]>
Commit | Line | Data |
---|---|---|
4339ef15 TL |
1 | pve-firewall (5.0.7) bookworm; urgency=medium |
2 | ||
3 | * also signal force-disable nftables if FW is completely disabled | |
4 | ||
5 | -- Proxmox Support Team <support@proxmox.com> Tue, 30 Apr 2024 10:30:16 +0200 | |
6 | ||
c7134596 TL |
7 | pve-firewall (5.0.6) bookworm; urgency=medium |
8 | ||
9 | * add flag to signal the new nftables-based proxmox-firewall that it's | |
10 | disabled without the need to parse the config | |
11 | ||
12 | -- Proxmox Support Team <support@proxmox.com> Fri, 26 Apr 2024 17:19:50 +0200 | |
13 | ||
29b48c38 TL |
14 | pve-firewall (5.0.5) bookworm; urgency=medium |
15 | ||
16 | * simulator: adapt to more flexible bridge naming scheme | |
17 | ||
18 | -- Proxmox Support Team <support@proxmox.com> Tue, 23 Apr 2024 13:11:43 +0200 | |
19 | ||
50af7e09 TL |
20 | pve-firewall (5.0.4) bookworm; urgency=medium |
21 | ||
22 | * fix #5335: stable sorting in cluster.fw | |
23 | ||
24 | * add configuration option for new nftables firewall tech-preview | |
25 | ||
26 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2024 20:04:09 +0200 | |
27 | ||
372869e0 WB |
28 | pve-firewall (5.0.3) bookworm; urgency=medium |
29 | ||
30 | * fix resolution of scoped aliases in ipsets | |
31 | ||
32 | -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2023 10:39:28 +0200 | |
33 | ||
0d28aa2a TL |
34 | pve-firewall (5.0.2) bookworm; urgency=medium |
35 | ||
36 | * fix #4556: api: return scoped IPSets and aliases | |
37 | ||
38 | -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:17:19 +0200 | |
39 | ||
35542089 WB |
40 | pve-firewall (5.0.1) bookworm; urgency=medium |
41 | ||
42 | * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets | |
43 | ||
44 | -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 16:06:10 +0200 | |
45 | ||
97f2bc6c TL |
46 | pve-firewall (5.0.0) bookworm; urgency=medium |
47 | ||
48 | * switch to native versioning scheme | |
49 | ||
50 | * build for Proxmox VE 8 / Debian 12 Bookworm | |
51 | ||
52 | -- Proxmox Support Team <support@proxmox.com> Mon, 22 May 2023 14:43:58 +0200 | |
53 | ||
d3bf672b TL |
54 | pve-firewall (4.3-2) bullseye; urgency=medium |
55 | ||
56 | * fix variables declared in conditional statement | |
57 | ||
58 | * fix #4730: add safeguards to prevent ICMP type misuse | |
59 | ||
60 | -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 11:17:58 +0200 | |
61 | ||
4fffdd36 | 62 | pve-firewall (4.3-1) bullseye; urgency=medium |
23b3e816 | 63 | |
e3d08ca1 | 64 | * allow entering IP address with the host bits (those inside the mask) not |
23b3e816 TL |
65 | being all zero non-zero, like 192.168.1.155/24 for example. |
66 | ||
67 | * api: firewall logger: add optional parameters `since` and `until` for | |
68 | time-range filtering | |
69 | ||
70 | * fix #4550: host options: add nf_conntrack_helpers to compensate that | |
71 | kernel 6.1 and newer have removed the auto helpers | |
72 | ||
73 | -- Proxmox Support Team <support@proxmox.com> Fri, 17 Mar 2023 15:24:56 +0100 | |
74 | ||
b4577a25 TL |
75 | pve-firewall (4.2-7) bullseye; urgency=medium |
76 | ||
77 | * fix #4018: add firewall macro for SPICE proxy | |
78 | ||
79 | * fix #4204: automatically update each usage of a group to the new ID when | |
80 | it is renamed | |
81 | ||
82 | * fix #4268: add 'force' parameter to delete IPSet with members | |
83 | ||
84 | -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 19:53:04 +0100 | |
85 | ||
dd559e8a TL |
86 | pve-firewall (4.2-6) bullseye; urgency=medium |
87 | ||
88 | * config defaults: document that the mac filter defaults to on | |
89 | ||
90 | * fix #4175: ignore non-filter ebtables tables | |
91 | ||
92 | * fix enabling ebtables if VM firewall config is invalid | |
93 | ||
94 | -- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2022 09:43:53 +0200 | |
95 | ||
fba392f2 TL |
96 | pve-firewall (4.2-5) bullseye; urgency=medium |
97 | ||
98 | * fix #3677 ipset get chains: handle newer ipset output for actual | |
99 | change detection | |
100 | ||
101 | -- Proxmox Support Team <support@proxmox.com> Thu, 04 Nov 2021 16:37:13 +0100 | |
