]> git.proxmox.com Git - pve-firewall.git/blame - debian/changelog
projects / pve-firewall.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bump version to 4.0-7
[pve-firewall.git] / debian / changelog
CommitLineData
bd368955
FG		 1pve-firewall (4.0-7) pve; urgency=medium
2
3 * only add VM chains and rules if VM firewall is enabled
4
5 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
6
c8f3e1ee
TL		 7pve-firewall (4.0-6) pve; urgency=medium
8
9 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
10
11 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
12
6fc572dc
TL		 13pve-firewall (4.0-5) pve; urgency=medium
14
15 * don't use any base path at all for calls to external binaries to make use
16 compativle with bot, /usr merged and unmerged setups
17
18 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
19
b1379400
TL		 20pve-firewall (4.0-4) pve; urgency=medium
21
22 * ebtables: remove PVE chains properly
23
24 * ebtables: treat chain deletion as change
25
26 * use /usr/sbin as base path
27
28 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
29
9e01d77d
TL		 30pve-firewall (4.0-3) pve; urgency=medium
31
32 * Create corosync firewall rules independently of localnet~
33
34 * Display corosync rule info on localnet call
35
36 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
37
9429bd35
TL		 38pve-firewall (4.0-2) pve; urgency=medium
39
40 * fix systemd warning about PIDFile directory
41
42 * fix CT rule generation with ipfilter set
43
44 * pve-firewall service: update-alternative iptables and ebtables to working
45 legacy versions
46
47 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
48
6b9da9b0
TL		 49pve-firewall (4.0-1) pve; urgency=medium
50
51 * re-build for Debian Buster / PVE 6
52
53 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
54
dd7d737b
TL		 55pve-firewall (3.0-21) unstable; urgency=medium
56
57 * fix ipv6 PVEFW-reject
58
59 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
60 ebtables doing the wrong thing here
61
62 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
63
bbf77725
TL		 64pve-firewall (3.0-20) unstable; urgency=medium
65
66 * use IPCC to read config and rule files, if the are backed by pmxcfs which
67 has better handling for pmxcfs restarts
68
69 * fix #2178: endless loop on ipv6 extension headers
70
71 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
72
baba607a
TL		 73pve-firewall (3.0-19) unstable; urgency=medium
74
75 * ebtables: add arp filtering
76
77 * fix: #2123 Logging of user defined firewall rules
78
79 * fix Razor macro
80
81 * allow to enable/disable and modify cluster wide log ratelimits
82
83 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
84
d8ea08e3
TL		 85pve-firewall (3.0-18) unstable; urgency=medium
86
87 * fix #1606: Add nf_conntrack_allow_invalid option
88
89 * log reject : add space after policy REJECT like drop
90
91 * fix #1891: Add zsh command completion for pve-firewall
92
93 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
94
91d88bc5
TL		 95pve-firewall (3.0-17) unstable; urgency=medium
96
97 * fix #2005: only allow ascii port digits
98
99 * fix #2004: do not allow backwards ranges
100
101 * add conntrack logging via libnetfilter_conntrack and allow one to enable
102 it through the firewall host configuration
103
104 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
105
81d13a9d
TL		 106pve-firewall (3.0-16) unstable; urgency=medium
107
108 * api/rules: fix macro return type
109
110 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
111
bed701bc
TL		 112pve-firewall (3.0-15) unstable; urgency=medium
113
114 * fix #1971: display firewall rule properties
115
116 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
117
a24b157b
WB		 118pve-firewall (3.0-14) unstable; urgency=medium
119
120 * fix #1841: avoid ebtable reloads when containers have multiple network
121 interfaces
122
123 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
124
cf7dd94b
WB		 125pve-firewall (3.0-13) unstable; urgency=medium
126
127 * avoid unnecessary reloads of ebtable ruleset
128
129 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
130
dd03bf6e
WB		 131pve-firewall (3.0-12) unstable; urgency=medium
132
133 * fix deleted iptables chains not being properly detected as a change
134
135 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
136
587a0f20 137pve-firewall (3.0-11) unstable; urgency=medium
a3a51dad
TL		 138
139 * #1764: rename 'ebtales_enable' option to 'ebtables'
140
587a0f20 141 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
a3a51dad 142
423b86ef
WB		 143pve-firewall (3.0-10) unstable; urgency=medium
144
145 * fix #1764: handle existing ebtables rules and allow disabling ebtables
146
147 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
148 ebtables_enable option.
