]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 5.0.6
[pve-firewall.git] / debian / changelog
CommitLineData
c7134596
TL		 1pve-firewall (5.0.6) bookworm; urgency=medium
2
3 * add flag to signal the new nftables-based proxmox-firewall that it's
4 disabled without the need to parse the config
5
6 -- Proxmox Support Team <support@proxmox.com> Fri, 26 Apr 2024 17:19:50 +0200
7
29b48c38
TL		 8pve-firewall (5.0.5) bookworm; urgency=medium
9
10 * simulator: adapt to more flexible bridge naming scheme
11
12 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Apr 2024 13:11:43 +0200
13
50af7e09
TL		 14pve-firewall (5.0.4) bookworm; urgency=medium
15
16 * fix #5335: stable sorting in cluster.fw
17
18 * add configuration option for new nftables firewall tech-preview
19
20 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2024 20:04:09 +0200
21
372869e0
WB		 22pve-firewall (5.0.3) bookworm; urgency=medium
23
24 * fix resolution of scoped aliases in ipsets
25
26 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2023 10:39:28 +0200
27
0d28aa2a
TL		 28pve-firewall (5.0.2) bookworm; urgency=medium
29
30 * fix #4556: api: return scoped IPSets and aliases
31
32 -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:17:19 +0200
33
35542089
WB		 34pve-firewall (5.0.1) bookworm; urgency=medium
35
36 * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets
37
38 -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 16:06:10 +0200
39
97f2bc6c
TL		 40pve-firewall (5.0.0) bookworm; urgency=medium
41
42 * switch to native versioning scheme
43
44 * build for Proxmox VE 8 / Debian 12 Bookworm
45
46 -- Proxmox Support Team <support@proxmox.com> Mon, 22 May 2023 14:43:58 +0200
47
d3bf672b
TL		 48pve-firewall (4.3-2) bullseye; urgency=medium
49
50 * fix variables declared in conditional statement
51
52 * fix #4730: add safeguards to prevent ICMP type misuse
53
54 -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 11:17:58 +0200
55
4fffdd36 56pve-firewall (4.3-1) bullseye; urgency=medium
23b3e816 57
e3d08ca1 58 * allow entering IP address with the host bits (those inside the mask) not
23b3e816
TL		 59 being all zero non-zero, like 192.168.1.155/24 for example.
60
61 * api: firewall logger: add optional parameters `since` and `until` for
62 time-range filtering
63
64 * fix #4550: host options: add nf_conntrack_helpers to compensate that
65 kernel 6.1 and newer have removed the auto helpers
66
67 -- Proxmox Support Team <support@proxmox.com> Fri, 17 Mar 2023 15:24:56 +0100
68
b4577a25
TL		 69pve-firewall (4.2-7) bullseye; urgency=medium
70
71 * fix #4018: add firewall macro for SPICE proxy
72
73 * fix #4204: automatically update each usage of a group to the new ID when
74 it is renamed
75
76 * fix #4268: add 'force' parameter to delete IPSet with members
77
78 -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 19:53:04 +0100
79
dd559e8a
TL		 80pve-firewall (4.2-6) bullseye; urgency=medium
81
82 * config defaults: document that the mac filter defaults to on
83
84 * fix #4175: ignore non-filter ebtables tables
85
86 * fix enabling ebtables if VM firewall config is invalid
87
88 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2022 09:43:53 +0200
89
fba392f2
TL		 90pve-firewall (4.2-5) bullseye; urgency=medium
91
92 * fix #3677 ipset get chains: handle newer ipset output for actual
93 change detection
94
95 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Nov 2021 16:37:13 +0100
96
bd63a439
TL		 97pve-firewall (4.2-4) bullseye; urgency=medium
98
99 * re-build to avoid issues stemming from semi-broken systemd-debhelper version
100
101 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Oct 2021 10:39:05 +0200
102
2a2b81b4
TL		 103pve-firewall (4.2-3) bullseye; urgency=medium
104
105 * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the
106 default drop and reject actions
107
108 -- Proxmox Support Team <support@proxmox.com> Fri, 10 Sep 2021 13:00:07 +0200
109
dcdbb559
TL		 110pve-firewall (4.2-2) bullseye; urgency=medium
111
112 * re-set relevant sysctls on every apply round
113
114 -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 11:31:42 +0200
115
ce9cfab8
TL		 116pve-firewall (4.2-1) bullseye; urgency=medium
117
118 * fix #967: source: dest: limit length
119
120 * re-build for Debian 11 Bullseye based releases (Proxmox VE 7)
121
122 * fix #2358: allow --<opt> in firewall rule config files
123
124 -- Proxmox Support Team <support@proxmox.com> Wed, 12 May 2021 20:32:30 +0200
125
8a4e5b69
TL		 126pve-firewall (4.1-3) pve; urgency=medium
127
