1 pve-firewall (4.0-7) pve; urgency=medium
3 * only add VM chains and rules if VM firewall is enabled
5 -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
7 pve-firewall (4.0-6) pve; urgency=medium
9 * firewall macros: add new Ceph protocol v2 port while keeping v1 port
11 -- Proxmox Support Team <support@proxmox.com> Tue, 23 Jul 2019 18:57:48 +0200
13 pve-firewall (4.0-5) pve; urgency=medium
15 * don't use any base path at all for calls to external binaries to make use
16 compativle with bot, /usr merged and unmerged setups
18 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Jul 2019 11:47:53 +0200
20 pve-firewall (4.0-4) pve; urgency=medium
22 * ebtables: remove PVE chains properly
24 * ebtables: treat chain deletion as change
26 * use /usr/sbin as base path
28 -- Proxmox Support Team <support@proxmox.com> Thu, 11 Jul 2019 19:40:01 +0200
30 pve-firewall (4.0-3) pve; urgency=medium
32 * Create corosync firewall rules independently of localnet~
34 * Display corosync rule info on localnet call
36 -- Proxmox Support Team <support@proxmox.com> Thu, 04 Jul 2019 15:56:11 +0200
38 pve-firewall (4.0-2) pve; urgency=medium
40 * fix systemd warning about PIDFile directory
42 * fix CT rule generation with ipfilter set
44 * pve-firewall service: update-alternative iptables and ebtables to working
47 -- Proxmox Support Team <support@proxmox.com> Mon, 24 Jun 2019 20:43:21 +0200
49 pve-firewall (4.0-1) pve; urgency=medium
51 * re-build for Debian Buster / PVE 6
53 -- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2019 22:28:55 +0200
55 pve-firewall (3.0-21) unstable; urgency=medium
57 * fix ipv6 PVEFW-reject
59 * fix #2193: arpfilter: CT: remove mask from net IP/CIDR to avoid
60 ebtables doing the wrong thing here
62 -- Proxmox Support Team <support@proxmox.com> Wed, 08 May 2019 10:09:31 +0000
64 pve-firewall (3.0-20) unstable; urgency=medium
66 * use IPCC to read config and rule files, if the are backed by pmxcfs which
67 has better handling for pmxcfs restarts
69 * fix #2178: endless loop on ipv6 extension headers
71 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2019 05:10:13 +0000
73 pve-firewall (3.0-19) unstable; urgency=medium
75 * ebtables: add arp filtering
77 * fix: #2123 Logging of user defined firewall rules
81 * allow to enable/disable and modify cluster wide log ratelimits
83 -- Proxmox Support Team <support@proxmox.com> Tue, 02 Apr 2019 11:15:16 +0200
85 pve-firewall (3.0-18) unstable; urgency=medium
87 * fix #1606: Add nf_conntrack_allow_invalid option
89 * log reject : add space after policy REJECT like drop
91 * fix #1891: Add zsh command completion for pve-firewall
93 -- Proxmox Support Team <support@proxmox.com> Mon, 04 Mar 2019 10:27:01 +0100
95 pve-firewall (3.0-17) unstable; urgency=medium
97 * fix #2005: only allow ascii port digits
99 * fix #2004: do not allow backwards ranges
101 * add conntrack logging via libnetfilter_conntrack and allow one to enable
102 it through the firewall host configuration
104 -- Proxmox Support Team <support@proxmox.com> Wed, 09 Jan 2019 16:56:17 +0100
106 pve-firewall (3.0-16) unstable; urgency=medium
108 * api/rules: fix macro return type
110 -- Proxmox Support Team <support@proxmox.com> Fri, 30 Nov 2018 16:02:59 +0100
112 pve-firewall (3.0-15) unstable; urgency=medium
114 * fix #1971: display firewall rule properties
116 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Nov 2018 14:01:33 +0100
118 pve-firewall (3.0-14) unstable; urgency=medium
120 * fix #1841: avoid ebtable reloads when containers have multiple network
123 -- Proxmox Support Team <support@proxmox.com> Fri, 24 Aug 2018 10:51:04 +0200
125 pve-firewall (3.0-13) unstable; urgency=medium
127 * avoid unnecessary reloads of ebtable ruleset
129 -- Proxmox Support Team <support@proxmox.com> Thu, 28 Jun 2018 14:47:16 +0200
131 pve-firewall (3.0-12) unstable; urgency=medium
133 * fix deleted iptables chains not being properly detected as a change
135 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Jun 2018 12:01:02 +0200
137 pve-firewall (3.0-11) unstable; urgency=medium
139 * #1764: rename 'ebtales_enable' option to 'ebtables'
141 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Jun 2018 16:18:13 +0200
143 pve-firewall (3.0-10) unstable; urgency=medium
145 * fix #1764: handle existing ebtables rules and allow disabling ebtables
147 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
148 ebtables_enable option.
