]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 5.0.7
[pve-firewall.git] / debian / changelog
CommitLineData
4339ef15
TL		 1pve-firewall (5.0.7) bookworm; urgency=medium
2
3 * also signal force-disable nftables if FW is completely disabled
4
5 -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2024 10:30:16 +0200
6
c7134596
TL		 7pve-firewall (5.0.6) bookworm; urgency=medium
8
9 * add flag to signal the new nftables-based proxmox-firewall that it's
10 disabled without the need to parse the config
11
12 -- Proxmox Support Team <support@proxmox.com> Fri, 26 Apr 2024 17:19:50 +0200
13
29b48c38
TL		 14pve-firewall (5.0.5) bookworm; urgency=medium
15
16 * simulator: adapt to more flexible bridge naming scheme
17
18 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Apr 2024 13:11:43 +0200
19
50af7e09
TL		 20pve-firewall (5.0.4) bookworm; urgency=medium
21
22 * fix #5335: stable sorting in cluster.fw
23
24 * add configuration option for new nftables firewall tech-preview
25
26 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2024 20:04:09 +0200
27
372869e0
WB		 28pve-firewall (5.0.3) bookworm; urgency=medium
29
30 * fix resolution of scoped aliases in ipsets
31
32 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2023 10:39:28 +0200
33
0d28aa2a
TL		 34pve-firewall (5.0.2) bookworm; urgency=medium
35
36 * fix #4556: api: return scoped IPSets and aliases
37
38 -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:17:19 +0200
39
35542089
WB		 40pve-firewall (5.0.1) bookworm; urgency=medium
41
42 * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets
43
44 -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 16:06:10 +0200
45
97f2bc6c
TL		 46pve-firewall (5.0.0) bookworm; urgency=medium
47
48 * switch to native versioning scheme
49
50 * build for Proxmox VE 8 / Debian 12 Bookworm
51
52 -- Proxmox Support Team <support@proxmox.com> Mon, 22 May 2023 14:43:58 +0200
53
d3bf672b
TL		 54pve-firewall (4.3-2) bullseye; urgency=medium
55
56 * fix variables declared in conditional statement
57
58 * fix #4730: add safeguards to prevent ICMP type misuse
59
60 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 11:17:58 +0200
61
4fffdd36 62pve-firewall (4.3-1) bullseye; urgency=medium
23b3e816 63
e3d08ca1 64 * allow entering IP address with the host bits (those inside the mask) not
23b3e816
TL		 65 being all zero non-zero, like 192.168.1.155/24 for example.
66
67 * api: firewall logger: add optional parameters `since` and `until` for
68 time-range filtering
69
70 * fix #4550: host options: add nf_conntrack_helpers to compensate that
71 kernel 6.1 and newer have removed the auto helpers
72
73 -- Proxmox Support Team <support@proxmox.com> Fri, 17 Mar 2023 15:24:56 +0100
74
b4577a25
TL		 75pve-firewall (4.2-7) bullseye; urgency=medium
76
77 * fix #4018: add firewall macro for SPICE proxy
78
79 * fix #4204: automatically update each usage of a group to the new ID when
80 it is renamed
81
82 * fix #4268: add 'force' parameter to delete IPSet with members
83
84 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 19:53:04 +0100
85
dd559e8a
TL		 86pve-firewall (4.2-6) bullseye; urgency=medium
87
88 * config defaults: document that the mac filter defaults to on
89
90 * fix #4175: ignore non-filter ebtables tables
91
92 * fix enabling ebtables if VM firewall config is invalid
93
94 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2022 09:43:53 +0200
95
fba392f2
TL		 96pve-firewall (4.2-5) bullseye; urgency=medium
97
98 * fix #3677 ipset get chains: handle newer ipset output for actual
99 change detection
100
101 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Nov 2021 16:37:13 +0100
102
bd63a439
TL		 103pve-firewall (4.2-4) bullseye; urgency=medium
104
105 * re-build to avoid issues stemming from semi-broken systemd-debhelper version
106
107 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Oct 2021 10:39:05 +0200
108
2a2b81b4
TL		 109pve-firewall (4.2-3) bullseye; urgency=medium
110
111 * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the
112 default drop and reject actions
113
114 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Sep 2021 13:00:07 +0200
115
dcdbb559
TL		 116pve-firewall (4.2-2) bullseye; urgency=medium
117
118 * re-set relevant sysctls on every apply round
119
120 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 11:31:42 +0200
121
ce9cfab8
TL		 122pve-firewall (4.2-1) bullseye; urgency=medium
123
124 * fix #967: source: dest: limit length
125
126 * re-build for Debian 11 Bullseye based releases (Proxmox VE 7)
127
128 * fix #2358: allow --<opt> in firewall rule config files
129
