1 pve-firewall (3.0-10) unstable; urgency=medium
3 * fix #1764: handle existing ebtables rules and allow disabling ebtables
5 * ebtables handling can be disabled via /etc/pve/firewall/cluster.fw's new
6 ebtables_enable option.
8 -- Proxmox Support Team <support@proxmox.com> Tue, 29 May 2018 15:14:33 +0200
10 pve-firewall (3.0-9) unstable; urgency=medium
12 * fix creation of ebltables FORWARD rule entry
14 -- Proxmox Support Team <support@proxmox.com> Thu, 17 May 2018 14:41:27 +0200
16 pve-firewall (3.0-8) unstable; urgency=medium
18 * add ebtables support for better MAC filtering
20 -- Proxmox Support Team <support@proxmox.com> Wed, 11 Apr 2018 14:25:41 +0200
22 pve-firewall (3.0-7) unstable; urgency=medium
24 * support distinct source and destination multi-port matching
26 * multi-port matching: when specifying the same list of ports for source and
27 destination require them both to match, rather than one of them, as this
28 was rather unexpected behavior
30 -- Proxmox Support Team <support@proxmox.com> Mon, 12 Mar 2018 14:58:08 +0100
32 pve-firewall (3.0-6) unstable; urgency=medium
34 * fix #1319: don't fail postinst with masked service
36 * debian: switch to compat 9, drop init scripts, drop preinst
38 * check multiport limit in port ranges
40 * build: use git rev-parse for GITVERSION
42 -- Proxmox Support Team <support@proxmox.com> Thu, 08 Mar 2018 13:53:11 +0100
44 pve-firewall (3.0-5) unstable; urgency=medium
46 * fix issue with disabled flag not being honored within groups
48 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Dec 2017 08:31:42 +0100
50 pve-firewall (3.0-4) unstable; urgency=medium
52 * fix issues with ipsets reloading unnecessarily or too late
54 * fix some typos in the logs
56 -- Proxmox Support Team <support@proxmox.com> Thu, 16 Nov 2017 11:41:56 +0100
58 pve-firewall (3.0-3) unstable; urgency=medium
60 * Fix #1492: logger: use current timestamp if the packet doesn't have one
62 -- Proxmox Support Team <support@proxmox.com> Tue, 12 Sep 2017 14:43:06 +0200
64 pve-firewall (3.0-2) unstable; urgency=medium
66 * Fix #1446: remove masks in case the package had previously been removed but
69 * improve logging on errors in the firewall configuration
71 * forbid trailing commas in lists as iptables-restore doesn't support them
73 -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2017 15:24:40 +0200
75 pve-firewall (3.0-1) unstable; urgency=medium
77 * rebuild for Debian Stretch
79 -- Proxmox Support Team <support@proxmox.com> Thu, 9 Mar 2017 14:04:17 +0100
81 pve-firewall (2.0-33) unstable; urgency=medium
83 * ipset: don't allow zero-prefix entries
85 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 12:18:04 +0100
87 pve-firewall (2.0-32) unstable; urgency=medium
89 * improve search for local-network
91 -- Proxmox Support Team <support@proxmox.com> Tue, 29 Nov 2016 06:35:08 +0100
93 pve-firewall (2.0-31) unstable; urgency=medium
95 * don't try to apply ports to rules which don't support them
97 -- Proxmox Support Team <support@proxmox.com> Thu, 06 Oct 2016 08:31:51 +0200
99 pve-firewall (2.0-30) unstable; urgency=medium
101 * add multicast DNS to the list of Macros
103 * add missing parameter descriptions
105 * build-depends: add dh-systemd
107 -- Proxmox Support Team <support@proxmox.com> Fri, 16 Sep 2016 08:53:16 +0200
109 pve-firewall (2.0-29) unstable; urgency=medium
111 * prevent overwriting ipsets/sec. groups by renaming