150 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
152 pve-firewall (3.0-9) unstable; urgency=medium
154 * fix creation of ebltables FORWARD rule entry
156 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
158 pve-firewall (3.0-8) unstable; urgency=medium
160 * add ebtables support for better MAC filtering
162 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
164 pve-firewall (3.0-7) unstable; urgency=medium
166 * support distinct source and destination multi-port matching
168 * multi-port matching: when specifying the same list of ports for source and
169 destination require them both to match, rather than one of them, as this
170 was rather unexpected behavior
172 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
174 pve-firewall (3.0-6) unstable; urgency=medium
176 * fix #1319: don't fail postinst with masked service
178 * debian: switch to compat 9, drop init scripts, drop preinst
180 * check multiport limit in port ranges
182 * build: use git rev-parse for GITVERSION
184 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
186 pve-firewall (3.0-5) unstable; urgency=medium
188 * fix issue with disabled flag not being honored within groups
190 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
192 pve-firewall (3.0-4) unstable; urgency=medium
194 * fix issues with ipsets reloading unnecessarily or too late
196 * fix some typos in the logs
198 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
200 pve-firewall (3.0-3) unstable; urgency=medium
202 * Fix #1492: logger: use current timestamp if the packet doesn't have one
204 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
206 pve-firewall (3.0-2) unstable; urgency=medium
208 * Fix #1446: remove masks in case the package had previously been removed but
211 * improve logging on errors in the firewall configuration
213 * forbid trailing commas in lists as iptables-restore doesn't support them
215 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
217 pve-firewall (3.0-1) unstable; urgency=medium
219 * rebuild for Debian Stretch
221 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
223 pve-firewall (2.0-33) unstable; urgency=medium
225 * ipset: don't allow zero-prefix entries
227 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
229 pve-firewall (2.0-32) unstable; urgency=medium
231 * improve search for local-network
233 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
235 pve-firewall (2.0-31) unstable; urgency=medium
237 * don't try to apply ports to rules which don't support them
239 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
241 pve-firewall (2.0-30) unstable; urgency=medium
243 * add multicast DNS to the list of Macros
245 * add missing parameter descriptions
247 * build-depends: add dh-systemd
249 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
251 pve-firewall (2.0-29) unstable; urgency=medium
253 * prevent overwriting ipsets/sec. groups by renaming
255 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
257 pve-firewall (2.0-28) unstable; urgency=medium
259 * use pve-common's ipv4_mask_hash_localnet
261 * fix allowed group name length
263 * make group digest stable
265 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
267 pve-firewall (2.0-27) unstable; urgency=medium
269 * fix #972: make PVEFW-FWBR-* rule order stable
271 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
273 pve-firewall (2.0-26) unstable; urgency=medium
275 * fix #988: set rp_filter=2
277 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
279 pve-firewall (2.0-25) unstable; urgency=medium
281 * fix #945: add uninitialized check in lxc ipset compilation
283 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
285 pve-firewall (2.0-24) unstable; urgency=medium
287 * Build-Depend on pve-doc-generator
289 * generate manpage with pve-doc-generator
291 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
293 pve-firewall (2.0-23) unstable; urgency=medium
295 * use only the top bit for our accept marks
297 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
299 pve-firewall (2.0-22) unstable; urgency=medium
301 * Use cfs_config_path from PVE::QemuConfig
303 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
305 pve-firewall (2.0-21) unstable; urgency=medium
307 * added new 'ipfilter' option
309 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
311 pve-firewall (2.0-20) unstable; urgency=medium
313 * fix 901: encode unicode characters in sha digest
315 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
317 pve-firewall (2.0-19) unstable; urgency=medium
319 * Add radv option to VM options
321 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
323 pve-firewall (2.0-18) unstable; urgency=medium
325 * Add ndp option to host and VM firewall options
327 * Add router-solicitation to NeighborDiscovery macro
329 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
331 pve-firewall (2.0-17) unstable; urgency=medium
333 * Don't leave empty FW config files behind
335 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
337 pve-firewall (2.0-16) unstable; urgency=medium
339 * logger: basic ipv6 support
343 * add dhcpv6 support to the dhcp option
345 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
347 pve-firewall (2.0-15) unstable; urgency=medium
349 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
