]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 4.0-9
[pve-firewall.git] / debian / changelog
CommitLineData
5162c268
TL		 1pve-firewall (4.0-9) pve; urgency=medium
2
3 * ensure port range used for offline storage migration and insecure migration
4 traffic is allowed by default rule set.
5
6 -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100
7
5ac03b1c
WB		 8pve-firewall (4.0-8) pve; urgency=medium
9
10 * increase default nf_conntrack_max to the kernel's default
11
12 * fix some "use of uninitialized value" warnings when updating CIDRs
13
14 * update schema documentation
15
16 * add explicit dependency on libpve-cluster-perl
17
18 * add support for "raw" tables
19
20 * add options for synflood protection for host firewall:
21 - nf_conntrack_tcp_timeout_syn_recv
22 - protection_synflood: boolean
23 - protection_synflood_rate: SYN rate limit (default 200 per second)
24 - protection_synflood_burst: SYN burst limit (default 1000)
25
26 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100
27
bd368955
FG		 28pve-firewall (4.0-7) pve; urgency=medium
29
30 * only add VM chains and rules if VM firewall is enabled
31
32 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
33
c8f3e1ee
TL		 34pve-firewall (4.0-6) pve; urgency=medium
35
36 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
37
38 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
39
6fc572dc
TL		 40pve-firewall (4.0-5) pve; urgency=medium
41
42 * don't use any base path at all for calls to external binaries to make use
43 compativle with bot, /usr merged and unmerged setups
44
45 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
46
b1379400
TL		 47pve-firewall (4.0-4) pve; urgency=medium
48
49 * ebtables: remove PVE chains properly
50
51 * ebtables: treat chain deletion as change
52
53 * use /usr/sbin as base path
54
55 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
56
9e01d77d
TL		 57pve-firewall (4.0-3) pve; urgency=medium
58
59 * Create corosync firewall rules independently of localnet~
60
61 * Display corosync rule info on localnet call
62
63 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
64
9429bd35
TL		 65pve-firewall (4.0-2) pve; urgency=medium
66
67 * fix systemd warning about PIDFile directory
68
69 * fix CT rule generation with ipfilter set
70
71 * pve-firewall service: update-alternative iptables and ebtables to working
72 legacy versions
73
74 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
75
6b9da9b0
TL		 76pve-firewall (4.0-1) pve; urgency=medium
77
78 * re-build for Debian Buster / PVE 6
79
80 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
81
dd7d737b
TL		 82pve-firewall (3.0-21) unstable; urgency=medium
83
84 * fix ipv6 PVEFW-reject
85
86 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
87 ebtables doing the wrong thing here
88
89 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
90
bbf77725
TL		 91pve-firewall (3.0-20) unstable; urgency=medium
92
93 * use IPCC to read config and rule files, if the are backed by pmxcfs which
94 has better handling for pmxcfs restarts
95
96 * fix #2178: endless loop on ipv6 extension headers
97
98 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
99
baba607a
TL		 100pve-firewall (3.0-19) unstable; urgency=medium
101
102 * ebtables: add arp filtering
103
104 * fix: #2123 Logging of user defined firewall rules
105
106 * fix Razor macro
107
108 * allow to enable/disable and modify cluster wide log ratelimits
109
110 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
111
d8ea08e3
TL		 112pve-firewall (3.0-18) unstable; urgency=medium
113
114 * fix #1606: Add nf_conntrack_allow_invalid option
115
116 * log reject : add space after policy REJECT like drop
117
118 * fix #1891: Add zsh command completion for pve-firewall
119
120 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
121
91d88bc5
TL		 122pve-firewall (3.0-17) unstable; urgency=medium
123
124 * fix #2005: only allow ascii port digits
125
126 * fix #2004: do not allow backwards ranges
127
128 * add conntrack logging via libnetfilter_conntrack and allow one to enable
129 it through the firewall host configuration
130
131 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
132
81d13a9d
TL		 133pve-firewall (3.0-16) unstable; urgency=medium
134
135 * api/rules: fix macro return type
136
137 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
138
bed701bc
TL		 139pve-firewall (3.0-15) unstable; urgency=medium
140
141 * fix #1971: display firewall rule properties
142
143 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
144
a24b157b
WB		 145pve-firewall (3.0-14) unstable; urgency=medium
146
147 * fix #1841: avoid ebtable reloads when containers have multiple network
148 interfaces
149
150 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
151
cf7dd94b
WB		 152pve-firewall (3.0-13) unstable; urgency=medium
153
154 * avoid unnecessary reloads of ebtable ruleset
155
156 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
157
dd03bf6e
WB		 158pve-firewall (3.0-12) unstable; urgency=medium
159
160 * fix deleted iptables chains not being properly detected as a change
161
162 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
163
587a0f20 164pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 165
166 * #1764: rename 'ebtales_enable' option to 'ebtables'
167
587a0f20 168 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 169
423b86ef
WB		 170pve-firewall (3.0-10) unstable; urgency=medium
171
172 * fix #1764: handle existing ebtables rules and allow disabling ebtables
173
174 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
175 ebtables_enable option.