128 * fix #2773: ebtables: keep policy of custom chains
129
130 * introduce new icmp-type parameter
131
132 -- Proxmox Support Team <support@proxmox.com> Fri, 18 Sep 2020 16:51:27 +0200
133
70718917
TL		 134pve-firewall (4.1-2) pve; urgency=medium
135
136 * revert: rules: verify referenced security group exists
137
138 -- Proxmox Support Team <support@proxmox.com> Wed, 06 May 2020 17:41:36 +0200
139
c5530455
TL		 140pve-firewall (4.1-1) pve; urgency=medium
141
142 * logging: add missing log message for inbound rules
143
144 * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP
145
146 * IPSets: parse the CIDR before checking for duplicates
147
148 * verify that a referenced security group exists
149
150 * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255'
151
152 * ICMP: allow one to specify the 'echo-reply' (0) type also as integer
153
154 * improve handling concurrent (parallel) access and modifications to rules
155
156 -- Proxmox Support Team <support@proxmox.com> Mon, 04 May 2020 15:01:57 +0200
157
56a47140
TL		 158pve-firewall (4.0-10) pve; urgency=medium
159
160 * macros: add macro for Proxmox Mail Gateway web interface
161
162 * api node: always pass cluster conf to node FW parser to fix false positive
163 error message about non existing aliases, or IP sets, when querying the
164 node FW options GET API call.
165
166 * grammar fix: s/does not exists/does not exist/g
167
168 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jan 2020 19:25:49 +0100
169
5162c268
TL		 170pve-firewall (4.0-9) pve; urgency=medium
171
172 * ensure port range used for offline storage migration and insecure migration
173 traffic is allowed by default rule set.
174
175 -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100
176
5ac03b1c
WB		 177pve-firewall (4.0-8) pve; urgency=medium
178
179 * increase default nf_conntrack_max to the kernel's default
180
181 * fix some "use of uninitialized value" warnings when updating CIDRs
182
183 * update schema documentation
184
185 * add explicit dependency on libpve-cluster-perl
186
187 * add support for "raw" tables
188
189 * add options for synflood protection for host firewall:
190 - nf_conntrack_tcp_timeout_syn_recv
191 - protection_synflood: boolean
192 - protection_synflood_rate: SYN rate limit (default 200 per second)
193 - protection_synflood_burst: SYN burst limit (default 1000)
194
195 -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100
196
bd368955
FG		 197pve-firewall (4.0-7) pve; urgency=medium
198
199 * only add VM chains and rules if VM firewall is enabled
200
201 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
202
c8f3e1ee
TL		 203pve-firewall (4.0-6) pve; urgency=medium
204
205 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
206
207 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
208
6fc572dc
TL		 209pve-firewall (4.0-5) pve; urgency=medium
210
211 * don't use any base path at all for calls to external binaries to make use
212 compativle with bot, /usr merged and unmerged setups
213
214 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
215
b1379400
TL		 216pve-firewall (4.0-4) pve; urgency=medium
217
218 * ebtables: remove PVE chains properly
219
220 * ebtables: treat chain deletion as change
221
222 * use /usr/sbin as base path
223
224 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
225
9e01d77d
TL		 226pve-firewall (4.0-3) pve; urgency=medium
227
228 * Create corosync firewall rules independently of localnet~
229
230 * Display corosync rule info on localnet call
231
232 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
233
9429bd35
TL		 234pve-firewall (4.0-2) pve; urgency=medium
235
236 * fix systemd warning about PIDFile directory
237
238 * fix CT rule generation with ipfilter set
239
240 * pve-firewall service: update-alternative iptables and ebtables to working
241 legacy versions
242
243 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
244
6b9da9b0
TL		 245pve-firewall (4.0-1) pve; urgency=medium
246
247 * re-build for Debian Buster / PVE 6
248
249 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
250
dd7d737b
TL		 251pve-firewall (3.0-21) unstable; urgency=medium
252
253 * fix ipv6 PVEFW-reject
254
255 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
256 ebtables doing the wrong thing here
257
258 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
259
bbf77725
TL		 260pve-firewall (3.0-20) unstable; urgency=medium
261
262 * use IPCC to read config and rule files, if the are backed by pmxcfs which
263 has better handling for pmxcfs restarts
264
