]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 5.0.4
[pve-firewall.git] / debian / changelog
CommitLineData
50af7e09
TL		 1pve-firewall (5.0.4) bookworm; urgency=medium
2
3 * fix #5335: stable sorting in cluster.fw
4
5 * add configuration option for new nftables firewall tech-preview
6
7 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2024 20:04:09 +0200
8
372869e0
WB		 9pve-firewall (5.0.3) bookworm; urgency=medium
10
11 * fix resolution of scoped aliases in ipsets
12
13 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2023 10:39:28 +0200
14
0d28aa2a
TL		 15pve-firewall (5.0.2) bookworm; urgency=medium
16
17 * fix #4556: api: return scoped IPSets and aliases
18
19 -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:17:19 +0200
20
35542089
WB		 21pve-firewall (5.0.1) bookworm; urgency=medium
22
23 * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets
24
25 -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 16:06:10 +0200
26
97f2bc6c
TL		 27pve-firewall (5.0.0) bookworm; urgency=medium
28
29 * switch to native versioning scheme
30
31 * build for Proxmox VE 8 / Debian 12 Bookworm
32
33 -- Proxmox Support Team <support@proxmox.com> Mon, 22 May 2023 14:43:58 +0200
34
d3bf672b
TL		 35pve-firewall (4.3-2) bullseye; urgency=medium
36
37 * fix variables declared in conditional statement
38
39 * fix #4730: add safeguards to prevent ICMP type misuse
40
41 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 11:17:58 +0200
42
4fffdd36 43pve-firewall (4.3-1) bullseye; urgency=medium
23b3e816 44
e3d08ca1 45 * allow entering IP address with the host bits (those inside the mask) not
23b3e816
TL		 46 being all zero non-zero, like 192.168.1.155/24 for example.
47
48 * api: firewall logger: add optional parameters `since` and `until` for
49 time-range filtering
50
51 * fix #4550: host options: add nf_conntrack_helpers to compensate that
52 kernel 6.1 and newer have removed the auto helpers
53
54 -- Proxmox Support Team <support@proxmox.com> Fri, 17 Mar 2023 15:24:56 +0100
55
b4577a25
TL		 56pve-firewall (4.2-7) bullseye; urgency=medium
57
58 * fix #4018: add firewall macro for SPICE proxy
59
60 * fix #4204: automatically update each usage of a group to the new ID when
61 it is renamed
62
63 * fix #4268: add 'force' parameter to delete IPSet with members
64
65 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 19:53:04 +0100
66
dd559e8a
TL		 67pve-firewall (4.2-6) bullseye; urgency=medium
68
69 * config defaults: document that the mac filter defaults to on
70
71 * fix #4175: ignore non-filter ebtables tables
72
73 * fix enabling ebtables if VM firewall config is invalid
74
75 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2022 09:43:53 +0200
76
fba392f2
TL		 77pve-firewall (4.2-5) bullseye; urgency=medium
78
79 * fix #3677 ipset get chains: handle newer ipset output for actual
80 change detection
81
82 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Nov 2021 16:37:13 +0100
83
bd63a439
TL		 84pve-firewall (4.2-4) bullseye; urgency=medium
85
86 * re-build to avoid issues stemming from semi-broken systemd-debhelper version
87
88 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Oct 2021 10:39:05 +0200
89
2a2b81b4
TL		 90pve-firewall (4.2-3) bullseye; urgency=medium
91
92 * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the
93 default drop and reject actions
94
95 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Sep 2021 13:00:07 +0200
96
dcdbb559
TL		 97pve-firewall (4.2-2) bullseye; urgency=medium
98
99 * re-set relevant sysctls on every apply round
100
101 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 11:31:42 +0200
102
ce9cfab8
TL		 103pve-firewall (4.2-1) bullseye; urgency=medium
104
105 * fix #967: source: dest: limit length
106
107 * re-build for Debian 11 Bullseye based releases (Proxmox VE 7)
108
109 * fix #2358: allow --<opt> in firewall rule config files
110
111 -- Proxmox Support Team <support@proxmox.com> Wed, 12 May 2021 20:32:30 +0200
112
8a4e5b69
TL		 113pve-firewall (4.1-3) pve; urgency=medium
114
115 * fix #2773: ebtables: keep policy of custom chains
116
117 * introduce new icmp-type parameter
118
119 -- Proxmox Support Team <support@proxmox.com> Fri, 18 Sep 2020 16:51:27 +0200
120
70718917
TL		 121pve-firewall (4.1-2) pve; urgency=medium
122
123 * revert: rules: verify referenced security group exists
124
125 -- Proxmox Support Team <support@proxmox.com> Wed, 06 May 2020 17:41:36 +0200
126
c5530455
TL		 127pve-firewall (4.1-1) pve; urgency=medium
128
129 * logging: add missing log message for inbound rules
130
131 * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP
132
133 * IPSets: parse the CIDR before checking for duplicates
134
135 * verify that a referenced security group exists
136
137 * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255'
138
139 * ICMP: allow one to specify the 'echo-reply' (0) type also as integer
140
141 * improve handling concurrent (parallel) access and modifications to rules
142
143 -- Proxmox Support Team <support@proxmox.com> Mon, 04 May 2020 15:01:57 +0200
144
56a47140
TL		 145pve-firewall (4.0-10) pve; urgency=medium
146
147 * macros: add macro for Proxmox Mail Gateway web interface
148
149 * api node: always pass cluster conf to node FW parser to fix false positive
150 error message about non existing aliases, or IP sets, when querying the
151 node FW options GET API call.