130 -- Proxmox Support Team <support@proxmox.com> Wed, 12 May 2021 20:32:30 +0200
131
8a4e5b69
TL		 132pve-firewall (4.1-3) pve; urgency=medium
133
134 * fix #2773: ebtables: keep policy of custom chains
135
136 * introduce new icmp-type parameter
137
138 -- Proxmox Support Team <support@proxmox.com> Fri, 18 Sep 2020 16:51:27 +0200
139
70718917
TL		 140pve-firewall (4.1-2) pve; urgency=medium
141
142 * revert: rules: verify referenced security group exists
143
144 -- Proxmox Support Team <support@proxmox.com> Wed, 06 May 2020 17:41:36 +0200
145
c5530455
TL		 146pve-firewall (4.1-1) pve; urgency=medium
147
148 * logging: add missing log message for inbound rules
149
150 * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP
151
152 * IPSets: parse the CIDR before checking for duplicates
153
154 * verify that a referenced security group exists
155
156 * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255'
157
158 * ICMP: allow one to specify the 'echo-reply' (0) type also as integer
159
160 * improve handling concurrent (parallel) access and modifications to rules
161
162 -- Proxmox Support Team <support@proxmox.com> Mon, 04 May 2020 15:01:57 +0200
163
56a47140
TL		 164pve-firewall (4.0-10) pve; urgency=medium
165
166 * macros: add macro for Proxmox Mail Gateway web interface
167
168 * api node: always pass cluster conf to node FW parser to fix false positive
169 error message about non existing aliases, or IP sets, when querying the
170 node FW options GET API call.
171
172 * grammar fix: s/does not exists/does not exist/g
173
174 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jan 2020 19:25:49 +0100
175
5162c268
TL		 176pve-firewall (4.0-9) pve; urgency=medium
177
178 * ensure port range used for offline storage migration and insecure migration
179 traffic is allowed by default rule set.
180
181 -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100
182
5ac03b1c
WB		 183pve-firewall (4.0-8) pve; urgency=medium
184
185 * increase default nf_conntrack_max to the kernel's default
186
187 * fix some "use of uninitialized value" warnings when updating CIDRs
188
189 * update schema documentation
190
191 * add explicit dependency on libpve-cluster-perl
192
193 * add support for "raw" tables
194
195 * add options for synflood protection for host firewall:
196 - nf_conntrack_tcp_timeout_syn_recv
197 - protection_synflood: boolean
198 - protection_synflood_rate: SYN rate limit (default 200 per second)
199 - protection_synflood_burst: SYN burst limit (default 1000)
200
201 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100
202
bd368955
FG		 203pve-firewall (4.0-7) pve; urgency=medium
204
205 * only add VM chains and rules if VM firewall is enabled
206
207 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
208
c8f3e1ee
TL		 209pve-firewall (4.0-6) pve; urgency=medium
210
211 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
212
213 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
214
6fc572dc
TL		 215pve-firewall (4.0-5) pve; urgency=medium
216
217 * don't use any base path at all for calls to external binaries to make use
218 compativle with bot, /usr merged and unmerged setups
219
220 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
221
b1379400
TL		 222pve-firewall (4.0-4) pve; urgency=medium
223
224 * ebtables: remove PVE chains properly
225
226 * ebtables: treat chain deletion as change
227
228 * use /usr/sbin as base path
229
230 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
231
9e01d77d
TL		 232pve-firewall (4.0-3) pve; urgency=medium
233
234 * Create corosync firewall rules independently of localnet~
235
236 * Display corosync rule info on localnet call
237
238 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
239
9429bd35
TL		 240pve-firewall (4.0-2) pve; urgency=medium
241
242 * fix systemd warning about PIDFile directory
243
244 * fix CT rule generation with ipfilter set
245
246 * pve-firewall service: update-alternative iptables and ebtables to working
247 legacy versions
248
249 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
250
6b9da9b0
TL		 251pve-firewall (4.0-1) pve; urgency=medium
252
253 * re-build for Debian Buster / PVE 6
254
255 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
256
dd7d737b
TL		 257pve-firewall (3.0-21) unstable; urgency=medium
258
259 * fix ipv6 PVEFW-reject
260
261 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
262 ebtables doing the wrong thing here
263
264 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
265
bbf77725
TL		 266pve-firewall (3.0-20) unstable; urgency=medium
267
268 * use IPCC to read config and rule files, if the are backed by pmxcfs which