149
150 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
151
567e58ce
WB		 152pve-firewall (3.0-9) unstable; urgency=medium
153
154 * fix creation of ebltables FORWARD rule entry
155
156 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
157
ea0d59ed
WB		 158pve-firewall (3.0-8) unstable; urgency=medium
159
160 * add ebtables support for better MAC filtering
161
162 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
163
9a19ec81
WB		 164pve-firewall (3.0-7) unstable; urgency=medium
165
166 * support distinct source and destination multi-port matching
167
168 * multi-port matching: when specifying the same list of ports for source and
169 destination require them both to match, rather than one of them, as this
170 was rather unexpected behavior
171
172 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
173
8c41d444
DM		 174pve-firewall (3.0-6) unstable; urgency=medium
175
176 * fix #1319: don't fail postinst with masked service
177
178 * debian: switch to compat 9, drop init scripts, drop preinst
179
180 * check multiport limit in port ranges
181
182 * build: use git rev-parse for GITVERSION
183
184 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
185
4299c35f
WB		 186pve-firewall (3.0-5) unstable; urgency=medium
187
188 * fix issue with disabled flag not being honored within groups
189
190 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
191
a19d4127
WB		 192pve-firewall (3.0-4) unstable; urgency=medium
193
194 * fix issues with ipsets reloading unnecessarily or too late
195
196 * fix some typos in the logs
197
198 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
199
c0c71b1b
WB		 200pve-firewall (3.0-3) unstable; urgency=medium
201
202 * Fix #1492: logger: use current timestamp if the packet doesn't have one
203
204 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
205
4f7a4bdd
WB		 206pve-firewall (3.0-2) unstable; urgency=medium
207
208 * Fix #1446: remove masks in case the package had previously been removed but
209 not purged.
210
211 * improve logging on errors in the firewall configuration
212
213 * forbid trailing commas in lists as iptables-restore doesn't support them
214
215 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
216
29a94c79
FG		 217pve-firewall (3.0-1) unstable; urgency=medium
218
219 * rebuild for Debian Stretch
220
221 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
222
df67a3dc
DM		 223pve-firewall (2.0-33) unstable; urgency=medium
224
225 * ipset: don't allow zero-prefix entries
226
227 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
228
dc643b4d
DM		 229pve-firewall (2.0-32) unstable; urgency=medium
230
231 * improve search for local-network
232
233 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
234
45f206fd
DM		 235pve-firewall (2.0-31) unstable; urgency=medium
236
237 * don't try to apply ports to rules which don't support them
238
239 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
240
2ea28d0c
DM		 241pve-firewall (2.0-30) unstable; urgency=medium
242
243 * add multicast DNS to the list of Macros
244
245 * add missing parameter descriptions
246
247 * build-depends: add dh-systemd
248
249 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
250
b65d13d9
DM		 251pve-firewall (2.0-29) unstable; urgency=medium
252
253 * prevent overwriting ipsets/sec. groups by renaming
254
255 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
256
d0f3bb08
DM		 257pve-firewall (2.0-28) unstable; urgency=medium
258
259 * use pve-common's ipv4_mask_hash_localnet
260
5c53cde4
DC		 261 * fix allowed group name length
262
263 * make group digest stable
264
d0f3bb08
DM		 265 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
266
76a57e1a
DM		 267pve-firewall (2.0-27) unstable; urgency=medium
268
269 * fix #972: make PVEFW-FWBR-* rule order stable
270
271 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
272
17642172
DM		 273pve-firewall (2.0-26) unstable; urgency=medium
274
275 * fix #988: set rp_filter=2
276
277 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
278
6e29af12
DM		 279pve-firewall (2.0-25) unstable; urgency=medium
280
281 * fix #945: add uninitialized check in lxc ipset compilation