351 * fix some regular expressions mixups
353 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
355 pve-firewall (2.0-14) unstable; urgency=medium
357 * fix systemd service dependencies
359 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
361 pve-firewall (2.0-13) unstable; urgency=medium
363 * allow numeric icmp types
365 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
367 pve-firewall (2.0-12) unstable; urgency=medium
369 * implement bash completions
371 * convert pve-firewall into a PVE::Service class
373 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
375 pve-firewall (2.0-11) unstable; urgency=medium
377 * iptables_get_chains: fix veth device name
379 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
381 pve-firewall (2.0-10) unstable; urgency=medium
383 * new helper: clone_vmfw_conf()
385 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
387 pve-firewall (2.0-9) unstable; urgency=medium
389 * remove firewall config file subroutine added
391 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
393 pve-firewall (2.0-8) unstable; urgency=medium
395 * adopt regresion tests for lxc containers
397 * removed firewall code for openVZ
399 * Subroutine verify_rule fixed to correctly check only for "net\d+"
400 interface device names
402 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
404 pve-firewall (2.0-7) unstable; urgency=medium
406 * added firewall code for lxc
408 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
410 pve-firewall (2.0-6) unstable; urgency=medium
412 * firewall ipversion comparison fix
414 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
416 pve-firewall (2.0-5) unstable; urgency=medium
418 * add ipv6 neighbor discovery and solicitation macros
420 * ip6tables accepts both spellings of the word neighbor
424 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
426 pve-firewall (2.0-4) unstable; urgency=medium
428 * include manual page for pve-firewall
430 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
432 pve-firewall (2.0-3) unstable; urgency=medium
434 * use noawait trigers for pve-api-updates
436 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
438 pve-firewall (2.0-2) unstable; urgency=medium
440 * trigger pve-api-updates event
442 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
444 pve-firewall (2.0-1) unstable; urgency=medium
446 * recompile for debian jessie
448 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
450 pve-firewall (1.0-18) unstable; urgency=low
454 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
456 pve-firewall (1.0-17) unstable; urgency=low
458 * fix restart behavior
460 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
462 pve-firewall (1.0-16) unstable; urgency=low
464 * use new Daemon class from pve-common
466 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
468 pve-firewall (1.0-15) unstable; urgency=low
470 * bug fix: load cluster conf for host rules
472 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
474 pve-firewall (1.0-14) unstable; urgency=low
476 * do not use ipset list chains
478 * remove preinst script (not needed anymore)
480 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
482 pve-firewall (1.0-13) unstable; urgency=low
484 * fix ipset remove order
486 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
488 pve-firewall (1.0-12) unstable; urgency=low
490 * add preinst script to clear ipset from older installation (because
491 sets cannot be swapped if there type does not match.
493 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
495 pve-firewall (1.0-11) unstable; urgency=low
497 * bug fix: correctly set ipversion for aliases in verify_rule
499 * save restore commands into files to make debugging
500 easier (/var/lib/pve-firewall/)
502 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
504 pve-firewall (1.0-10) unstable; urgency=low
506 * add IPv6 support for VMs (hostfw is IPv4 only)
508 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
510 pve-firewall (1.0-9) unstable; urgency=low
512 * fix max ipset name name length
514 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
516 pve-firewall (1.0-8) unstable; urgency=low
518 * implement permission
520 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
522 pve-firewall (1.0-7) unstable; urgency=low
524 * proxy host rule API calls to correct node
526 * always generate MAC and IP filter rules if firewall is enabled on NIC
528 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
530 pve-firewall (1.0-6) unstable; urgency=low
532 * ipmlement ipfilter ipsets
534 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
536 pve-firewall (1.0-5) unstable; urgency=low
538 * remove ipsets when firewall disabled
540 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
542 pve-firewall (1.0-4) unstable; urgency=low
544 * depend on iptables and ipset
546 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
548 pve-firewall (1.0-3) unstable; urgency=low
550 * change dh_installinit order (register pvefw-logger before pve-firewall)
552 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
554 pve-firewall (1.0-2) unstable; urgency=low
556 * add experimental nflog logging daemon
558 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
560 pve-firewall (1.0-1) unstable; urgency=low
564 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100