269 has better handling for pmxcfs restarts
270
271 * fix #2178: endless loop on ipv6 extension headers
272
273 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
274
baba607a
TL		 275pve-firewall (3.0-19) unstable; urgency=medium
276
277 * ebtables: add arp filtering
278
279 * fix: #2123 Logging of user defined firewall rules
280
281 * fix Razor macro
282
283 * allow to enable/disable and modify cluster wide log ratelimits
284
285 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
286
d8ea08e3
TL		 287pve-firewall (3.0-18) unstable; urgency=medium
288
289 * fix #1606: Add nf_conntrack_allow_invalid option
290
291 * log reject : add space after policy REJECT like drop
292
293 * fix #1891: Add zsh command completion for pve-firewall
294
295 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
296
91d88bc5
TL		 297pve-firewall (3.0-17) unstable; urgency=medium
298
299 * fix #2005: only allow ascii port digits
300
301 * fix #2004: do not allow backwards ranges
302
303 * add conntrack logging via libnetfilter_conntrack and allow one to enable
304 it through the firewall host configuration
305
306 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
307
81d13a9d
TL		 308pve-firewall (3.0-16) unstable; urgency=medium
309
310 * api/rules: fix macro return type
311
312 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
313
bed701bc
TL		 314pve-firewall (3.0-15) unstable; urgency=medium
315
316 * fix #1971: display firewall rule properties
317
318 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
319
a24b157b
WB		 320pve-firewall (3.0-14) unstable; urgency=medium
321
322 * fix #1841: avoid ebtable reloads when containers have multiple network
323 interfaces
324
325 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
326
cf7dd94b
WB		 327pve-firewall (3.0-13) unstable; urgency=medium
328
329 * avoid unnecessary reloads of ebtable ruleset
330
331 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
332
dd03bf6e
WB		 333pve-firewall (3.0-12) unstable; urgency=medium
334
335 * fix deleted iptables chains not being properly detected as a change
336
337 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
338
587a0f20 339pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 340
341 * #1764: rename 'ebtales_enable' option to 'ebtables'
342
587a0f20 343 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 344
423b86ef
WB		 345pve-firewall (3.0-10) unstable; urgency=medium
346
347 * fix #1764: handle existing ebtables rules and allow disabling ebtables
348
349 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
350 ebtables_enable option.
351
352 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
353
567e58ce
WB		 354pve-firewall (3.0-9) unstable; urgency=medium
355
356 * fix creation of ebltables FORWARD rule entry
357
358 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
359
ea0d59ed
WB		 360pve-firewall (3.0-8) unstable; urgency=medium
361
362 * add ebtables support for better MAC filtering
363
364 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
365
9a19ec81
WB		 366pve-firewall (3.0-7) unstable; urgency=medium
367
368 * support distinct source and destination multi-port matching
369
370 * multi-port matching: when specifying the same list of ports for source and
371 destination require them both to match, rather than one of them, as this
372 was rather unexpected behavior
373
374 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
375
8c41d444
DM		 376pve-firewall (3.0-6) unstable; urgency=medium
377
378 * fix #1319: don't fail postinst with masked service
379
380 * debian: switch to compat 9, drop init scripts, drop preinst
381
382 * check multiport limit in port ranges
383
384 * build: use git rev-parse for GITVERSION
385
386 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
387
4299c35f
WB		 388pve-firewall (3.0-5) unstable; urgency=medium
389
390 * fix issue with disabled flag not being honored within groups
391
392 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
393
a19d4127
WB		 394pve-firewall (3.0-4) unstable; urgency=medium
395
396 * fix issues with ipsets reloading unnecessarily or too late
397
398 * fix some typos in the logs
399
400 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
401
c0c71b1b
WB		 402pve-firewall (3.0-3) unstable; urgency=medium
403
404 * Fix #1492: logger: use current timestamp if the packet doesn't have one
405
406 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
407
4f7a4bdd
WB		 408pve-firewall (3.0-2) unstable; urgency=medium
409
410 * Fix #1446: remove masks in case the package had previously been removed but
411 not purged.