265 * fix #2178: endless loop on ipv6 extension headers
266
267 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
268
baba607a
TL		 269pve-firewall (3.0-19) unstable; urgency=medium
270
271 * ebtables: add arp filtering
272
273 * fix: #2123 Logging of user defined firewall rules
274
275 * fix Razor macro
276
277 * allow to enable/disable and modify cluster wide log ratelimits
278
279 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
280
d8ea08e3
TL		 281pve-firewall (3.0-18) unstable; urgency=medium
282
283 * fix #1606: Add nf_conntrack_allow_invalid option
284
285 * log reject : add space after policy REJECT like drop
286
287 * fix #1891: Add zsh command completion for pve-firewall
288
289 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
290
91d88bc5
TL		 291pve-firewall (3.0-17) unstable; urgency=medium
292
293 * fix #2005: only allow ascii port digits
294
295 * fix #2004: do not allow backwards ranges
296
297 * add conntrack logging via libnetfilter_conntrack and allow one to enable
298 it through the firewall host configuration
299
300 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
301
81d13a9d
TL		 302pve-firewall (3.0-16) unstable; urgency=medium
303
304 * api/rules: fix macro return type
305
306 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
307
bed701bc
TL		 308pve-firewall (3.0-15) unstable; urgency=medium
309
310 * fix #1971: display firewall rule properties
311
312 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
313
a24b157b
WB		 314pve-firewall (3.0-14) unstable; urgency=medium
315
316 * fix #1841: avoid ebtable reloads when containers have multiple network
317 interfaces
318
319 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
320
cf7dd94b
WB		 321pve-firewall (3.0-13) unstable; urgency=medium
322
323 * avoid unnecessary reloads of ebtable ruleset
324
325 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
326
dd03bf6e
WB		 327pve-firewall (3.0-12) unstable; urgency=medium
328
329 * fix deleted iptables chains not being properly detected as a change
330
331 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
332
587a0f20 333pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 334
335 * #1764: rename 'ebtales_enable' option to 'ebtables'
336
587a0f20 337 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 338
423b86ef
WB		 339pve-firewall (3.0-10) unstable; urgency=medium
340
341 * fix #1764: handle existing ebtables rules and allow disabling ebtables
342
343 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
344 ebtables_enable option.
345
346 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
347
567e58ce
WB		 348pve-firewall (3.0-9) unstable; urgency=medium
349
350 * fix creation of ebltables FORWARD rule entry
351
352 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
353
ea0d59ed
WB		 354pve-firewall (3.0-8) unstable; urgency=medium
355
356 * add ebtables support for better MAC filtering
357
358 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
359
9a19ec81
WB		 360pve-firewall (3.0-7) unstable; urgency=medium
361
362 * support distinct source and destination multi-port matching
363
364 * multi-port matching: when specifying the same list of ports for source and
365 destination require them both to match, rather than one of them, as this
366 was rather unexpected behavior
367
368 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
369
8c41d444
DM		 370pve-firewall (3.0-6) unstable; urgency=medium
371
372 * fix #1319: don't fail postinst with masked service
373
374 * debian: switch to compat 9, drop init scripts, drop preinst
375
376 * check multiport limit in port ranges
377
378 * build: use git rev-parse for GITVERSION
379
380 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
381
4299c35f
WB		 382pve-firewall (3.0-5) unstable; urgency=medium
383
384 * fix issue with disabled flag not being honored within groups
385
386 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
387
a19d4127
WB		 388pve-firewall (3.0-4) unstable; urgency=medium
389
390 * fix issues with ipsets reloading unnecessarily or too late
391
392 * fix some typos in the logs
393
394 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
395
c0c71b1b
WB		 396pve-firewall (3.0-3) unstable; urgency=medium
397
398 * Fix #1492: logger: use current timestamp if the packet doesn't have one
399
400 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
401
4f7a4bdd
WB		 402pve-firewall (3.0-2) unstable; urgency=medium
403
404 * Fix #1446: remove masks in case the package had previously been removed but
405 not purged.