113 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 16:46:10 +0200
115 pve-firewall (2.0-28) unstable; urgency=medium
117 * use pve-common's ipv4_mask_hash_localnet
119 * fix allowed group name length
121 * make group digest stable
123 -- Proxmox Support Team <support@proxmox.com> Fri, 03 Jun 2016 11:01:47 +0200
125 pve-firewall (2.0-27) unstable; urgency=medium
127 * fix #972: make PVEFW-FWBR-* rule order stable
129 -- Proxmox Support Team <support@proxmox.com> Tue, 17 May 2016 07:59:52 +0200
131 pve-firewall (2.0-26) unstable; urgency=medium
133 * fix #988: set rp_filter=2
135 -- Proxmox Support Team <support@proxmox.com> Mon, 09 May 2016 10:01:28 +0200
137 pve-firewall (2.0-25) unstable; urgency=medium
139 * fix #945: add uninitialized check in lxc ipset compilation
141 -- Proxmox Support Team <support@proxmox.com> Thu, 21 Apr 2016 09:58:33 +0200
143 pve-firewall (2.0-24) unstable; urgency=medium
145 * Build-Depend on pve-doc-generator
147 * generate manpage with pve-doc-generator
149 -- Proxmox Support Team <support@proxmox.com> Wed, 06 Apr 2016 10:52:45 +0200
151 pve-firewall (2.0-23) unstable; urgency=medium
153 * use only the top bit for our accept marks
155 -- Proxmox Support Team <support@proxmox.com> Fri, 01 Apr 2016 07:35:38 +0200
157 pve-firewall (2.0-22) unstable; urgency=medium
159 * Use cfs_config_path from PVE::QemuConfig
161 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Mar 2016 11:47:40 +0100
163 pve-firewall (2.0-21) unstable; urgency=medium
165 * added new 'ipfilter' option
167 -- Proxmox Support Team <support@proxmox.com> Thu, 03 Mar 2016 09:43:39 +0100
169 pve-firewall (2.0-20) unstable; urgency=medium
171 * fix 901: encode unicode characters in sha digest
173 -- Proxmox Support Team <support@proxmox.com> Mon, 29 Feb 2016 12:40:14 +0100
175 pve-firewall (2.0-19) unstable; urgency=medium
177 * Add radv option to VM options
179 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Feb 2016 10:24:42 +0100
181 pve-firewall (2.0-18) unstable; urgency=medium
183 * Add ndp option to host and VM firewall options
185 * Add router-solicitation to NeighborDiscovery macro
187 -- Proxmox Support Team <support@proxmox.com> Fri, 19 Feb 2016 10:01:22 +0100
189 pve-firewall (2.0-17) unstable; urgency=medium
191 * Don't leave empty FW config files behind
193 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Feb 2016 14:09:24 +0100
195 pve-firewall (2.0-16) unstable; urgency=medium
197 * logger: basic ipv6 support
201 * add dhcpv6 support to the dhcp option
203 -- Proxmox Support Team <support@proxmox.com> Tue, 26 Jan 2016 16:52:14 +0100
205 pve-firewall (2.0-15) unstable; urgency=medium
207 * fix bug #859: use $security_group_name_pattern in iptables_get_chains
209 * fix some regular expressions mixups
211 -- Proxmox Support Team <support@proxmox.com> Thu, 07 Jan 2016 16:33:23 +0100
213 pve-firewall (2.0-14) unstable; urgency=medium
215 * fix systemd service dependencies
217 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Nov 2015 10:52:57 +0100
219 pve-firewall (2.0-13) unstable; urgency=medium
221 * allow numeric icmp types
223 -- Proxmox Support Team <support@proxmox.com> Fri, 23 Oct 2015 13:21:53 +0200
225 pve-firewall (2.0-12) unstable; urgency=medium
227 * implement bash completions
229 * convert pve-firewall into a PVE::Service class
231 -- Proxmox Support Team <support@proxmox.com> Thu, 24 Sep 2015 12:15:00 +0200