176
177 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
178
567e58ce
WB		 179pve-firewall (3.0-9) unstable; urgency=medium
180
181 * fix creation of ebltables FORWARD rule entry
182
183 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
184
ea0d59ed
WB		 185pve-firewall (3.0-8) unstable; urgency=medium
186
187 * add ebtables support for better MAC filtering
188
189 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
190
9a19ec81
WB		 191pve-firewall (3.0-7) unstable; urgency=medium
192
193 * support distinct source and destination multi-port matching
194
195 * multi-port matching: when specifying the same list of ports for source and
196 destination require them both to match, rather than one of them, as this
197 was rather unexpected behavior
198
199 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
200
8c41d444
DM		 201pve-firewall (3.0-6) unstable; urgency=medium
202
203 * fix #1319: don't fail postinst with masked service
204
205 * debian: switch to compat 9, drop init scripts, drop preinst
206
207 * check multiport limit in port ranges
208
209 * build: use git rev-parse for GITVERSION
210
211 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
212
4299c35f
WB		 213pve-firewall (3.0-5) unstable; urgency=medium
214
215 * fix issue with disabled flag not being honored within groups
216
217 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
218
a19d4127
WB		 219pve-firewall (3.0-4) unstable; urgency=medium
220
221 * fix issues with ipsets reloading unnecessarily or too late
222
223 * fix some typos in the logs
224
225 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
226
c0c71b1b
WB		 227pve-firewall (3.0-3) unstable; urgency=medium
228
229 * Fix #1492: logger: use current timestamp if the packet doesn't have one
230
231 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
232
4f7a4bdd
WB		 233pve-firewall (3.0-2) unstable; urgency=medium
234
235 * Fix #1446: remove masks in case the package had previously been removed but
236 not purged.
237
238 * improve logging on errors in the firewall configuration
239
240 * forbid trailing commas in lists as iptables-restore doesn't support them
241
242 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
243
29a94c79
FG		 244pve-firewall (3.0-1) unstable; urgency=medium
245
246 * rebuild for Debian Stretch
247
248 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
249
df67a3dc
DM		 250pve-firewall (2.0-33) unstable; urgency=medium
251
252 * ipset: don't allow zero-prefix entries
253
254 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
255
dc643b4d
DM		 256pve-firewall (2.0-32) unstable; urgency=medium
257
258 * improve search for local-network
259
260 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
261
45f206fd
DM		 262pve-firewall (2.0-31) unstable; urgency=medium
263
264 * don't try to apply ports to rules which don't support them
265
266 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
267
2ea28d0c
DM		 268pve-firewall (2.0-30) unstable; urgency=medium
269
270 * add multicast DNS to the list of Macros
271
272 * add missing parameter descriptions
273
274 * build-depends: add dh-systemd
275
276 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
277
b65d13d9
DM		 278pve-firewall (2.0-29) unstable; urgency=medium
279
280 * prevent overwriting ipsets/sec. groups by renaming
281
282 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
283
d0f3bb08
DM		 284pve-firewall (2.0-28) unstable; urgency=medium
285
286 * use pve-common's ipv4_mask_hash_localnet
287
5c53cde4
DC		 288 * fix allowed group name length
289
290 * make group digest stable
291
d0f3bb08
DM		 292 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
293
76a57e1a
DM		 294pve-firewall (2.0-27) unstable; urgency=medium
295
296 * fix #972: make PVEFW-FWBR-* rule order stable
297
298 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
299
17642172
DM		 300pve-firewall (2.0-26) unstable; urgency=medium
301
302 * fix #988: set rp_filter=2
303
304 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
305
6e29af12
DM		 306pve-firewall (2.0-25) unstable; urgency=medium
307
308 * fix #945: add uninitialized check in lxc ipset compilation