412
413 * improve logging on errors in the firewall configuration
414
415 * forbid trailing commas in lists as iptables-restore doesn't support them
416
417 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
418
29a94c79
FG		 419pve-firewall (3.0-1) unstable; urgency=medium
420
421 * rebuild for Debian Stretch
422
423 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
424
df67a3dc
DM		 425pve-firewall (2.0-33) unstable; urgency=medium
426
427 * ipset: don't allow zero-prefix entries
428
429 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
430
dc643b4d
DM		 431pve-firewall (2.0-32) unstable; urgency=medium
432
433 * improve search for local-network
434
435 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
436
45f206fd
DM		 437pve-firewall (2.0-31) unstable; urgency=medium
438
439 * don't try to apply ports to rules which don't support them
440
441 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
442
2ea28d0c
DM		 443pve-firewall (2.0-30) unstable; urgency=medium
444
445 * add multicast DNS to the list of Macros
446
447 * add missing parameter descriptions
448
449 * build-depends: add dh-systemd
450
451 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
452
b65d13d9
DM		 453pve-firewall (2.0-29) unstable; urgency=medium
454
455 * prevent overwriting ipsets/sec. groups by renaming
456
457 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
458
d0f3bb08
DM		 459pve-firewall (2.0-28) unstable; urgency=medium
460
461 * use pve-common's ipv4_mask_hash_localnet
462
5c53cde4
DC		 463 * fix allowed group name length
464
465 * make group digest stable
466
d0f3bb08
DM		 467 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
468
76a57e1a
DM		 469pve-firewall (2.0-27) unstable; urgency=medium
470
471 * fix #972: make PVEFW-FWBR-* rule order stable
472
473 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
474
17642172
DM		 475pve-firewall (2.0-26) unstable; urgency=medium
476
477 * fix #988: set rp_filter=2
478
479 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
480
6e29af12
DM		 481pve-firewall (2.0-25) unstable; urgency=medium
482
483 * fix #945: add uninitialized check in lxc ipset compilation
484
485 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
486
edb4aff5
DM		 487pve-firewall (2.0-24) unstable; urgency=medium
488
489 * Build-Depend on pve-doc-generator
490
491 * generate manpage with pve-doc-generator
492
493 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
494
e1158c15
DM		 495pve-firewall (2.0-23) unstable; urgency=medium
496
497 * use only the top bit for our accept marks
498
499 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
500
5399f912
DM		 501pve-firewall (2.0-22) unstable; urgency=medium
502
503 * Use cfs_config_path from PVE::QemuConfig
504
505 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
506
b9e73915
DM		 507pve-firewall (2.0-21) unstable; urgency=medium
508
509 * added new 'ipfilter' option
510
511 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
512
e2a49003
DM		 513pve-firewall (2.0-20) unstable; urgency=medium
514
515 * fix 901: encode unicode characters in sha digest
516
517 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
518
1d10f89a
DM		 519pve-firewall (2.0-19) unstable; urgency=medium
520
521 * Add radv option to VM options
522
523 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
524
666093cd
DM		 525pve-firewall (2.0-18) unstable; urgency=medium
526
527 * Add ndp option to host and VM firewall options
528
529 * Add router-solicitation to NeighborDiscovery macro
530
531 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
532
eaf25885
DM		 533pve-firewall (2.0-17) unstable; urgency=medium
534
535 * Don't leave empty FW config files behind
536
537 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
538
a177fb07
DM		 539pve-firewall (2.0-16) unstable; urgency=medium
540
541 * logger: basic ipv6 support
542
543 * add DHCPv6 macro
544
545 * add dhcpv6 support to the dhcp option
546
547 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
548
ab1b8d3c
DM		 549pve-firewall (2.0-15) unstable; urgency=medium
550
551 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
552
553 * fix some regular expressions mixups
554
555 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
556
c9c8d7a3
DM		 557pve-firewall (2.0-14) unstable; urgency=medium
558
559 * fix systemd service dependencies
560
561 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
562
aa818ae7
DM		 563pve-firewall (2.0-13) unstable; urgency=medium
564
565 * allow numeric icmp types
566
567 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
568
8dbebe7d
DM		 569pve-firewall (2.0-12) unstable; urgency=medium
570
571 * implement bash completions
572
573 * convert pve-firewall into a PVE::Service class
574
575 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
576
47704f4c
DM		 577pve-firewall (2.0-11) unstable; urgency=medium
578
579 * iptables_get_chains: fix veth device name
580
581 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
582
9eb84dc7
DM		 583pve-firewall (2.0-10) unstable; urgency=medium
584
585 * new helper: clone_vmfw_conf()
586
587 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
588
a3d34dac
DM		 589pve-firewall (2.0-9) unstable; urgency=medium