282
283 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
284
edb4aff5
DM		 285pve-firewall (2.0-24) unstable; urgency=medium
286
287 * Build-Depend on pve-doc-generator
288
289 * generate manpage with pve-doc-generator
290
291 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
292
e1158c15
DM		 293pve-firewall (2.0-23) unstable; urgency=medium
294
295 * use only the top bit for our accept marks
296
297 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
298
5399f912
DM		 299pve-firewall (2.0-22) unstable; urgency=medium
300
301 * Use cfs_config_path from PVE::QemuConfig
302
303 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
304
b9e73915
DM		 305pve-firewall (2.0-21) unstable; urgency=medium
306
307 * added new 'ipfilter' option
308
309 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
310
e2a49003
DM		 311pve-firewall (2.0-20) unstable; urgency=medium
312
313 * fix 901: encode unicode characters in sha digest
314
315 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
316
1d10f89a
DM		 317pve-firewall (2.0-19) unstable; urgency=medium
318
319 * Add radv option to VM options
320
321 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
322
666093cd
DM		 323pve-firewall (2.0-18) unstable; urgency=medium
324
325 * Add ndp option to host and VM firewall options
326
327 * Add router-solicitation to NeighborDiscovery macro
328
329 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
330
eaf25885
DM		 331pve-firewall (2.0-17) unstable; urgency=medium
332
333 * Don't leave empty FW config files behind
334
335 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
336
a177fb07
DM		 337pve-firewall (2.0-16) unstable; urgency=medium
338
339 * logger: basic ipv6 support
340
341 * add DHCPv6 macro
342
343 * add dhcpv6 support to the dhcp option
344
345 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
346
ab1b8d3c
DM		 347pve-firewall (2.0-15) unstable; urgency=medium
348
349 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
350
351 * fix some regular expressions mixups
352
353 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
354
c9c8d7a3
DM		 355pve-firewall (2.0-14) unstable; urgency=medium
356
357 * fix systemd service dependencies
358
359 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
360
aa818ae7
DM		 361pve-firewall (2.0-13) unstable; urgency=medium
362
363 * allow numeric icmp types
364
365 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
366
8dbebe7d
DM		 367pve-firewall (2.0-12) unstable; urgency=medium
368
369 * implement bash completions
370
371 * convert pve-firewall into a PVE::Service class
372
373 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
374
47704f4c
DM		 375pve-firewall (2.0-11) unstable; urgency=medium
376
377 * iptables_get_chains: fix veth device name
378
379 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
380
9eb84dc7
DM		 381pve-firewall (2.0-10) unstable; urgency=medium
382
383 * new helper: clone_vmfw_conf()
384
385 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
386
a3d34dac
DM		 387pve-firewall (2.0-9) unstable; urgency=medium
388
389 * remove firewall config file subroutine added
390
391 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
392
2a42a237
DM		 393pve-firewall (2.0-8) unstable; urgency=medium
394
395 * adopt regresion tests for lxc containers
396
397 * removed firewall code for openVZ
398
399 * Subroutine verify_rule fixed to correctly check only for "net\d+"
400 interface device names
401
402 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
403
33448a6e
DM		 404pve-firewall (2.0-7) unstable; urgency=medium
405
406 * added firewall code for lxc
407
408 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
409
19f14465
DM		 410pve-firewall (2.0-6) unstable; urgency=medium
411
412 * firewall ipversion comparison fix
413
414 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
415
8feec9fa
DM		 416pve-firewall (2.0-5) unstable; urgency=medium
417
418 * add ipv6 neighbor discovery and solicitation macros
419
420 * ip6tables accepts both spellings of the word neighbor
421
422 * added Ceph macro
423
424 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
425
e02c77aa