102 | ||
bd63a439 TL |
103 | pve-firewall (4.2-4) bullseye; urgency=medium |
104 | ||
105 | * re-build to avoid issues stemming from semi-broken systemd-debhelper version | |
106 | ||
107 | -- Proxmox Support Team <support@proxmox.com> Tue, 12 Oct 2021 10:39:05 +0200 | |
108 | ||
2a2b81b4 TL |
109 | pve-firewall (4.2-3) bullseye; urgency=medium |
110 | ||
111 | * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the | |
112 | default drop and reject actions | |
113 | ||
114 | -- Proxmox Support Team <support@proxmox.com> Fri, 10 Sep 2021 13:00:07 +0200 | |
115 | ||
dcdbb559 TL |
116 | pve-firewall (4.2-2) bullseye; urgency=medium |
117 | ||
118 | * re-set relevant sysctls on every apply round | |
119 | ||
120 | -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 11:31:42 +0200 | |
121 | ||
ce9cfab8 TL |
122 | pve-firewall (4.2-1) bullseye; urgency=medium |
123 | ||
124 | * fix #967: source: dest: limit length | |
125 | ||
126 | * re-build for Debian 11 Bullseye based releases (Proxmox VE 7) | |
127 | ||
128 | * fix #2358: allow --<opt> in firewall rule config files | |
129 | ||
130 | -- Proxmox Support Team <support@proxmox.com> Wed, 12 May 2021 20:32:30 +0200 | |
131 | ||
8a4e5b69 TL |
132 | pve-firewall (4.1-3) pve; urgency=medium |
133 | ||
134 | * fix #2773: ebtables: keep policy of custom chains | |
135 | ||
136 | * introduce new icmp-type parameter | |
137 | ||
138 | -- Proxmox Support Team <support@proxmox.com> Fri, 18 Sep 2020 16:51:27 +0200 | |
139 | ||
70718917 TL |
140 | pve-firewall (4.1-2) pve; urgency=medium |
141 | ||
142 | * revert: rules: verify referenced security group exists | |
143 | ||
144 | -- Proxmox Support Team <support@proxmox.com> Wed, 06 May 2020 17:41:36 +0200 | |
145 | ||
c5530455 TL |
146 | pve-firewall (4.1-1) pve; urgency=medium |
147 | ||
148 | * logging: add missing log message for inbound rules | |
149 | ||
150 | * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP | |
151 | ||
152 | * IPSets: parse the CIDR before checking for duplicates | |
153 | ||
154 | * verify that a referenced security group exists | |
155 | ||
156 | * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255' | |
157 | ||
158 | * ICMP: allow one to specify the 'echo-reply' (0) type also as integer | |
159 | ||
160 | * improve handling concurrent (parallel) access and modifications to rules | |
161 | ||
162 | -- Proxmox Support Team <support@proxmox.com> Mon, 04 May 2020 15:01:57 +0200 | |
163 | ||
56a47140 TL |
164 | pve-firewall (4.0-10) pve; urgency=medium |
165 | ||
166 | * macros: add macro for Proxmox Mail Gateway web interface | |
167 | ||
168 | * api node: always pass cluster conf to node FW parser to fix false positive | |
169 | error message about non existing aliases, or IP sets, when querying the | |
170 | node FW options GET API call. | |
171 | ||
172 | * grammar fix: s/does not exists/does not exist/g | |
173 | ||
174 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jan 2020 19:25:49 +0100 | |
175 | ||
5162c268 TL |
176 | pve-firewall (4.0-9) pve; urgency=medium |
177 | ||
178 | * ensure port range used for offline storage migration and insecure migration | |
179 | traffic is allowed by default rule set. | |
180 | ||
181 | -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100 | |
182 | ||
5ac03b1c WB |
183 | pve-firewall (4.0-8) pve; urgency=medium |
184 | ||
185 | * increase default nf_conntrack_max to the kernel's default | |
186 | ||
187 | * fix some "use of uninitialized value" warnings when updating CIDRs | |
188 | ||
189 | * update schema documentation | |
190 | ||
191 | * add explicit dependency on libpve-cluster-perl | |
192 | ||
193 | * add support for "raw" tables | |
194 | ||
195 | * add options for synflood protection for host firewall: | |
196 | - nf_conntrack_tcp_timeout_syn_recv | |
197 | - protection_synflood: boolean | |
198 | - protection_synflood_rate: SYN rate limit (default 200 per second) | |
199 | - protection_synflood_burst: SYN burst limit (default 1000) | |
200 | ||
201 | -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100 | |