152
153 * grammar fix: s/does not exists/does not exist/g
154
155 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jan 2020 19:25:49 +0100
156
5162c268
TL		 157pve-firewall (4.0-9) pve; urgency=medium
158
159 * ensure port range used for offline storage migration and insecure migration
160 traffic is allowed by default rule set.
161
162 -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100
163
5ac03b1c
WB		 164pve-firewall (4.0-8) pve; urgency=medium
165
166 * increase default nf_conntrack_max to the kernel's default
167
168 * fix some "use of uninitialized value" warnings when updating CIDRs
169
170 * update schema documentation
171
172 * add explicit dependency on libpve-cluster-perl
173
174 * add support for "raw" tables
175
176 * add options for synflood protection for host firewall:
177 - nf_conntrack_tcp_timeout_syn_recv
178 - protection_synflood: boolean
179 - protection_synflood_rate: SYN rate limit (default 200 per second)
180 - protection_synflood_burst: SYN burst limit (default 1000)
181
182 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100
183
bd368955
FG		 184pve-firewall (4.0-7) pve; urgency=medium
185
186 * only add VM chains and rules if VM firewall is enabled
187
188 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
189
c8f3e1ee
TL		 190pve-firewall (4.0-6) pve; urgency=medium
191
192 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
193
194 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
195
6fc572dc
TL		 196pve-firewall (4.0-5) pve; urgency=medium
197
198 * don't use any base path at all for calls to external binaries to make use
199 compativle with bot, /usr merged and unmerged setups
200
201 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
202
b1379400
TL		 203pve-firewall (4.0-4) pve; urgency=medium
204
205 * ebtables: remove PVE chains properly
206
207 * ebtables: treat chain deletion as change
208
209 * use /usr/sbin as base path
210
211 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
212
9e01d77d
TL		 213pve-firewall (4.0-3) pve; urgency=medium
214
215 * Create corosync firewall rules independently of localnet~
216
217 * Display corosync rule info on localnet call
218
219 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
220
9429bd35
TL		 221pve-firewall (4.0-2) pve; urgency=medium
222
223 * fix systemd warning about PIDFile directory
224
225 * fix CT rule generation with ipfilter set
226
227 * pve-firewall service: update-alternative iptables and ebtables to working
228 legacy versions
229
230 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
231
6b9da9b0
TL		 232pve-firewall (4.0-1) pve; urgency=medium
233
234 * re-build for Debian Buster / PVE 6
235
236 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
237
dd7d737b
TL		 238pve-firewall (3.0-21) unstable; urgency=medium
239
240 * fix ipv6 PVEFW-reject
241
242 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
243 ebtables doing the wrong thing here
244
245 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
246
bbf77725
TL		 247pve-firewall (3.0-20) unstable; urgency=medium
248
249 * use IPCC to read config and rule files, if the are backed by pmxcfs which
250 has better handling for pmxcfs restarts
251
252 * fix #2178: endless loop on ipv6 extension headers
253
254 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
255
baba607a
TL		 256pve-firewall (3.0-19) unstable; urgency=medium
257
258 * ebtables: add arp filtering
259
260 * fix: #2123 Logging of user defined firewall rules
261
262 * fix Razor macro
263
264 * allow to enable/disable and modify cluster wide log ratelimits
265
266 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
267
d8ea08e3
TL		 268pve-firewall (3.0-18) unstable; urgency=medium
269
270 * fix #1606: Add nf_conntrack_allow_invalid option
271
272 * log reject : add space after policy REJECT like drop
273
274 * fix #1891: Add zsh command completion for pve-firewall
