]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
fix indentation/whitspace
[pve-firewall.git] / debian / changelog
CommitLineData
c8f3e1ee
TL
1pve-firewall (4.0-6) pve; urgency=medium
2
3 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
4
5 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
6
6fc572dc
TL
7pve-firewall (4.0-5) pve; urgency=medium
8
9 * don't use any base path at all for calls to external binaries to make use
10 compativle with bot, /usr merged and unmerged setups
11
12 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
13
b1379400
TL
14pve-firewall (4.0-4) pve; urgency=medium
15
16 * ebtables: remove PVE chains properly
17
18 * ebtables: treat chain deletion as change
19
20 * use /usr/sbin as base path
21
22 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
23
9e01d77d
TL
24pve-firewall (4.0-3) pve; urgency=medium
25
26 * Create corosync firewall rules independently of localnet~
27
28 * Display corosync rule info on localnet call
29
30 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
31
9429bd35
TL
32pve-firewall (4.0-2) pve; urgency=medium
33
34 * fix systemd warning about PIDFile directory
35
36 * fix CT rule generation with ipfilter set
37
38 * pve-firewall service: update-alternative iptables and ebtables to working
39 legacy versions
40
41 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
42
6b9da9b0
TL
43pve-firewall (4.0-1) pve; urgency=medium
44
45 * re-build for Debian Buster / PVE 6
46
47 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
48
dd7d737b
TL
49pve-firewall (3.0-21) unstable; urgency=medium
50
51 * fix ipv6 PVEFW-reject
52
53 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
54 ebtables doing the wrong thing here
55
56 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
57
bbf77725
TL
58pve-firewall (3.0-20) unstable; urgency=medium
59
60 * use IPCC to read config and rule files, if the are backed by pmxcfs which
61 has better handling for pmxcfs restarts
62
63 * fix #2178: endless loop on ipv6 extension headers
64
65 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
66
baba607a
TL
67pve-firewall (3.0-19) unstable; urgency=medium
68
69 * ebtables: add arp filtering
70
71 * fix: #2123 Logging of user defined firewall rules
72
73 * fix Razor macro
74
75 * allow to enable/disable and modify cluster wide log ratelimits
76
77 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
78
d8ea08e3
TL
79pve-firewall (3.0-18) unstable; urgency=medium
80
81 * fix #1606: Add nf_conntrack_allow_invalid option
82
83 * log reject : add space after policy REJECT like drop
84
85 * fix #1891: Add zsh command completion for pve-firewall
86
87 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
88
91d88bc5
TL
89pve-firewall (3.0-17) unstable; urgency=medium
90
91 * fix #2005: only allow ascii port digits
92
93 * fix #2004: do not allow backwards ranges
94
95 * add conntrack logging via libnetfilter_conntrack and allow one to enable
96 it through the firewall host configuration
97
98 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
99
81d13a9d
TL
100pve-firewall (3.0-16) unstable; urgency=medium
101
102 * api/rules: fix macro return type
103
104 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
105
bed701bc
TL
106pve-firewall (3.0-15) unstable; urgency=medium
107
108 * fix #1971: display firewall rule properties
109
110 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
111
a24b157b
WB
112pve-firewall (3.0-14) unstable; urgency=medium
113
114 * fix #1841: avoid ebtable reloads when containers have multiple network
115 interfaces
116
117 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
118
cf7dd94b
WB
119pve-firewall (3.0-13) unstable; urgency=medium
120
121 * avoid unnecessary reloads of ebtable ruleset
122
123 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
124
dd03bf6e
WB
125pve-firewall (3.0-12) unstable; urgency=medium
126
127 * fix deleted iptables chains not being properly detected as a change
128
129 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
130
587a0f20 131pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL
132
133 * #1764: rename 'ebtales_enable' option to 'ebtables'
134
587a0f20 135 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 136
423b86ef
WB
137pve-firewall (3.0-10) unstable; urgency=medium
138
139 * fix #1764: handle existing ebtables rules and allow disabling ebtables
140
141 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
142 ebtables_enable option.
143
144 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
145
567e58ce
WB
146pve-firewall (3.0-9) unstable; urgency=medium
147
148 * fix creation of ebltables FORWARD rule entry
149
150 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
151
ea0d59ed
WB
152pve-firewall (3.0-8) unstable; urgency=medium
153
154 * add ebtables support for better MAC filtering
155
156 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
157
9a19ec81
WB
158pve-firewall (3.0-7) unstable; urgency=medium
159
160 * support distinct source and destination multi-port matching
161
162 * multi-port matching: when specifying the same list of ports for source and
163 destination require them both to match, rather than one of them, as this
164 was rather unexpected behavior
165
166 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
167
8c41d444
DM
168pve-firewall (3.0-6) unstable; urgency=medium
169
170 * fix #1319: don't fail postinst with masked service
171
172 * debian: switch to compat 9, drop init scripts, drop preinst
173
174 * check multiport limit in port ranges
175
176 * build: use git rev-parse for GITVERSION
177
178 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
179
4299c35f
WB
180pve-firewall (3.0-5) unstable; urgency=medium
181
182 * fix issue with disabled flag not being honored within groups
183
184 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
185
a19d4127
WB
186pve-firewall (3.0-4) unstable; urgency=medium
187
188 * fix issues with ipsets reloading unnecessarily or too late
189
190 * fix some typos in the logs
191
192 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
193
c0c71b1b
WB
194pve-firewall (3.0-3) unstable; urgency=medium
195
196 * Fix #1492: logger: use current timestamp if the packet doesn't have one
197
198 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
199
4f7a4bdd
WB
200pve-firewall (3.0-2) unstable; urgency=medium
201
202 * Fix #1446: remove masks in case the package had previously been removed but
203 not purged.