202 | ||
bd368955 FG |
203 | pve-firewall (4.0-7) pve; urgency=medium |
204 | ||
205 | * only add VM chains and rules if VM firewall is enabled | |
206 | ||
207 | -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200 | |
208 | ||
c8f3e1ee TL |
209 | pve-firewall (4.0-6) pve; urgency=medium |
210 | ||
211 | * firewall macros: add new Ceph protocol v2 port while keeping v1 port | |
212 | ||
213 | -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200 | |
214 | ||
6fc572dc TL |
215 | pve-firewall (4.0-5) pve; urgency=medium |
216 | ||
217 | * don't use any base path at all for calls to external binaries to make use | |
218 | compativle with bot, /usr merged and unmerged setups | |
219 | ||
220 | -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200 | |
221 | ||
b1379400 TL |
222 | pve-firewall (4.0-4) pve; urgency=medium |
223 | ||
224 | * ebtables: remove PVE chains properly | |
225 | ||
226 | * ebtables: treat chain deletion as change | |
227 | ||
228 | * use /usr/sbin as base path | |
229 | ||
230 | -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200 | |
231 | ||
9e01d77d TL |
232 | pve-firewall (4.0-3) pve; urgency=medium |
233 | ||
234 | * Create corosync firewall rules independently of localnet~ | |
235 | ||
236 | * Display corosync rule info on localnet call | |
237 | ||
238 | -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200 | |
239 | ||
9429bd35 TL |
240 | pve-firewall (4.0-2) pve; urgency=medium |
241 | ||
242 | * fix systemd warning about PIDFile directory | |
243 | ||
244 | * fix CT rule generation with ipfilter set | |
245 | ||
246 | * pve-firewall service: update-alternative iptables and ebtables to working | |
247 | legacy versions | |
248 | ||
249 | -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200 | |
250 | ||
6b9da9b0 TL |
251 | pve-firewall (4.0-1) pve; urgency=medium |
252 | ||
253 | * re-build for Debian Buster / PVE 6 | |
254 | ||
255 | -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200 | |
256 | ||
dd7d737b TL |
257 | pve-firewall (3.0-21) unstable; urgency=medium |
258 | ||
259 | * fix ipv6 PVEFW-reject | |
260 | ||
261 | * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid | |
262 | ebtables doing the wrong thing here | |
263 | ||
264 | -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000 | |
265 | ||
bbf77725 TL |
266 | pve-firewall (3.0-20) unstable; urgency=medium |
267 | ||
268 | * use IPCC to read config and rule files, if the are backed by pmxcfs which | |
269 | has better handling for pmxcfs restarts | |
270 | ||
271 | * fix #2178: endless loop on ipv6 extension headers | |
272 | ||
273 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000 | |
274 | ||
baba607a TL |
275 | pve-firewall (3.0-19) unstable; urgency=medium |
276 | ||
277 | * ebtables: add arp filtering | |
278 | ||
279 | * fix: #2123 Logging of user defined firewall rules | |
280 | ||
281 | * fix Razor macro | |
282 | ||
283 | * allow to enable/disable and modify cluster wide log ratelimits | |
284 | ||
285 | -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200 | |
286 | ||
d8ea08e3 TL |
287 | pve-firewall (3.0-18) unstable; urgency=medium |
288 | ||
289 | * fix #1606: Add nf_conntrack_allow_invalid option | |
290 | ||
291 | * log reject : add space after policy REJECT like drop | |
292 | ||
293 | * fix #1891: Add zsh command completion for pve-firewall | |
294 | ||
295 | -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100 | |
296 | ||
91d88bc5 TL |
297 | pve-firewall (3.0-17) unstable; urgency=medium |
298 | ||
299 | * fix #2005: only allow ascii port digits | |
300 | ||
301 | * fix #2004: do not allow backwards ranges | |
302 | ||
303 | * add conntrack logging via libnetfilter_conntrack and allow one to enable | |
304 | it through the firewall host configuration | |
305 | ||
306 | -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100 | |
307 | ||
81d13a9d TL |
308 | pve-firewall (3.0-16) unstable; urgency=medium |
309 | ||
310 | * api/rules: fix macro return type | |
311 | ||
312 | -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100 | |
313 | ||