309
310 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
311
edb4aff5
DM		 312pve-firewall (2.0-24) unstable; urgency=medium
313
314 * Build-Depend on pve-doc-generator
315
316 * generate manpage with pve-doc-generator
317
318 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
319
e1158c15
DM		 320pve-firewall (2.0-23) unstable; urgency=medium
321
322 * use only the top bit for our accept marks
323
324 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
325
5399f912
DM		 326pve-firewall (2.0-22) unstable; urgency=medium
327
328 * Use cfs_config_path from PVE::QemuConfig
329
330 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
331
b9e73915
DM		 332pve-firewall (2.0-21) unstable; urgency=medium
333
334 * added new 'ipfilter' option
335
336 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
337
e2a49003
DM		 338pve-firewall (2.0-20) unstable; urgency=medium
339
340 * fix 901: encode unicode characters in sha digest
341
342 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
343
1d10f89a
DM		 344pve-firewall (2.0-19) unstable; urgency=medium
345
346 * Add radv option to VM options
347
348 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
349
666093cd
DM		 350pve-firewall (2.0-18) unstable; urgency=medium
351
352 * Add ndp option to host and VM firewall options
353
354 * Add router-solicitation to NeighborDiscovery macro
355
356 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
357
eaf25885
DM		 358pve-firewall (2.0-17) unstable; urgency=medium
359
360 * Don't leave empty FW config files behind
361
362 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
363
a177fb07
DM		 364pve-firewall (2.0-16) unstable; urgency=medium
365
366 * logger: basic ipv6 support
367
368 * add DHCPv6 macro
369
370 * add dhcpv6 support to the dhcp option
371
372 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
373
ab1b8d3c
DM		 374pve-firewall (2.0-15) unstable; urgency=medium
375
376 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
377
378 * fix some regular expressions mixups
379
380 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
381
c9c8d7a3
DM		 382pve-firewall (2.0-14) unstable; urgency=medium
383
384 * fix systemd service dependencies
385
386 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
387
aa818ae7
DM		 388pve-firewall (2.0-13) unstable; urgency=medium
389
390 * allow numeric icmp types
391
392 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
393
8dbebe7d
DM		 394pve-firewall (2.0-12) unstable; urgency=medium
395
396 * implement bash completions
397
398 * convert pve-firewall into a PVE::Service class
399
400 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
401
47704f4c
DM		 402pve-firewall (2.0-11) unstable; urgency=medium
403
404 * iptables_get_chains: fix veth device name
405
406 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
407
9eb84dc7
DM		 408pve-firewall (2.0-10) unstable; urgency=medium
409
410 * new helper: clone_vmfw_conf()
411
412 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
413
a3d34dac
DM		 414pve-firewall (2.0-9) unstable; urgency=medium
415
416 * remove firewall config file subroutine added
417
418 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
419
2a42a237
DM		 420pve-firewall (2.0-8) unstable; urgency=medium
421
422 * adopt regresion tests for lxc containers
423
424 * removed firewall code for openVZ
425
426 * Subroutine verify_rule fixed to correctly check only for "net\d+"
427 interface device names
428
429 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
430
33448a6e
DM		 431pve-firewall (2.0-7) unstable; urgency=medium
432
433 * added firewall code for lxc
434
435 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
436
19f14465
DM		 437pve-firewall (2.0-6) unstable; urgency=medium
438
439 * firewall ipversion comparison fix
440
441 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
442
8feec9fa
DM		 443pve-firewall (2.0-5) unstable; urgency=medium
444
445 * add ipv6 neighbor discovery and solicitation macros
446
447 * ip6tables accepts both spellings of the word neighbor
448
449 * added Ceph macro
450
451 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