DM		 426pve-firewall (2.0-4) unstable; urgency=medium
427
428 * include manual page for pve-firewall
429
430 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
431
eb4a2902
DM		 432pve-firewall (2.0-3) unstable; urgency=medium
433
434 * use noawait trigers for pve-api-updates
435
436 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
437
56bb2e69
DM		 438pve-firewall (2.0-2) unstable; urgency=medium
439
440 * trigger pve-api-updates event
441
442 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
443
0b18ebe8
DM		 444pve-firewall (2.0-1) unstable; urgency=medium
445
446 * recompile for debian jessie
447
448 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
449
609f00c7
DM		 450pve-firewall (1.0-18) unstable; urgency=low
451
452 * fix alias lookup
453
454 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
455
de48e659
DM		 456pve-firewall (1.0-17) unstable; urgency=low
457
458 * fix restart behavior
459
460 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
461
b92d2ed2
DM		 462pve-firewall (1.0-16) unstable; urgency=low
463
464 * use new Daemon class from pve-common
465
466 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
467
22dde8d6
DM		 468pve-firewall (1.0-15) unstable; urgency=low
469
470 * bug fix: load cluster conf for host rules
471
472 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
473
e33e2f16
DM		 474pve-firewall (1.0-14) unstable; urgency=low
475
476 * do not use ipset list chains
477
478 * remove preinst script (not needed anymore)
479
480 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
481
3bce273b
DM		 482pve-firewall (1.0-13) unstable; urgency=low
483
484 * fix ipset remove order
485
486 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
487
7a7c322c
DM		 488pve-firewall (1.0-12) unstable; urgency=low
489
490 * add preinst script to clear ipset from older installation (because
491 sets cannot be swapped if there type does not match.
ce41ae23 492
7a7c322c
DM		 493 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
494
1b918ee5
DM		 495pve-firewall (1.0-11) unstable; urgency=low
496
497 * bug fix: correctly set ipversion for aliases in verify_rule
498
499 * save restore commands into files to make debugging
500 easier (/var/lib/pve-firewall/)
501
502 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
503
df617cea
DM		 504pve-firewall (1.0-10) unstable; urgency=low
505
506 * add IPv6 support for VMs (hostfw is IPv4 only)
507
508 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
509
0ac57570
DM		 510pve-firewall (1.0-9) unstable; urgency=low
511
512 * fix max ipset name name length
513
514 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
515
05fd3b63
DM		 516pve-firewall (1.0-8) unstable; urgency=low
517
518 * implement permission
519
520 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
521
bea9d5ab
DM		 522pve-firewall (1.0-7) unstable; urgency=low
523
524 * proxy host rule API calls to correct node
a34cfdd0
DM		 525
526 * always generate MAC and IP filter rules if firewall is enabled on NIC
bea9d5ab
DM		 527
528 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
529
582275c3
DM		 530pve-firewall (1.0-6) unstable; urgency=low
531
532 * ipmlement ipfilter ipsets
533
534 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
535
de0c1e49
DM		 536pve-firewall (1.0-5) unstable; urgency=low
537
538 * remove ipsets when firewall disabled
539
540 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
541
64c266f5
DM		 542pve-firewall (1.0-4) unstable; urgency=low
543
544 * depend on iptables and ipset
545
546 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
547
16bcfa8b
DM		 548pve-firewall (1.0-3) unstable; urgency=low
549
550 * change dh_installinit order (register pvefw-logger before pve-firewall)
551
552 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
553
ba0b3a0a
DM		 554pve-firewall (1.0-2) unstable; urgency=low
555
556 * add experimental nflog logging daemon
557
558 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
559
bb272dd3
DM		 560pve-firewall (1.0-1) unstable; urgency=low
561
562 * initial package
563
564 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
565
Firewall test scripts