406
407 * improve logging on errors in the firewall configuration
408
409 * forbid trailing commas in lists as iptables-restore doesn't support them
410
411 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
412
29a94c79
FG		 413pve-firewall (3.0-1) unstable; urgency=medium
414
415 * rebuild for Debian Stretch
416
417 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
418
df67a3dc
DM		 419pve-firewall (2.0-33) unstable; urgency=medium
420
421 * ipset: don't allow zero-prefix entries
422
423 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
424
dc643b4d
DM		 425pve-firewall (2.0-32) unstable; urgency=medium
426
427 * improve search for local-network
428
429 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
430
45f206fd
DM		 431pve-firewall (2.0-31) unstable; urgency=medium
432
433 * don't try to apply ports to rules which don't support them
434
435 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
436
2ea28d0c
DM		 437pve-firewall (2.0-30) unstable; urgency=medium
438
439 * add multicast DNS to the list of Macros
440
441 * add missing parameter descriptions
442
443 * build-depends: add dh-systemd
444
445 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
446
b65d13d9
DM		 447pve-firewall (2.0-29) unstable; urgency=medium
448
449 * prevent overwriting ipsets/sec. groups by renaming
450
451 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
452
d0f3bb08
DM		 453pve-firewall (2.0-28) unstable; urgency=medium
454
455 * use pve-common's ipv4_mask_hash_localnet
456
5c53cde4
DC		 457 * fix allowed group name length
458
459 * make group digest stable
460
d0f3bb08
DM		 461 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
462
76a57e1a
DM		 463pve-firewall (2.0-27) unstable; urgency=medium
464
465 * fix #972: make PVEFW-FWBR-* rule order stable
466
467 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
468
17642172
DM		 469pve-firewall (2.0-26) unstable; urgency=medium
470
471 * fix #988: set rp_filter=2
472
473 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
474
6e29af12
DM		 475pve-firewall (2.0-25) unstable; urgency=medium
476
477 * fix #945: add uninitialized check in lxc ipset compilation
478
479 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
480
edb4aff5
DM		 481pve-firewall (2.0-24) unstable; urgency=medium
482
483 * Build-Depend on pve-doc-generator
484
485 * generate manpage with pve-doc-generator
486
487 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
488
e1158c15
DM		 489pve-firewall (2.0-23) unstable; urgency=medium
490
491 * use only the top bit for our accept marks
492
493 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
494
5399f912
DM		 495pve-firewall (2.0-22) unstable; urgency=medium
496
497 * Use cfs_config_path from PVE::QemuConfig
498
499 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
500
b9e73915
DM		 501pve-firewall (2.0-21) unstable; urgency=medium
502
503 * added new 'ipfilter' option
504
505 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
506
e2a49003
DM		 507pve-firewall (2.0-20) unstable; urgency=medium
508
509 * fix 901: encode unicode characters in sha digest
510
511 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
512
1d10f89a
DM		 513pve-firewall (2.0-19) unstable; urgency=medium
514
515 * Add radv option to VM options
516
517 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
518
666093cd
DM		 519pve-firewall (2.0-18) unstable; urgency=medium
520
521 * Add ndp option to host and VM firewall options
522
523 * Add router-solicitation to NeighborDiscovery macro
524
525 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
526
eaf25885
DM		 527pve-firewall (2.0-17) unstable; urgency=medium
528
529 * Don't leave empty FW config files behind
530
531 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
532
a177fb07
DM		 533pve-firewall (2.0-16) unstable; urgency=medium
534
535 * logger: basic ipv6 support
536
537 * add DHCPv6 macro
538
539 * add dhcpv6 support to the dhcp option
540
541 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
542
ab1b8d3c
DM		 543pve-firewall (2.0-15) unstable; urgency=medium
544
545 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
546
547 * fix some regular expressions mixups
548
549 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
550
c9c8d7a3
DM		 551pve-firewall (2.0-14) unstable; urgency=medium
552
553 * fix systemd service dependencies
554
555 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
556
aa818ae7
DM		 557pve-firewall (2.0-13) unstable; urgency=medium
558
559 * allow numeric icmp types
560
561 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
562
8dbebe7d
DM		 563pve-firewall (2.0-12) unstable; urgency=medium
564
565 * implement bash completions
566
567 * convert pve-firewall into a PVE::Service class
568
569 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
570
47704f4c
DM		 571pve-firewall (2.0-11) unstable; urgency=medium
572
573 * iptables_get_chains: fix veth device name
574
575 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
576
9eb84dc7
DM		 577pve-firewall (2.0-10) unstable; urgency=medium
578
579 * new helper: clone_vmfw_conf()
580
581 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
582
a3d34dac
DM		 583pve-firewall (2.0-9) unstable; urgency=medium
