]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
d/control: bump version dependency to pve-doc-generator
[pve-firewall.git] / debian / changelog
CommitLineData
91d88bc5
TL		 1pve-firewall (3.0-17) unstable; urgency=medium
2
3 * fix #2005: only allow ascii port digits
4
5 * fix #2004: do not allow backwards ranges
6
7 * add conntrack logging via libnetfilter_conntrack and allow one to enable
8 it through the firewall host configuration
9
10 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
11
81d13a9d
TL		 12pve-firewall (3.0-16) unstable; urgency=medium
13
14 * api/rules: fix macro return type
15
16 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
17
bed701bc
TL		 18pve-firewall (3.0-15) unstable; urgency=medium
19
20 * fix #1971: display firewall rule properties
21
22 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
23
a24b157b
WB		 24pve-firewall (3.0-14) unstable; urgency=medium
25
26 * fix #1841: avoid ebtable reloads when containers have multiple network
27 interfaces
28
29 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
30
cf7dd94b
WB		 31pve-firewall (3.0-13) unstable; urgency=medium
32
33 * avoid unnecessary reloads of ebtable ruleset
34
35 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
36
dd03bf6e
WB		 37pve-firewall (3.0-12) unstable; urgency=medium
38
39 * fix deleted iptables chains not being properly detected as a change
40
41 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
42
587a0f20 43pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 44
45 * #1764: rename 'ebtales_enable' option to 'ebtables'
46
587a0f20 47 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 48
423b86ef
WB		 49pve-firewall (3.0-10) unstable; urgency=medium
50
51 * fix #1764: handle existing ebtables rules and allow disabling ebtables
52
53 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
54 ebtables_enable option.
55
56 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
57
567e58ce
WB		 58pve-firewall (3.0-9) unstable; urgency=medium
59
60 * fix creation of ebltables FORWARD rule entry
61
62 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
63
ea0d59ed
WB		 64pve-firewall (3.0-8) unstable; urgency=medium
65
66 * add ebtables support for better MAC filtering
67
68 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
69
9a19ec81
WB		 70pve-firewall (3.0-7) unstable; urgency=medium
71
72 * support distinct source and destination multi-port matching
73
74 * multi-port matching: when specifying the same list of ports for source and
75 destination require them both to match, rather than one of them, as this
76 was rather unexpected behavior
77
78 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
79
8c41d444
DM		 80pve-firewall (3.0-6) unstable; urgency=medium
81
82 * fix #1319: don't fail postinst with masked service
83
84 * debian: switch to compat 9, drop init scripts, drop preinst
85
86 * check multiport limit in port ranges
87
88 * build: use git rev-parse for GITVERSION
89
90 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
91
4299c35f
WB		 92pve-firewall (3.0-5) unstable; urgency=medium
93
94 * fix issue with disabled flag not being honored within groups
95
96 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
97
a19d4127
WB		 98pve-firewall (3.0-4) unstable; urgency=medium
99
100 * fix issues with ipsets reloading unnecessarily or too late
101
102 * fix some typos in the logs
103
104 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
105
c0c71b1b
WB		 106pve-firewall (3.0-3) unstable; urgency=medium
107
108 * Fix #1492: logger: use current timestamp if the packet doesn't have one
109
110 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
111
4f7a4bdd
WB		 112pve-firewall (3.0-2) unstable; urgency=medium
113
114 * Fix #1446: remove masks in case the package had previously been removed but
115 not purged.