590
591 * remove firewall config file subroutine added
592
593 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
594
2a42a237
DM		 595pve-firewall (2.0-8) unstable; urgency=medium
596
597 * adopt regresion tests for lxc containers
598
599 * removed firewall code for openVZ
600
601 * Subroutine verify_rule fixed to correctly check only for "net\d+"
602 interface device names
603
604 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
605
33448a6e
DM		 606pve-firewall (2.0-7) unstable; urgency=medium
607
608 * added firewall code for lxc
609
610 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
611
19f14465
DM		 612pve-firewall (2.0-6) unstable; urgency=medium
613
614 * firewall ipversion comparison fix
615
616 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
617
8feec9fa
DM		 618pve-firewall (2.0-5) unstable; urgency=medium
619
620 * add ipv6 neighbor discovery and solicitation macros
621
622 * ip6tables accepts both spellings of the word neighbor
623
624 * added Ceph macro
625
626 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
627
e02c77aa
DM		 628pve-firewall (2.0-4) unstable; urgency=medium
629
630 * include manual page for pve-firewall
631
632 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
633
eb4a2902
DM		 634pve-firewall (2.0-3) unstable; urgency=medium
635
636 * use noawait trigers for pve-api-updates
637
638 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
639
56bb2e69
DM		 640pve-firewall (2.0-2) unstable; urgency=medium
641
642 * trigger pve-api-updates event
643
644 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
645
0b18ebe8
DM		 646pve-firewall (2.0-1) unstable; urgency=medium
647
648 * recompile for debian jessie
649
650 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
651
609f00c7
DM		 652pve-firewall (1.0-18) unstable; urgency=low
653
654 * fix alias lookup
655
656 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
657
de48e659
DM		 658pve-firewall (1.0-17) unstable; urgency=low
659
660 * fix restart behavior
661
662 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
663
b92d2ed2
DM		 664pve-firewall (1.0-16) unstable; urgency=low
665
666 * use new Daemon class from pve-common
667
668 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
669
22dde8d6
DM		 670pve-firewall (1.0-15) unstable; urgency=low
671
672 * bug fix: load cluster conf for host rules
673
674 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
675
e33e2f16
DM		 676pve-firewall (1.0-14) unstable; urgency=low
677
678 * do not use ipset list chains
679
680 * remove preinst script (not needed anymore)
681
682 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
683
3bce273b
DM		 684pve-firewall (1.0-13) unstable; urgency=low
685
686 * fix ipset remove order
687
688 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
689
7a7c322c
DM		 690pve-firewall (1.0-12) unstable; urgency=low
691
692 * add preinst script to clear ipset from older installation (because
693 sets cannot be swapped if there type does not match.
ce41ae23 694
7a7c322c
DM		 695 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
696
1b918ee5
DM		 697pve-firewall (1.0-11) unstable; urgency=low
698
699 * bug fix: correctly set ipversion for aliases in verify_rule
700
701 * save restore commands into files to make debugging
702 easier (/var/lib/pve-firewall/)
703
704 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
705
df617cea
DM		 706pve-firewall (1.0-10) unstable; urgency=low
707
708 * add IPv6 support for VMs (hostfw is IPv4 only)
709
710 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
711
0ac57570
DM		 712pve-firewall (1.0-9) unstable; urgency=low
713
714 * fix max ipset name name length
715
716 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
717
05fd3b63
DM		 718pve-firewall (1.0-8) unstable; urgency=low
719
720 * implement permission
721
722 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
723
bea9d5ab
DM		 724pve-firewall (1.0-7) unstable; urgency=low
725
726 * proxy host rule API calls to correct node
a34cfdd0
DM		 727
728 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 729
730 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
731
582275c3
DM		 732pve-firewall (1.0-6) unstable; urgency=low
733
734 * ipmlement ipfilter ipsets
735
736 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
737
de0c1e49
DM		 738pve-firewall (1.0-5) unstable; urgency=low
739
740 * remove ipsets when firewall disabled
741
742 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
743
64c266f5
DM		 744pve-firewall (1.0-4) unstable; urgency=low
745
746 * depend on iptables and ipset
747
748 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
749
16bcfa8b
DM		 750pve-firewall (1.0-3) unstable; urgency=low
751
752 * change dh_installinit order (register pvefw-logger before pve-firewall)
753
754 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
755
ba0b3a0a
DM		 756pve-firewall (1.0-2) unstable; urgency=low
757
758 * add experimental nflog logging daemon
759
760 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
761
bb272dd3
DM		 762pve-firewall (1.0-1) unstable; urgency=low
763
764 * initial package
765
766 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
767
Firewall test scripts