bed701bc TL |
314 | pve-firewall (3.0-15) unstable; urgency=medium |
315 | ||
316 | * fix #1971: display firewall rule properties | |
317 | ||
318 | -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100 | |
319 | ||
a24b157b WB |
320 | pve-firewall (3.0-14) unstable; urgency=medium |
321 | ||
322 | * fix #1841: avoid ebtable reloads when containers have multiple network | |
323 | interfaces | |
324 | ||
325 | -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200 | |
326 | ||
cf7dd94b WB |
327 | pve-firewall (3.0-13) unstable; urgency=medium |
328 | ||
329 | * avoid unnecessary reloads of ebtable ruleset | |
330 | ||
331 | -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200 | |
332 | ||
dd03bf6e WB |
333 | pve-firewall (3.0-12) unstable; urgency=medium |
334 | ||
335 | * fix deleted iptables chains not being properly detected as a change | |
336 | ||
337 | -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200 | |
338 | ||
587a0f20 | 339 | pve-firewall (3.0-11) unstable; urgency=medium |
a3a51dad TL |
340 | |
341 | * #1764: rename 'ebtales_enable' option to 'ebtables' | |
342 | ||
587a0f20 | 343 | -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200 |
a3a51dad | 344 | |
423b86ef WB |
345 | pve-firewall (3.0-10) unstable; urgency=medium |
346 | ||
347 | * fix #1764: handle existing ebtables rules and allow disabling ebtables | |
348 | ||
349 | * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new | |
350 | ebtables_enable option. | |
351 | ||
352 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200 | |
353 | ||
567e58ce WB |
354 | pve-firewall (3.0-9) unstable; urgency=medium |
355 | ||
356 | * fix creation of ebltables FORWARD rule entry | |
357 | ||
358 | -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200 | |
359 | ||
ea0d59ed WB |
360 | pve-firewall (3.0-8) unstable; urgency=medium |
361 | ||
362 | * add ebtables support for better MAC filtering | |
363 | ||
364 | -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200 | |
365 | ||
9a19ec81 WB |
366 | pve-firewall (3.0-7) unstable; urgency=medium |
367 | ||
368 | * support distinct source and destination multi-port matching | |
369 | ||
370 | * multi-port matching: when specifying the same list of ports for source and | |
371 | destination require them both to match, rather than one of them, as this | |
372 | was rather unexpected behavior | |
373 | ||
374 | -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100 | |
375 | ||
8c41d444 DM |
376 | pve-firewall (3.0-6) unstable; urgency=medium |
377 | ||
378 | * fix #1319: don't fail postinst with masked service | |
379 | ||
380 | * debian: switch to compat 9, drop init scripts, drop preinst | |
381 | ||
382 | * check multiport limit in port ranges | |
383 | ||
384 | * build: use git rev-parse for GITVERSION | |
385 | ||
386 | -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100 | |
387 | ||
4299c35f WB |
388 | pve-firewall (3.0-5) unstable; urgency=medium |
389 | ||
390 | * fix issue with disabled flag not being honored within groups | |
391 | ||
392 | -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100 | |
393 | ||
a19d4127 WB |
394 | pve-firewall (3.0-4) unstable; urgency=medium |
395 | ||
396 | * fix issues with ipsets reloading unnecessarily or too late | |
397 | ||
398 | * fix some typos in the logs | |
399 | ||
400 | -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100 | |
401 | ||
c0c71b1b WB |
402 | pve-firewall (3.0-3) unstable; urgency=medium |
403 | ||
404 | * Fix #1492: logger: use current timestamp if the packet doesn't have one | |
405 | ||
406 | -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200 | |
407 | ||
4f7a4bdd WB |
408 | pve-firewall (3.0-2) unstable; urgency=medium |
409 | ||
410 | * Fix #1446: remove masks in case the package had previously been removed but | |
411 | not purged. | |
412 | ||
413 | * improve logging on errors in the firewall configuration | |
414 | ||
415 | * forbid trailing commas in lists as iptables-restore doesn't support them | |
416 | ||
417 | -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200 | |
418 | ||