116
117 * improve logging on errors in the firewall configuration
118
119 * forbid trailing commas in lists as iptables-restore doesn't support them
120
121 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
122
29a94c79
FG		 123pve-firewall (3.0-1) unstable; urgency=medium
124
125 * rebuild for Debian Stretch
126
127 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
128
df67a3dc
DM		 129pve-firewall (2.0-33) unstable; urgency=medium
130
131 * ipset: don't allow zero-prefix entries
132
133 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
134
dc643b4d
DM		 135pve-firewall (2.0-32) unstable; urgency=medium
136
137 * improve search for local-network
138
139 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
140
45f206fd
DM		 141pve-firewall (2.0-31) unstable; urgency=medium
142
143 * don't try to apply ports to rules which don't support them
144
145 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
146
2ea28d0c
DM		 147pve-firewall (2.0-30) unstable; urgency=medium
148
149 * add multicast DNS to the list of Macros
150
151 * add missing parameter descriptions
152
153 * build-depends: add dh-systemd
154
155 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
156
b65d13d9
DM		 157pve-firewall (2.0-29) unstable; urgency=medium
158
159 * prevent overwriting ipsets/sec. groups by renaming
160
161 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
162
d0f3bb08
DM		 163pve-firewall (2.0-28) unstable; urgency=medium
164
165 * use pve-common's ipv4_mask_hash_localnet
166
5c53cde4
DC		 167 * fix allowed group name length
168
169 * make group digest stable
170
d0f3bb08
DM		 171 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
172
76a57e1a
DM		 173pve-firewall (2.0-27) unstable; urgency=medium
174
175 * fix #972: make PVEFW-FWBR-* rule order stable
176
177 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
178
17642172
DM		 179pve-firewall (2.0-26) unstable; urgency=medium
180
181 * fix #988: set rp_filter=2
182
183 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
184
6e29af12
DM		 185pve-firewall (2.0-25) unstable; urgency=medium
186
187 * fix #945: add uninitialized check in lxc ipset compilation
188
189 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
190
edb4aff5
DM		 191pve-firewall (2.0-24) unstable; urgency=medium
192
193 * Build-Depend on pve-doc-generator
194
195 * generate manpage with pve-doc-generator
196
197 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
198
e1158c15
DM		 199pve-firewall (2.0-23) unstable; urgency=medium
200
201 * use only the top bit for our accept marks
202
203 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
204
5399f912
DM		 205pve-firewall (2.0-22) unstable; urgency=medium
206
207 * Use cfs_config_path from PVE::QemuConfig
208
209 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
210
b9e73915
DM		 211pve-firewall (2.0-21) unstable; urgency=medium
212
213 * added new 'ipfilter' option
214
215 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
216
e2a49003
DM		 217pve-firewall (2.0-20) unstable; urgency=medium
218
219 * fix 901: encode unicode characters in sha digest
220
221 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
222
1d10f89a
DM		 223pve-firewall (2.0-19) unstable; urgency=medium
224
225 * Add radv option to VM options
226
227 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
228
666093cd
DM		 229pve-firewall (2.0-18) unstable; urgency=medium
230
231 * Add ndp option to host and VM firewall options
232
233 * Add router-solicitation to NeighborDiscovery macro
234
235 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
236
eaf25885
DM		 237pve-firewall (2.0-17) unstable; urgency=medium
238
239 * Don't leave empty FW config files behind
240
241 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
242
a177fb07
DM		 243pve-firewall (2.0-16) unstable; urgency=medium
244
245 * logger: basic ipv6 support
246
247 * add DHCPv6 macro
248
249 * add dhcpv6 support to the dhcp option
250
251 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
252
ab1b8d3c
DM		 253pve-firewall (2.0-15) unstable; urgency=medium
254
255 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
256
257 * fix some regular expressions mixups
258
259 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
260
c9c8d7a3
DM		 261pve-firewall (2.0-14) unstable; urgency=medium
262
263 * fix systemd service dependencies
264
265 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
266
aa818ae7
DM		 267pve-firewall (2.0-13) unstable; urgency=medium
268
269 * allow numeric icmp types
270
271 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
272
8dbebe7d
DM		 273pve-firewall (2.0-12) unstable; urgency=medium
274
275 * implement bash completions
276
277 * convert pve-firewall into a PVE::Service class
278
279 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
280
47704f4c
DM		 281pve-firewall (2.0-11) unstable; urgency=medium
282
283 * iptables_get_chains: fix veth device name
284
285 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
286
9eb84dc7
DM		 287pve-firewall (2.0-10) unstable; urgency=medium
288
289 * new helper: clone_vmfw_conf()
290
291 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
292
a3d34dac
DM		 293pve-firewall (2.0-9) unstable; urgency=medium