452
e02c77aa
DM		 453pve-firewall (2.0-4) unstable; urgency=medium
454
455 * include manual page for pve-firewall
456
457 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
458
eb4a2902
DM		 459pve-firewall (2.0-3) unstable; urgency=medium
460
461 * use noawait trigers for pve-api-updates
462
463 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
464
56bb2e69
DM		 465pve-firewall (2.0-2) unstable; urgency=medium
466
467 * trigger pve-api-updates event
468
469 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
470
0b18ebe8
DM		 471pve-firewall (2.0-1) unstable; urgency=medium
472
473 * recompile for debian jessie
474
475 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
476
609f00c7
DM		 477pve-firewall (1.0-18) unstable; urgency=low
478
479 * fix alias lookup
480
481 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
482
de48e659
DM		 483pve-firewall (1.0-17) unstable; urgency=low
484
485 * fix restart behavior
486
487 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
488
b92d2ed2
DM		 489pve-firewall (1.0-16) unstable; urgency=low
490
491 * use new Daemon class from pve-common
492
493 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
494
22dde8d6
DM		 495pve-firewall (1.0-15) unstable; urgency=low
496
497 * bug fix: load cluster conf for host rules
498
499 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
500
e33e2f16
DM		 501pve-firewall (1.0-14) unstable; urgency=low
502
503 * do not use ipset list chains
504
505 * remove preinst script (not needed anymore)
506
507 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
508
3bce273b
DM		 509pve-firewall (1.0-13) unstable; urgency=low
510
511 * fix ipset remove order
512
513 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
514
7a7c322c
DM		 515pve-firewall (1.0-12) unstable; urgency=low
516
517 * add preinst script to clear ipset from older installation (because
518 sets cannot be swapped if there type does not match.
ce41ae23 519
7a7c322c
DM		 520 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
521
1b918ee5
DM		 522pve-firewall (1.0-11) unstable; urgency=low
523
524 * bug fix: correctly set ipversion for aliases in verify_rule
525
526 * save restore commands into files to make debugging
527 easier (/var/lib/pve-firewall/)
528
529 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
530
df617cea
DM		 531pve-firewall (1.0-10) unstable; urgency=low
532
533 * add IPv6 support for VMs (hostfw is IPv4 only)
534
535 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
536
0ac57570
DM		 537pve-firewall (1.0-9) unstable; urgency=low
538
539 * fix max ipset name name length
540
541 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
542
05fd3b63
DM		 543pve-firewall (1.0-8) unstable; urgency=low
544
545 * implement permission
546
547 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
548
bea9d5ab
DM		 549pve-firewall (1.0-7) unstable; urgency=low
550
551 * proxy host rule API calls to correct node
a34cfdd0
DM		 552
553 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 554
555 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
556
582275c3
DM		 557pve-firewall (1.0-6) unstable; urgency=low
558
559 * ipmlement ipfilter ipsets
560
561 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
562
de0c1e49
DM		 563pve-firewall (1.0-5) unstable; urgency=low
564
565 * remove ipsets when firewall disabled
566
567 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
568
64c266f5
DM		 569pve-firewall (1.0-4) unstable; urgency=low
570
571 * depend on iptables and ipset
572
573 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
574
16bcfa8b
DM		 575pve-firewall (1.0-3) unstable; urgency=low
576
577 * change dh_installinit order (register pvefw-logger before pve-firewall)
578
579 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
580
ba0b3a0a
DM		 581pve-firewall (1.0-2) unstable; urgency=low
582
583 * add experimental nflog logging daemon
584
585 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
586
bb272dd3
DM		 587pve-firewall (1.0-1) unstable; urgency=low
588
589 * initial package
590
591 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
592
Firewall test scripts