29a94c79 FG |
419 | pve-firewall (3.0-1) unstable; urgency=medium |
420 | ||
421 | * rebuild for Debian Stretch | |
422 | ||
423 | -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100 | |
424 | ||
df67a3dc DM |
425 | pve-firewall (2.0-33) unstable; urgency=medium |
426 | ||
427 | * ipset: don't allow zero-prefix entries | |
428 | ||
429 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100 | |
430 | ||
dc643b4d DM |
431 | pve-firewall (2.0-32) unstable; urgency=medium |
432 | ||
433 | * improve search for local-network | |
434 | ||
435 | -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100 | |
436 | ||
45f206fd DM |
437 | pve-firewall (2.0-31) unstable; urgency=medium |
438 | ||
439 | * don't try to apply ports to rules which don't support them | |
440 | ||
441 | -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200 | |
442 | ||
2ea28d0c DM |
443 | pve-firewall (2.0-30) unstable; urgency=medium |
444 | ||
445 | * add multicast DNS to the list of Macros | |
446 | ||
447 | * add missing parameter descriptions | |
448 | ||
449 | * build-depends: add dh-systemd | |
450 | ||
451 | -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200 | |
452 | ||
b65d13d9 DM |
453 | pve-firewall (2.0-29) unstable; urgency=medium |
454 | ||
455 | * prevent overwriting ipsets/sec. groups by renaming | |
456 | ||
457 | -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200 | |
458 | ||
d0f3bb08 DM |
459 | pve-firewall (2.0-28) unstable; urgency=medium |
460 | ||
461 | * use pve-common's ipv4_mask_hash_localnet | |
462 | ||
5c53cde4 DC |
463 | * fix allowed group name length |
464 | ||
465 | * make group digest stable | |
466 | ||
d0f3bb08 DM |
467 | -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200 |
468 | ||
76a57e1a DM |
469 | pve-firewall (2.0-27) unstable; urgency=medium |
470 | ||
471 | * fix #972: make PVEFW-FWBR-* rule order stable | |
472 | ||
473 | -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200 | |
474 | ||
17642172 DM |
475 | pve-firewall (2.0-26) unstable; urgency=medium |
476 | ||
477 | * fix #988: set rp_filter=2 | |
478 | ||
479 | -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200 | |
480 | ||
6e29af12 DM |
481 | pve-firewall (2.0-25) unstable; urgency=medium |
482 | ||
483 | * fix #945: add uninitialized check in lxc ipset compilation | |
484 | ||
485 | -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200 | |
486 | ||
edb4aff5 DM |
487 | pve-firewall (2.0-24) unstable; urgency=medium |
488 | ||
489 | * Build-Depend on pve-doc-generator | |
490 | ||
491 | * generate manpage with pve-doc-generator | |
492 | ||
493 | -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200 | |
494 | ||
e1158c15 DM |
495 | pve-firewall (2.0-23) unstable; urgency=medium |
496 | ||
497 | * use only the top bit for our accept marks | |
498 | ||
499 | -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200 | |
500 | ||
5399f912 DM |
501 | pve-firewall (2.0-22) unstable; urgency=medium |
502 | ||
503 | * Use cfs_config_path from PVE::QemuConfig | |
504 | ||
505 | -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100 | |
506 | ||
b9e73915 DM |
507 | pve-firewall (2.0-21) unstable; urgency=medium |
508 | ||
509 | * added new 'ipfilter' option | |
510 | ||
511 | -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100 | |
512 | ||
e2a49003 DM |
513 | pve-firewall (2.0-20) unstable; urgency=medium |
514 | ||
515 | * fix 901: encode unicode characters in sha digest | |
516 | ||
517 | -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100 | |
518 | ||
1d10f89a DM |
519 | pve-firewall (2.0-19) unstable; urgency=medium |
520 | ||
521 | * Add radv option to VM options | |
522 | ||
523 | -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100 | |
524 | ||
666093cd DM |
525 | pve-firewall (2.0-18) unstable; urgency=medium |
526 | ||
527 | * Add ndp option to host and VM firewall options | |
528 | ||
529 | * Add router-solicitation to NeighborDiscovery macro | |
530 | ||
531 | -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100 | |
532 | ||
eaf25885 DM |
533 | pve-firewall (2.0-17) unstable; urgency=medium |
