains not being properly detected as a change
309
310 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
311
587a0f20 312pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 313
314 * #1764: rename 'ebtales_enable' option to 'ebtables'
315
587a0f20 316 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 317
423b86ef
WB		 318pve-firewall (3.0-10) unstable; urgency=medium
319
320 * fix #1764: handle existing ebtables rules and allow disabling ebtables
321
322 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
323 ebtables_enable option.
324
325 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
326
567e58ce
WB		 327pve-firewall (3.0-9) unstable; urgency=medium
328
329 * fix creation of ebltables FORWARD rule entry
330
331 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
332
ea0d59ed
WB		 333pve-firewall (3.0-8) unstable; urgency=medium
334
335 * add ebtables support for better MAC filtering
336
337 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
338
9a19ec81
WB		 339pve-firewall (3.0-7) unstable; urgency=medium
340
341 * support distinct source and destination multi-port matching
342
343 * multi-port matching: when specifying the same list of ports for source and
344 destination require them both to match, rather than one of them, as this
345 was rather unexpected behavior
346
347 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
348
8c41d444
DM		 349pve-firewall (3.0-6) unstable; urgency=medium
350
351 * fix #1319: don't fail postinst with masked service
352
353 * debian: switch to compat 9, drop init scripts, drop preinst
354
355 * check multiport limit in port ranges
356
357 * build: use git rev-parse for GITVERSION
358
359 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
360
4299c35f
WB		 361pve-firewall (3.0-5) unstable; urgency=medium
362
363 * fix issue with disabled flag not being honored within groups
364
365 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
366
a19d4127
WB		 367pve-firewall (3.0-4) unstable; urgency=medium
368
369 * fix issues with ipsets reloading unnecessarily or too late
370
371 * fix some typos in the logs
372
373 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
374
c0c71b1b
WB		 375pve-firewall (3.0-3) unstable; urgency=medium
376
377 * Fix #1492: logger: use current timestamp if the packet doesn't have one
378
379 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
380
4f7a4bdd
WB		 381pve-firewall (3.0-2) unstable; urgency=medium
382
383 * Fix #1446: remove masks in case the package had previously been removed but
384 not purged.
385
386 * improve logging on errors in the firewall configuration
387
388 * forbid trailing commas in lists as iptables-restore doesn't support them
389
390 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
391
29a94c79
FG		 392pve-firewall (3.0-1) unstable; urgency=medium
393
394 * rebuild for Debian Stretch
395
396 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
397
df67a3dc
DM		 398pve-firewall (2.0-33) unstable; urgency=medium
399
400 * ipset: don't allow zero-prefix entries
401
402 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
403
dc643b4d
DM		 404pve-firewall (2.0-32) unstable; urgency=medium
405
406 * improve search for local-network
407
408 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
409
45f206fd
DM		 410pve-firewall (2.0-31) unstable; urgency=medium
411
412 * don't try to apply ports to rules which don't support them
413
414 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
415
2ea28d0c
DM		 416pve-firewall (2.0-30) unstable; urgency=medium
417
418 * add multicast DNS to the list of Macros
419
420 * add missing parameter descriptions
421
422 * build-depends: add dh-systemd
423
424 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
425
b65d13d9
DM		 426pve-firewall (2.0-29) unstable; urgency=medium
427
428 * prevent overwriting ipsets/sec. groups by renaming
429
430 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
431
d0f3bb08
DM		 432pve-firewall (2.0-28) unstable; urgency=medium
433
434 * use pve-common's ipv4_mask_hash_localnet
435
5c53cde4
DC		 436 * fix allowed group name length
437
438 * make group digest stable
439
d0f3bb08
DM		 440 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
441
76a57e1a
DM		 442pve-firewall (2.0-27) unstable; urgency=medium
443
444 * fix #972: make PVEFW-FWBR-* rule order stable
445
446 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
447
17642172
DM		 448pve-firewall (2.0-26) unstable; urgency=medium
449
450 * fix #988: set rp_filter=2
451
452 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
453
6e29af12
DM		 454pve-firewall (2.0-25) unstable; urgency=medium
455
456 * fix #945: add uninitialized check in lxc ipset compilation
457
458 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
459
edb4aff5
DM		 460pve-firewall (2.0-24) unstable; urgency=medium
461
462 * Build-Depend on pve-doc-generator
463
464 * generate manpage with pve-doc-generator
465
466 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
467
e1158c15
DM		 468pve-firewall (2.0-23) unstable; urgency=medium
469
470 * use only the top bit for our accept marks
471
472 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
473
5399f912
DM		 474pve-firewall (2.0-22) unstable; urgency=medium
475
476 * Use cfs_config_path from PVE::QemuConfig
477
478 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
479
b9e73915
DM		 480pve-firewall (2.0-21) unstable; urgency=medium
481
482 * added new 'ipfilter' option
483
484 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
485
e2a49003
DM		 486pve-firewall (2.0-20) unstable; urgency=medium
487
488 * fix 901: encode unicode characters in sha digest
489
490 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
491
1d10f89a
DM		 492pve-firewall (2.0-19) unstable; urgency=medium
493
494 * Add radv option to VM options
495
496 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
497
666093cd
DM		 498pve-firewall (2.0-18) unstable; urgency=medium
499
500 * Add ndp option to host and VM firewall options
501
502 * Add router-solicitation to NeighborDiscovery macro
503
504 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
505
eaf25885
DM		 506pve-firewall (2.0-17) unstable; urgency=medium
507
508 * Don't leave empty FW config files behind
509
510 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
511
a177fb07
DM		 512pve-firewall (2.0-16) unstable; urgency=medium
513
514 * logger: basic ipv6 support
515
516 * add DHCPv6 macro
517
518 * add dhcpv6 support to the dhcp option