204
205 * improve logging on errors in the firewall configuration
206
207 * forbid trailing commas in lists as iptables-restore doesn't support them
208
209 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
210
29a94c79
FG
211pve-firewall (3.0-1) unstable; urgency=medium
212
213 * rebuild for Debian Stretch
214
215 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
216
df67a3dc
DM
217pve-firewall (2.0-33) unstable; urgency=medium
218
219 * ipset: don't allow zero-prefix entries
220
221 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
222
dc643b4d
DM
223pve-firewall (2.0-32) unstable; urgency=medium
224
225 * improve search for local-network
226
227 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
228
45f206fd
DM
229pve-firewall (2.0-31) unstable; urgency=medium
230
231 * don't try to apply ports to rules which don't support them
232
233 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
234
2ea28d0c
DM
235pve-firewall (2.0-30) unstable; urgency=medium
236
237 * add multicast DNS to the list of Macros
238
239 * add missing parameter descriptions
240
241 * build-depends: add dh-systemd
242
243 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
244
b65d13d9
DM
245pve-firewall (2.0-29) unstable; urgency=medium
246
247 * prevent overwriting ipsets/sec. groups by renaming
248
249 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
250
d0f3bb08
DM
251pve-firewall (2.0-28) unstable; urgency=medium
252
253 * use pve-common's ipv4_mask_hash_localnet
254
5c53cde4
DC
255 * fix allowed group name length
256
257 * make group digest stable
258
d0f3bb08
DM
259 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
260
76a57e1a
DM
261pve-firewall (2.0-27) unstable; urgency=medium
262
263 * fix #972: make PVEFW-FWBR-* rule order stable
264
265 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
266
17642172
DM
267pve-firewall (2.0-26) unstable; urgency=medium
268
269 * fix #988: set rp_filter=2
270
271 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
272
6e29af12
DM
273pve-firewall (2.0-25) unstable; urgency=medium
274
275 * fix #945: add uninitialized check in lxc ipset compilation
276
277 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
278
edb4aff5
DM
279pve-firewall (2.0-24) unstable; urgency=medium
280
281 * Build-Depend on pve-doc-generator
282
283 * generate manpage with pve-doc-generator
284
285 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
286
e1158c15
DM
287pve-firewall (2.0-23) unstable; urgency=medium
288
289 * use only the top bit for our accept marks
290
291 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
292
5399f912
DM
293pve-firewall (2.0-22) unstable; urgency=medium
294
295 * Use cfs_config_path from PVE::QemuConfig
296
297 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
298
b9e73915
DM
299pve-firewall (2.0-21) unstable; urgency=medium
300
301 * added new 'ipfilter' option
302
303 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
304
e2a49003
DM
305pve-firewall (2.0-20) unstable; urgency=medium
306
307 * fix 901: encode unicode characters in sha digest
308
309 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
310
1d10f89a
DM
311pve-firewall (2.0-19) unstable; urgency=medium
312
313 * Add radv option to VM options
314
315 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
316
666093cd
DM
317pve-firewall (2.0-18) unstable; urgency=medium
318
319 * Add ndp option to host and VM firewall options
320
321 * Add router-solicitation to NeighborDiscovery macro
322
323 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
324
eaf25885
DM
325pve-firewall (2.0-17) unstable; urgency=medium
326
327 * Don't leave empty FW config files behind
328
329 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
330
a177fb07
DM
331pve-firewall (2.0-16) unstable; urgency=medium
332
333 * logger: basic ipv6 support
334
335 * add DHCPv6 macro
336
337 * add dhcpv6 support to the dhcp option
338
339 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
340
ab1b8d3c
DM
341pve-firewall (2.0-15) unstable; urgency=medium
342
343 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
344
345 * fix some regular expressions mixups
346
347 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
348
c9c8d7a3
DM
349pve-firewall (2.0-14) unstable; urgency=medium
350
351 * fix systemd service dependencies
352
353 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
354
aa818ae7
DM
355pve-firewall (2.0-13) unstable; urgency=medium
356
357 * allow numeric icmp types
358
359 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
360
8dbebe7d
DM
361pve-firewall (2.0-12) unstable; urgency=medium
362
363 * implement bash completions
364
365 * convert pve-firewall into a PVE::Service class
366
367 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
368
47704f4c
DM
369pve-firewall (2.0-11) unstable; urgency=medium
370
371 * iptables_get_chains: fix veth device name
372
373 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
374
9eb84dc7
DM
375pve-firewall (2.0-10) unstable; urgency=medium
376
377 * new helper: clone_vmfw_conf()
378
379 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
380
a3d34dac
DM
381pve-firewall (2.0-9) unstable; urgency=medium