534 | ||
535 | * Don't leave empty FW config files behind | |
536 | ||
537 | -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100 | |
538 | ||
a177fb07 DM |
539 | pve-firewall (2.0-16) unstable; urgency=medium |
540 | ||
541 | * logger: basic ipv6 support | |
542 | ||
543 | * add DHCPv6 macro | |
544 | ||
545 | * add dhcpv6 support to the dhcp option | |
546 | ||
547 | -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100 | |
548 | ||
ab1b8d3c DM |
549 | pve-firewall (2.0-15) unstable; urgency=medium |
550 | ||
551 | * fix bug #859: use $security_group_name_pattern in iptables_get_chains | |
552 | ||
553 | * fix some regular expressions mixups | |
554 | ||
555 | -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100 | |
556 | ||
c9c8d7a3 DM |
557 | pve-firewall (2.0-14) unstable; urgency=medium |
558 | ||
559 | * fix systemd service dependencies | |
560 | ||
561 | -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100 | |
562 | ||
aa818ae7 DM |
563 | pve-firewall (2.0-13) unstable; urgency=medium |
564 | ||
565 | * allow numeric icmp types | |
566 | ||
567 | -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200 | |
568 | ||
8dbebe7d DM |
569 | pve-firewall (2.0-12) unstable; urgency=medium |
570 | ||
571 | * implement bash completions | |
572 | ||
573 | * convert pve-firewall into a PVE::Service class | |
574 | ||
575 | -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200 | |
576 | ||
47704f4c DM |
577 | pve-firewall (2.0-11) unstable; urgency=medium |
578 | ||
579 | * iptables_get_chains: fix veth device name | |
580 | ||
581 | -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200 | |
582 | ||
9eb84dc7 DM |
583 | pve-firewall (2.0-10) unstable; urgency=medium |
584 | ||
585 | * new helper: clone_vmfw_conf() | |
586 | ||
587 | -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200 | |
588 | ||
a3d34dac DM |
589 | pve-firewall (2.0-9) unstable; urgency=medium |
590 | ||
591 | * remove firewall config file subroutine added | |
592 | ||
593 | -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200 | |
594 | ||
2a42a237 DM |
595 | pve-firewall (2.0-8) unstable; urgency=medium |
596 | ||
597 | * adopt regresion tests for lxc containers | |
598 | ||
599 | * removed firewall code for openVZ | |
600 | ||
601 | * Subroutine verify_rule fixed to correctly check only for "net\d+" | |
602 | interface device names | |
603 | ||
604 | -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200 | |
605 | ||
33448a6e DM |
606 | pve-firewall (2.0-7) unstable; urgency=medium |
607 | ||
608 | * added firewall code for lxc | |
609 | ||
610 | -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200 | |
611 | ||
19f14465 DM |
612 | pve-firewall (2.0-6) unstable; urgency=medium |
613 | ||
614 | * firewall ipversion comparison fix | |
615 | ||
616 | -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200 | |
617 | ||
8feec9fa DM |
618 | pve-firewall (2.0-5) unstable; urgency=medium |
619 | ||
620 | * add ipv6 neighbor discovery and solicitation macros | |
621 | ||
622 | * ip6tables accepts both spellings of the word neighbor | |
623 | ||
624 | * added Ceph macro | |
625 | ||
626 | -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200 | |
627 | ||
e02c77aa DM |
628 | pve-firewall (2.0-4) unstable; urgency=medium |
629 | ||
630 | * include manual page for pve-firewall | |
631 | ||
632 | -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200 | |
633 | ||
eb4a2902 DM |
634 | pve-firewall (2.0-3) unstable; urgency=medium |
635 | ||
636 | * use noawait trigers for pve-api-updates | |
637 | ||
638 | -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200 | |
639 | ||
56bb2e69 DM |
640 | pve-firewall (2.0-2) unstable; urgency=medium |
641 | ||
642 | * trigger pve-api-updates event | |
643 | ||
644 | -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200 | |
645 | ||
0b18ebe8 DM |
646 | pve-firewall (2.0-1) unstable; urgency=medium |
647 | ||
648 | * recompile for debian jessie | |
649 | ||
650 | -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100 | |
651 | ||
609f00c7 DM |