294
295 * remove firewall config file subroutine added
296
297 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
298
2a42a237
DM		 299pve-firewall (2.0-8) unstable; urgency=medium
300
301 * adopt regresion tests for lxc containers
302
303 * removed firewall code for openVZ
304
305 * Subroutine verify_rule fixed to correctly check only for "net\d+"
306 interface device names
307
308 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
309
33448a6e
DM		 310pve-firewall (2.0-7) unstable; urgency=medium
311
312 * added firewall code for lxc
313
314 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
315
19f14465
DM		 316pve-firewall (2.0-6) unstable; urgency=medium
317
318 * firewall ipversion comparison fix
319
320 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
321
8feec9fa
DM		 322pve-firewall (2.0-5) unstable; urgency=medium
323
324 * add ipv6 neighbor discovery and solicitation macros
325
326 * ip6tables accepts both spellings of the word neighbor
327
328 * added Ceph macro
329
330 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
331
e02c77aa
DM		 332pve-firewall (2.0-4) unstable; urgency=medium
333
334 * include manual page for pve-firewall
335
336 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
337
eb4a2902
DM		 338pve-firewall (2.0-3) unstable; urgency=medium
339
340 * use noawait trigers for pve-api-updates
341
342 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
343
56bb2e69
DM		 344pve-firewall (2.0-2) unstable; urgency=medium
345
346 * trigger pve-api-updates event
347
348 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
349
0b18ebe8
DM		 350pve-firewall (2.0-1) unstable; urgency=medium
351
352 * recompile for debian jessie
353
354 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
355
609f00c7
DM		 356pve-firewall (1.0-18) unstable; urgency=low
357
358 * fix alias lookup
359
360 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
361
de48e659
DM		 362pve-firewall (1.0-17) unstable; urgency=low
363
364 * fix restart behavior
365
366 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
367
b92d2ed2
DM		 368pve-firewall (1.0-16) unstable; urgency=low
369
370 * use new Daemon class from pve-common
371
372 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
373
22dde8d6
DM		 374pve-firewall (1.0-15) unstable; urgency=low
375
376 * bug fix: load cluster conf for host rules
377
378 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
379
e33e2f16
DM		 380pve-firewall (1.0-14) unstable; urgency=low
381
382 * do not use ipset list chains
383
384 * remove preinst script (not needed anymore)
385
386 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
387
3bce273b
DM		 388pve-firewall (1.0-13) unstable; urgency=low
389
390 * fix ipset remove order
391
392 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
393
7a7c322c
DM		 394pve-firewall (1.0-12) unstable; urgency=low
395
396 * add preinst script to clear ipset from older installation (because
397 sets cannot be swapped if there type does not match.
ce41ae23 398
7a7c322c
DM		 399 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
400
1b918ee5
DM		 401pve-firewall (1.0-11) unstable; urgency=low
402
403 * bug fix: correctly set ipversion for aliases in verify_rule
404
405 * save restore commands into files to make debugging
406 easier (/var/lib/pve-firewall/)
407
408 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
409
df617cea
DM		 410pve-firewall (1.0-10) unstable; urgency=low
411
412 * add IPv6 support for VMs (hostfw is IPv4 only)
413
414 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
415
0ac57570
DM		 416pve-firewall (1.0-9) unstable; urgency=low
417
418 * fix max ipset name name length
419
420 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
421
05fd3b63
DM		 422pve-firewall (1.0-8) unstable; urgency=low
423
424 * implement permission
425
426 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
427
bea9d5ab
DM		 428pve-firewall (1.0-7) unstable; urgency=low
429
430 * proxy host rule API calls to correct node
a34cfdd0
DM		 431
432 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 433
434 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
435
582275c3
DM		 436pve-firewall (1.0-6) unstable; urgency=low
437
438 * ipmlement ipfilter ipsets
439
440 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
441
de0c1e49
DM		 442pve-firewall (1.0-5) unstable; urgency=low
443
444 * remove ipsets when firewall disabled
445
446 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
447
64c266f5
DM		 448pve-firewall (1.0-4) unstable; urgency=low
449
450 * depend on iptables and ipset
451
452 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
453
16bcfa8b
DM		 454pve-firewall (1.0-3) unstable; urgency=low
455
456 * change dh_installinit order (register pvefw-logger before pve-firewall)
457
458 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
459
ba0b3a0a
DM		 460pve-firewall (1.0-2) unstable; urgency=low
461
462 * add experimental nflog logging daemon
463
464 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
465
bb272dd3
DM		 466pve-firewall (1.0-1) unstable; urgency=low
467
468 * initial package
469
470 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
471
Firewall test scripts