275
276 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
277
91d88bc5
TL		 278pve-firewall (3.0-17) unstable; urgency=medium
279
280 * fix #2005: only allow ascii port digits
281
282 * fix #2004: do not allow backwards ranges
283
284 * add conntrack logging via libnetfilter_conntrack and allow one to enable
285 it through the firewall host configuration
286
287 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
288
81d13a9d
TL		 289pve-firewall (3.0-16) unstable; urgency=medium
290
291 * api/rules: fix macro return type
292
293 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
294
bed701bc
TL		 295pve-firewall (3.0-15) unstable; urgency=medium
296
297 * fix #1971: display firewall rule properties
298
299 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
300
a24b157b
WB		 301pve-firewall (3.0-14) unstable; urgency=medium
302
303 * fix #1841: avoid ebtable reloads when containers have multiple network
304 interfaces
305
306 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
307
cf7dd94b
WB		 308pve-firewall (3.0-13) unstable; urgency=medium
309
310 * avoid unnecessary reloads of ebtable ruleset
311
312 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
313
dd03bf6e
WB		 314pve-firewall (3.0-12) unstable; urgency=medium
315
316 * fix deleted iptables chains not being properly detected as a change
317
318 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
319
587a0f20 320pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 321
322 * #1764: rename 'ebtales_enable' option to 'ebtables'
323
587a0f20 324 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 325
423b86ef
WB		 326pve-firewall (3.0-10) unstable; urgency=medium
327
328 * fix #1764: handle existing ebtables rules and allow disabling ebtables
329
330 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
331 ebtables_enable option.
332
333 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
334
567e58ce
WB		 335pve-firewall (3.0-9) unstable; urgency=medium
336
337 * fix creation of ebltables FORWARD rule entry
338
339 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
340
ea0d59ed
WB		 341pve-firewall (3.0-8) unstable; urgency=medium
342
343 * add ebtables support for better MAC filtering
344
345 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
346
9a19ec81
WB		 347pve-firewall (3.0-7) unstable; urgency=medium
348
349 * support distinct source and destination multi-port matching
350
351 * multi-port matching: when specifying the same list of ports for source and
352 destination require them both to match, rather than one of them, as this
353 was rather unexpected behavior
354
355 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
356
8c41d444
DM		 357pve-firewall (3.0-6) unstable; urgency=medium
358
359 * fix #1319: don't fail postinst with masked service
360
361 * debian: switch to compat 9, drop init scripts, drop preinst
362
363 * check multiport limit in port ranges
364
365 * build: use git rev-parse for GITVERSION
366
367 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
368
4299c35f
WB		 369pve-firewall (3.0-5) unstable; urgency=medium
370
371 * fix issue with disabled flag not being honored within groups
372
373 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
374
a19d4127
WB		 375pve-firewall (3.0-4) unstable; urgency=medium
376
377 * fix issues with ipsets reloading unnecessarily or too late
378
379 * fix some typos in the logs
380
381 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
382
c0c71b1b
WB		 383pve-firewall (3.0-3) unstable; urgency=medium
384
385 * Fix #1492: logger: use current timestamp if the packet doesn't have one
386
387 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
388
4f7a4bdd
WB		 389pve-firewall (3.0-2) unstable; urgency=medium
390
391 * Fix #1446: remove masks in case the package had previously been removed but
392 not purged.