382
383 * remove firewall config file subroutine added
384
385 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
386
2a42a237
DM
387pve-firewall (2.0-8) unstable; urgency=medium
388
389 * adopt regresion tests for lxc containers
390
391 * removed firewall code for openVZ
392
393 * Subroutine verify_rule fixed to correctly check only for "net\d+"
394 interface device names
395
396 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
397
33448a6e
DM
398pve-firewall (2.0-7) unstable; urgency=medium
399
400 * added firewall code for lxc
401
402 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
403
19f14465
DM
404pve-firewall (2.0-6) unstable; urgency=medium
405
406 * firewall ipversion comparison fix
407
408 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
409
8feec9fa
DM
410pve-firewall (2.0-5) unstable; urgency=medium
411
412 * add ipv6 neighbor discovery and solicitation macros
413
414 * ip6tables accepts both spellings of the word neighbor
415
416 * added Ceph macro
417
418 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
419
e02c77aa
DM
420pve-firewall (2.0-4) unstable; urgency=medium
421
422 * include manual page for pve-firewall
423
424 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
425
eb4a2902
DM
426pve-firewall (2.0-3) unstable; urgency=medium
427
428 * use noawait trigers for pve-api-updates
429
430 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
431
56bb2e69
DM
432pve-firewall (2.0-2) unstable; urgency=medium
433
434 * trigger pve-api-updates event
435
436 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
437
0b18ebe8
DM
438pve-firewall (2.0-1) unstable; urgency=medium
439
440 * recompile for debian jessie
441
442 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
443
609f00c7
DM
444pve-firewall (1.0-18) unstable; urgency=low
445
446 * fix alias lookup
447
448 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
449
de48e659
DM
450pve-firewall (1.0-17) unstable; urgency=low
451
452 * fix restart behavior
453
454 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
455
b92d2ed2
DM
456pve-firewall (1.0-16) unstable; urgency=low
457
458 * use new Daemon class from pve-common
459
460 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
461
22dde8d6
DM
462pve-firewall (1.0-15) unstable; urgency=low
463
464 * bug fix: load cluster conf for host rules
465
466 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
467
e33e2f16
DM
468pve-firewall (1.0-14) unstable; urgency=low
469
470 * do not use ipset list chains
471
472 * remove preinst script (not needed anymore)
473
474 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
475
3bce273b
DM
476pve-firewall (1.0-13) unstable; urgency=low
477
478 * fix ipset remove order
479
480 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
481
7a7c322c
DM
482pve-firewall (1.0-12) unstable; urgency=low
483
484 * add preinst script to clear ipset from older installation (because
485 sets cannot be swapped if there type does not match.
ce41ae23 486
7a7c322c
DM
487 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
488
1b918ee5
DM
489pve-firewall (1.0-11) unstable; urgency=low
490
491 * bug fix: correctly set ipversion for aliases in verify_rule
492
493 * save restore commands into files to make debugging
494 easier (/var/lib/pve-firewall/)
495
496 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
497
df617cea
DM
498pve-firewall (1.0-10) unstable; urgency=low
499
500 * add IPv6 support for VMs (hostfw is IPv4 only)
501
502 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
503
0ac57570
DM
504pve-firewall (1.0-9) unstable; urgency=low
505
506 * fix max ipset name name length
507
508 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
509
05fd3b63
DM
510pve-firewall (1.0-8) unstable; urgency=low
511
512 * implement permission
513
514 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
515
bea9d5ab
DM
516pve-firewall (1.0-7) unstable; urgency=low
517
518 * proxy host rule API calls to correct node
a34cfdd0
DM
519
520 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM
521
522 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
523
582275c3
DM
524pve-firewall (1.0-6) unstable; urgency=low
525
526 * ipmlement ipfilter ipsets
527
528 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
529
de0c1e49
DM
530pve-firewall (1.0-5) unstable; urgency=low
531
532 * remove ipsets when firewall disabled
533
534 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
535
64c266f5
DM
536pve-firewall (1.0-4) unstable; urgency=low
537
538 * depend on iptables and ipset
539
540 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
541
16bcfa8b
DM
542pve-firewall (1.0-3) unstable; urgency=low
543
544 * change dh_installinit order (register pvefw-logger before pve-firewall)
545
546 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
547
ba0b3a0a
DM
548pve-firewall (1.0-2) unstable; urgency=low
549
550 * add experimental nflog logging daemon
551
552 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
553
bb272dd3
DM
554pve-firewall (1.0-1) unstable; urgency=low
555
556 * initial package
557
558 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
559