584
585 * remove firewall config file subroutine added
586
587 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
588
2a42a237
DM		 589pve-firewall (2.0-8) unstable; urgency=medium
590
591 * adopt regresion tests for lxc containers
592
593 * removed firewall code for openVZ
594
595 * Subroutine verify_rule fixed to correctly check only for "net\d+"
596 interface device names
597
598 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
599
33448a6e
DM		 600pve-firewall (2.0-7) unstable; urgency=medium
601
602 * added firewall code for lxc
603
604 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
605
19f14465
DM		 606pve-firewall (2.0-6) unstable; urgency=medium
607
608 * firewall ipversion comparison fix
609
610 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
611
8feec9fa
DM		 612pve-firewall (2.0-5) unstable; urgency=medium
613
614 * add ipv6 neighbor discovery and solicitation macros
615
616 * ip6tables accepts both spellings of the word neighbor
617
618 * added Ceph macro
619
620 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
621
e02c77aa
DM		 622pve-firewall (2.0-4) unstable; urgency=medium
623
624 * include manual page for pve-firewall
625
626 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
627
eb4a2902
DM		 628pve-firewall (2.0-3) unstable; urgency=medium
629
630 * use noawait trigers for pve-api-updates
631
632 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
633
56bb2e69
DM		 634pve-firewall (2.0-2) unstable; urgency=medium
635
636 * trigger pve-api-updates event
637
638 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
639
0b18ebe8
DM		 640pve-firewall (2.0-1) unstable; urgency=medium
641
642 * recompile for debian jessie
643
644 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
645
609f00c7
DM		 646pve-firewall (1.0-18) unstable; urgency=low
647
648 * fix alias lookup
649
650 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
651
de48e659
DM		 652pve-firewall (1.0-17) unstable; urgency=low
653
654 * fix restart behavior
655
656 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
657
b92d2ed2
DM		 658pve-firewall (1.0-16) unstable; urgency=low
659
660 * use new Daemon class from pve-common
661
662 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
663
22dde8d6
DM		 664pve-firewall (1.0-15) unstable; urgency=low
665
666 * bug fix: load cluster conf for host rules
667
668 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
669
e33e2f16
DM		 670pve-firewall (1.0-14) unstable; urgency=low
671
672 * do not use ipset list chains
673
674 * remove preinst script (not needed anymore)
675
676 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
677
3bce273b
DM		 678pve-firewall (1.0-13) unstable; urgency=low
679
680 * fix ipset remove order
681
682 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
683
7a7c322c
DM		 684pve-firewall (1.0-12) unstable; urgency=low
685
686 * add preinst script to clear ipset from older installation (because
687 sets cannot be swapped if there type does not match.
ce41ae23 688
7a7c322c
DM		 689 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
690
1b918ee5
DM		 691pve-firewall (1.0-11) unstable; urgency=low
692
693 * bug fix: correctly set ipversion for aliases in verify_rule
694
695 * save restore commands into files to make debugging
696 easier (/var/lib/pve-firewall/)
697
698 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
699
df617cea
DM		 700pve-firewall (1.0-10) unstable; urgency=low
701
702 * add IPv6 support for VMs (hostfw is IPv4 only)
703
704 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
705
0ac57570
DM		 706pve-firewall (1.0-9) unstable; urgency=low
707
708 * fix max ipset name name length
709
710 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
711
05fd3b63
DM		 712pve-firewall (1.0-8) unstable; urgency=low
713
714 * implement permission
715
716 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
717
bea9d5ab
DM		 718pve-firewall (1.0-7) unstable; urgency=low
719
720 * proxy host rule API calls to correct node
a34cfdd0
DM		 721
722 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 723
724 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
725
582275c3
DM		 726pve-firewall (1.0-6) unstable; urgency=low
727
728 * ipmlement ipfilter ipsets
729
730 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
731
de0c1e49
DM		 732pve-firewall (1.0-5) unstable; urgency=low
733
734 * remove ipsets when firewall disabled
735
736 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
737
64c266f5
DM		 738pve-firewall (1.0-4) unstable; urgency=low
739
740 * depend on iptables and ipset
741
742 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
743
16bcfa8b
DM		 744pve-firewall (1.0-3) unstable; urgency=low
745
746 * change dh_installinit order (register pvefw-logger before pve-firewall)
747
748 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
749
ba0b3a0a
DM		 750pve-firewall (1.0-2) unstable; urgency=low
751
752 * add experimental nflog logging daemon
753
754 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
755
bb272dd3
DM		 756pve-firewall (1.0-1) unstable; urgency=low
757
758 * initial package
759
760 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
761
Firewall test scripts