393
394 * improve logging on errors in the firewall configuration
395
396 * forbid trailing commas in lists as iptables-restore doesn't support them
397
398 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
399
29a94c79
FG		 400pve-firewall (3.0-1) unstable; urgency=medium
401
402 * rebuild for Debian Stretch
403
404 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
405
df67a3dc
DM		 406pve-firewall (2.0-33) unstable; urgency=medium
407
408 * ipset: don't allow zero-prefix entries
409
410 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
411
dc643b4d
DM		 412pve-firewall (2.0-32) unstable; urgency=medium
413
414 * improve search for local-network
415
416 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
417
45f206fd
DM		 418pve-firewall (2.0-31) unstable; urgency=medium
419
420 * don't try to apply ports to rules which don't support them
421
422 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
423
2ea28d0c
DM		 424pve-firewall (2.0-30) unstable; urgency=medium
425
426 * add multicast DNS to the list of Macros
427
428 * add missing parameter descriptions
429
430 * build-depends: add dh-systemd
431
432 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
433
b65d13d9
DM		 434pve-firewall (2.0-29) unstable; urgency=medium
435
436 * prevent overwriting ipsets/sec. groups by renaming
437
438 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
439
d0f3bb08
DM		 440pve-firewall (2.0-28) unstable; urgency=medium
441
442 * use pve-common's ipv4_mask_hash_localnet
443
5c53cde4
DC		 444 * fix allowed group name length
445
446 * make group digest stable
447
d0f3bb08
DM		 448 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
449
76a57e1a
DM		 450pve-firewall (2.0-27) unstable; urgency=medium
451
452 * fix #972: make PVEFW-FWBR-* rule order stable
453
454 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
455
17642172
DM		 456pve-firewall (2.0-26) unstable; urgency=medium
457
458 * fix #988: set rp_filter=2
459
460 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
461
6e29af12
DM		 462pve-firewall (2.0-25) unstable; urgency=medium
463
464 * fix #945: add uninitialized check in lxc ipset compilation
465
466 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
467
edb4aff5
DM		 468pve-firewall (2.0-24) unstable; urgency=medium
469
470 * Build-Depend on pve-doc-generator
471
472 * generate manpage with pve-doc-generator
473
474 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
475
e1158c15
DM		 476pve-firewall (2.0-23) unstable; urgency=medium
477
478 * use only the top bit for our accept marks
479
480 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
481
5399f912
DM		 482pve-firewall (2.0-22) unstable; urgency=medium
483
484 * Use cfs_config_path from PVE::QemuConfig
485
486 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
487
b9e73915
DM		 488pve-firewall (2.0-21) unstable; urgency=medium
489
490 * added new 'ipfilter' option
491
492 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
493
e2a49003
DM		 494pve-firewall (2.0-20) unstable; urgency=medium
495
496 * fix 901: encode unicode characters in sha digest
497
498 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
499
1d10f89a
DM		 500pve-firewall (2.0-19) unstable; urgency=medium
501
502 * Add radv option to VM options
503
504 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
505
666093cd
DM		 506pve-firewall (2.0-18) unstable; urgency=medium
507
508 * Add ndp option to host and VM firewall options
509
510 * Add router-solicitation to NeighborDiscovery macro
511
512 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
513
eaf25885
DM		 514pve-firewall (2.0-17) unstable; urgency=medium
515
516 * Don't leave empty FW config files behind
517
518 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
519
a177fb07
DM		 520pve-firewall (2.0-16) unstable; urgency=medium
521
522 * logger: basic ipv6 support
523
524 * add DHCPv6 macro
525
526 * add dhcpv6 support to the dhcp option
527
528 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
529
ab1b8d3c
DM		 530pve-firewall (2.0-15) unstable; urgency=medium
531
532 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
533
534 * fix some regular expressions mixups
535
536 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
537
c9c8d7a3
DM		 538pve-firewall (2.0-14) unstable; urgency=medium
539
540 * fix systemd service dependencies
541
542 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
543
aa818ae7
DM		 544pve-firewall (2.0-13) unstable; urgency=medium
545
546 * allow numeric icmp types
547
548 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
549
8dbebe7d
DM		 550pve-firewall (2.0-12) unstable; urgency=medium
551
552 * implement bash completions
553
554 * convert pve-firewall into a PVE::Service class
555
556 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
557
47704f4c
DM		 558pve-firewall (2.0-11) unstable; urgency=medium
559
560 * iptables_get_chains: fix veth device name
561
562 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
563
9eb84dc7
DM		 564pve-firewall (2.0-10) unstable; urgency=medium
565
566 * new helper: clone_vmfw_conf()
567
568 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
569
a3d34dac
DM		 570pve-firewall (2.0-9) unstable; urgency=medium