519
520 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
521
ab1b8d3c
DM		 522pve-firewall (2.0-15) unstable; urgency=medium
523
524 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
525
526 * fix some regular expressions mixups
527
528 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
529
c9c8d7a3
DM		 530pve-firewall (2.0-14) unstable; urgency=medium
531
532 * fix systemd service dependencies
533
534 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
535
aa818ae7
DM		 536pve-firewall (2.0-13) unstable; urgency=medium
537
538 * allow numeric icmp types
539
540 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
541
8dbebe7d
DM		 542pve-firewall (2.0-12) unstable; urgency=medium
543
544 * implement bash completions
545
546 * convert pve-firewall into a PVE::Service class
547
548 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
549
47704f4c
DM		 550pve-firewall (2.0-11) unstable; urgency=medium
551
552 * iptables_get_chains: fix veth device name
553
554 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
555
9eb84dc7
DM		 556pve-firewall (2.0-10) unstable; urgency=medium
557
558 * new helper: clone_vmfw_conf()
559
560 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
561
a3d34dac
DM		 562pve-firewall (2.0-9) unstable; urgency=medium
563
564 * remove firewall config file subroutine added
565
566 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
567
2a42a237
DM		 568pve-firewall (2.0-8) unstable; urgency=medium
569
570 * adopt regresion tests for lxc containers
571
572 * removed firewall code for openVZ
573
574 * Subroutine verify_rule fixed to correctly check only for "net\d+"
575 interface device names
576
577 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
578
33448a6e
DM		 579pve-firewall (2.0-7) unstable; urgency=medium
580
581 * added firewall code for lxc
582
583 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
584
19f14465
DM		 585pve-firewall (2.0-6) unstable; urgency=medium
586
587 * firewall ipversion comparison fix
588
589 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
590
8feec9fa
DM		 591pve-firewall (2.0-5) unstable; urgency=medium
592
593 * add ipv6 neighbor discovery and solicitation macros
594
595 * ip6tables accepts both spellings of the word neighbor
596
597 * added Ceph macro
598
599 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
600
e02c77aa
DM		 601pve-firewall (2.0-4) unstable; urgency=medium
602
603 * include manual page for pve-firewall
604
605 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
606
eb4a2902
DM		 607pve-firewall (2.0-3) unstable; urgency=medium
608
609 * use noawait trigers for pve-api-updates
610
611 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
612
56bb2e69
DM		 613pve-firewall (2.0-2) unstable; urgency=medium
614
615 * trigger pve-api-updates event
616
617 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
618
0b18ebe8
DM		 619pve-firewall (2.0-1) unstable; urgency=medium
620
621 * recompile for debian jessie
622
623 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
624
609f00c7
DM		 625pve-firewall (1.0-18) unstable; urgency=low
626
627 * fix alias lookup
628
629 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
630
de48e659
DM		 631pve-firewall (1.0-17) unstable; urgency=low
632
633 * fix restart behavior
634
635 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
636
b92d2ed2
DM		 637pve-firewall (1.0-16) unstable; urgency=low
638
639 * use new Daemon class from pve-common
640
641 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
642
22dde8d6
DM		 643pve-firewall (1.0-15) unstable; urgency=low
644
645 * bug fix: load cluster conf for host rules
646
647 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
648
e33e2f16
DM		 649pve-firewall (1.0-14) unstable; urgency=low
650
651 * do not use ipset list chains
652
653 * remove preinst script (not needed anymore)
654
655 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
656
3bce273b
DM		 657pve-firewall (1.0-13) unstable; urgency=low
658
659 * fix ipset remove order
660
661 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
662
7a7c322c
DM		 663pve-firewall (1.0-12) unstable; urgency=low
664
665 * add preinst script to clear ipset from older installation (because
666 sets cannot be swapped if there type does not match.
ce41ae23 667
7a7c322c
DM		 668 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
669
1b918ee5
DM		 670pve-firewall (1.0-11) unstable; urgency=low
671
672 * bug fix: correctly set ipversion for aliases in verify_rule
673
674 * save restore commands into files to make debugging
675 easier (/var/lib/pve-firewall/)
676
677 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
678
df617cea
DM		 679pve-firewall (1.0-10) unstable; urgency=low
680
681 * add IPv6 support for VMs (hostfw is IPv4 only)
682
683 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
684
0ac57570
DM		 685pve-firewall (1.0-9) unstable; urgency=low
686
687 * fix max ipset name name length
688
689 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
690
05fd3b63
DM		 691pve-firewall (1.0-8) unstable; urgency=low
692
693 * implement permission
694
695 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
696
bea9d5ab
DM		 697pve-firewall (1.0-7) unstable; urgency=low
698
699 * proxy host rule API calls to correct node
a34cfdd0
DM		 700
701 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 702
703 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
704
582275c3
DM		 705pve-firewall (1.0-6) unstable; urgency=low
706
707 * ipmlement ipfilter ipsets
708
709 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
710
de0c1e49
DM		 711pve-firewall (1.0-5) unstable; urgency=low
712
713 * remove ipsets when firewall disabled
714
715 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
716
64c266f5
DM		 717pve-firewall (1.0-4) unstable; urgency=low
718
719 * depend on iptables and ipset
720
721 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
722
16bcfa8b
DM		 723pve-firewall (1.0-3) unstable; urgency=low
724
725 * change dh_installinit order (register pvefw-logger before pve-firewall)
726
727 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
728
ba0b3a0a
DM		 729pve-firewall (1.0-2) unstable; urgency=low
730
731 * add experimental nflog logging daemon
732
733 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
734
bb272dd3
DM		 735pve-firewall (1.0-1) unstable; urgency=low
736
737 * initial package
738
739 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
740
Firewall test scripts