652 | pve-firewall (1.0-18) unstable; urgency=low |
653 | ||
654 | * fix alias lookup | |
655 | ||
656 | -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100 | |
657 | ||
de48e659 DM |
658 | pve-firewall (1.0-17) unstable; urgency=low |
659 | ||
660 | * fix restart behavior | |
661 | ||
662 | -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100 | |
663 | ||
b92d2ed2 DM |
664 | pve-firewall (1.0-16) unstable; urgency=low |
665 | ||
666 | * use new Daemon class from pve-common | |
667 | ||
668 | -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100 | |
669 | ||
22dde8d6 DM |
670 | pve-firewall (1.0-15) unstable; urgency=low |
671 | ||
672 | * bug fix: load cluster conf for host rules | |
673 | ||
674 | -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100 | |
675 | ||
e33e2f16 DM |
676 | pve-firewall (1.0-14) unstable; urgency=low |
677 | ||
678 | * do not use ipset list chains | |
679 | ||
680 | * remove preinst script (not needed anymore) | |
681 | ||
682 | -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100 | |
683 | ||
3bce273b DM |
684 | pve-firewall (1.0-13) unstable; urgency=low |
685 | ||
686 | * fix ipset remove order | |
687 | ||
688 | -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100 | |
689 | ||
7a7c322c DM |
690 | pve-firewall (1.0-12) unstable; urgency=low |
691 | ||
692 | * add preinst script to clear ipset from older installation (because | |
693 | sets cannot be swapped if there type does not match. | |
ce41ae23 | 694 | |
7a7c322c DM |
695 | -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100 |
696 | ||
1b918ee5 DM |
697 | pve-firewall (1.0-11) unstable; urgency=low |
698 | ||
699 | * bug fix: correctly set ipversion for aliases in verify_rule | |
700 | ||
701 | * save restore commands into files to make debugging | |
702 | easier (/var/lib/pve-firewall/) | |
703 | ||
704 | -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100 | |
705 | ||
df617cea DM |
706 | pve-firewall (1.0-10) unstable; urgency=low |
707 | ||
708 | * add IPv6 support for VMs (hostfw is IPv4 only) | |
709 | ||
710 | -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100 | |
711 | ||
0ac57570 DM |
712 | pve-firewall (1.0-9) unstable; urgency=low |
713 | ||
714 | * fix max ipset name name length | |
715 | ||
716 | -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200 | |
717 | ||
05fd3b63 DM |
718 | pve-firewall (1.0-8) unstable; urgency=low |
719 | ||
720 | * implement permission | |
721 | ||
722 | -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200 | |
723 | ||
bea9d5ab DM |
724 | pve-firewall (1.0-7) unstable; urgency=low |
725 | ||
726 | * proxy host rule API calls to correct node | |
a34cfdd0 DM |
727 | |
728 | * always generate MAC and IP filter rules if firewall is enabled on NIC | |
bea9d5ab DM |
729 | |
730 | -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200 | |
731 | ||
582275c3 DM |
732 | pve-firewall (1.0-6) unstable; urgency=low |
733 | ||
734 | * ipmlement ipfilter ipsets | |
735 | ||
736 | -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200 | |
737 | ||
de0c1e49 DM |
738 | pve-firewall (1.0-5) unstable; urgency=low |
739 | ||
740 | * remove ipsets when firewall disabled | |
741 | ||
742 | -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200 | |
743 | ||
64c266f5 DM |
744 | pve-firewall (1.0-4) unstable; urgency=low |
745 | ||
746 | * depend on iptables and ipset | |
747 | ||
748 | -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200 | |
749 | ||
16bcfa8b DM |
750 | pve-firewall (1.0-3) unstable; urgency=low |
751 | ||
752 | * change dh_installinit order (register pvefw-logger before pve-firewall) | |
753 | ||
754 | -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200 | |
755 | ||
ba0b3a0a DM |
756 | pve-firewall (1.0-2) unstable; urgency=low |
757 | ||
758 | * add experimental nflog logging daemon | |
759 | ||
760 | -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100 | |
761 | ||
bb272dd3 DM |
762 | pve-firewall (1.0-1) unstable; urgency=low |
763 | ||
764 | * initial package | |
765 | ||
766 | -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100 | |
767 |