571
572 * remove firewall config file subroutine added
573
574 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
575
2a42a237
DM		 576pve-firewall (2.0-8) unstable; urgency=medium
577
578 * adopt regresion tests for lxc containers
579
580 * removed firewall code for openVZ
581
582 * Subroutine verify_rule fixed to correctly check only for "net\d+"
583 interface device names
584
585 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
586
33448a6e
DM		 587pve-firewall (2.0-7) unstable; urgency=medium
588
589 * added firewall code for lxc
590
591 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
592
19f14465
DM		 593pve-firewall (2.0-6) unstable; urgency=medium
594
595 * firewall ipversion comparison fix
596
597 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
598
8feec9fa
DM		 599pve-firewall (2.0-5) unstable; urgency=medium
600
601 * add ipv6 neighbor discovery and solicitation macros
602
603 * ip6tables accepts both spellings of the word neighbor
604
605 * added Ceph macro
606
607 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
608
e02c77aa
DM		 609pve-firewall (2.0-4) unstable; urgency=medium
610
611 * include manual page for pve-firewall
612
613 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
614
eb4a2902
DM		 615pve-firewall (2.0-3) unstable; urgency=medium
616
617 * use noawait trigers for pve-api-updates
618
619 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
620
56bb2e69
DM		 621pve-firewall (2.0-2) unstable; urgency=medium
622
623 * trigger pve-api-updates event
624
625 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
626
0b18ebe8
DM		 627pve-firewall (2.0-1) unstable; urgency=medium
628
629 * recompile for debian jessie
630
631 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
632
609f00c7
DM		 633pve-firewall (1.0-18) unstable; urgency=low
634
635 * fix alias lookup
636
637 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
638
de48e659
DM		 639pve-firewall (1.0-17) unstable; urgency=low
640
641 * fix restart behavior
642
643 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
644
b92d2ed2
DM		 645pve-firewall (1.0-16) unstable; urgency=low
646
647 * use new Daemon class from pve-common
648
649 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
650
22dde8d6
DM		 651pve-firewall (1.0-15) unstable; urgency=low
652
653 * bug fix: load cluster conf for host rules
654
655 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
656
e33e2f16
DM		 657pve-firewall (1.0-14) unstable; urgency=low
658
659 * do not use ipset list chains
660
661 * remove preinst script (not needed anymore)
662
663 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
664
3bce273b
DM		 665pve-firewall (1.0-13) unstable; urgency=low
666
667 * fix ipset remove order
668
669 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
670
7a7c322c
DM		 671pve-firewall (1.0-12) unstable; urgency=low
672
673 * add preinst script to clear ipset from older installation (because
674 sets cannot be swapped if there type does not match.
ce41ae23 675
7a7c322c
DM		 676 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
677
1b918ee5
DM		 678pve-firewall (1.0-11) unstable; urgency=low
679
680 * bug fix: correctly set ipversion for aliases in verify_rule
681
682 * save restore commands into files to make debugging
683 easier (/var/lib/pve-firewall/)
684
685 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
686
df617cea
DM		 687pve-firewall (1.0-10) unstable; urgency=low
688
689 * add IPv6 support for VMs (hostfw is IPv4 only)
690
691 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
692
0ac57570
DM		 693pve-firewall (1.0-9) unstable; urgency=low
694
695 * fix max ipset name name length
696
697 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
698
05fd3b63
DM		 699pve-firewall (1.0-8) unstable; urgency=low
700
701 * implement permission
702
703 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
704
bea9d5ab
DM		 705pve-firewall (1.0-7) unstable; urgency=low
706
707 * proxy host rule API calls to correct node
a34cfdd0
DM		 708
709 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 710
711 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
712
582275c3
DM		 713pve-firewall (1.0-6) unstable; urgency=low
714
715 * ipmlement ipfilter ipsets
716
717 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
718
de0c1e49
DM		 719pve-firewall (1.0-5) unstable; urgency=low
720
721 * remove ipsets when firewall disabled
722
723 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
724
64c266f5
DM		 725pve-firewall (1.0-4) unstable; urgency=low
726
727 * depend on iptables and ipset
728
729 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
730
16bcfa8b
DM		 731pve-firewall (1.0-3) unstable; urgency=low
732
733 * change dh_installinit order (register pvefw-logger before pve-firewall)
734
735 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
736
ba0b3a0a
DM		 737pve-firewall (1.0-2) unstable; urgency=low
738
739 * add experimental nflog logging daemon
740
741 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
742
bb272dd3
DM		 743pve-firewall (1.0-1) unstable; urgency=low
744
745 * initial package
746
747 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
748
Firewall test scripts