233 pve-firewall (2.0-11) unstable; urgency=medium
235 * iptables_get_chains: fix veth device name
237 -- Proxmox Support Team <support@proxmox.com> Tue, 08 Sep 2015 07:54:35 +0200
239 pve-firewall (2.0-10) unstable; urgency=medium
241 * new helper: clone_vmfw_conf()
243 -- Proxmox Support Team <support@proxmox.com> Tue, 25 Aug 2015 06:47:49 +0200
245 pve-firewall (2.0-9) unstable; urgency=medium
247 * remove firewall config file subroutine added
249 -- Proxmox Support Team <support@proxmox.com> Wed, 19 Aug 2015 15:42:51 +0200
251 pve-firewall (2.0-8) unstable; urgency=medium
253 * adopt regresion tests for lxc containers
255 * removed firewall code for openVZ
257 * Subroutine verify_rule fixed to correctly check only for "net\d+"
258 interface device names
260 -- Proxmox Support Team <support@proxmox.com> Wed, 12 Aug 2015 12:01:43 +0200
262 pve-firewall (2.0-7) unstable; urgency=medium
264 * added firewall code for lxc
266 -- Proxmox Support Team <support@proxmox.com> Mon, 10 Aug 2015 09:21:14 +0200
268 pve-firewall (2.0-6) unstable; urgency=medium
270 * firewall ipversion comparison fix
272 -- Proxmox Support Team <support@proxmox.com> Tue, 04 Aug 2015 11:14:51 +0200
274 pve-firewall (2.0-5) unstable; urgency=medium
276 * add ipv6 neighbor discovery and solicitation macros
278 * ip6tables accepts both spellings of the word neighbor
282 -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jul 2015 13:20:55 +0200
284 pve-firewall (2.0-4) unstable; urgency=medium
286 * include manual page for pve-firewall
288 -- Proxmox Support Team <support@proxmox.com> Sat, 27 Jun 2015 16:26:28 +0200
290 pve-firewall (2.0-3) unstable; urgency=medium
292 * use noawait trigers for pve-api-updates
294 -- Proxmox Support Team <support@proxmox.com> Mon, 01 Jun 2015 12:33:06 +0200
296 pve-firewall (2.0-2) unstable; urgency=medium
298 * trigger pve-api-updates event
300 -- Proxmox Support Team <support@proxmox.com> Tue, 05 May 2015 15:10:24 +0200
302 pve-firewall (2.0-1) unstable; urgency=medium
304 * recompile for debian jessie
306 -- Proxmox Support Team <support@proxmox.com> Fri, 27 Feb 2015 12:22:04 +0100
308 pve-firewall (1.0-18) unstable; urgency=low
312 -- Proxmox Support Team <support@proxmox.com> Mon, 09 Feb 2015 09:32:03 +0100
314 pve-firewall (1.0-17) unstable; urgency=low
316 * fix restart behavior
318 -- Proxmox Support Team <support@proxmox.com> Thu, 15 Jan 2015 06:45:58 +0100
320 pve-firewall (1.0-16) unstable; urgency=low
322 * use new Daemon class from pve-common
324 -- Proxmox Support Team <support@proxmox.com> Thu, 18 Dec 2014 09:45:07 +0100
326 pve-firewall (1.0-15) unstable; urgency=low
328 * bug fix: load cluster conf for host rules
330 -- Proxmox Support Team <support@proxmox.com> Fri, 12 Dec 2014 06:33:28 +0100
332 pve-firewall (1.0-14) unstable; urgency=low
334 * do not use ipset list chains
336 * remove preinst script (not needed anymore)
338 -- Proxmox Support Team <support@proxmox.com> Fri, 05 Dec 2014 13:42:00 +0100
340 pve-firewall (1.0-13) unstable; urgency=low
342 * fix ipset remove order
344 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 12:45:48 +0100
346 pve-firewall (1.0-12) unstable; urgency=low
348 * add preinst script to clear ipset from older installation (because
349 sets cannot be swapped if there type does not match.
351 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:59:38 +0100
353 pve-firewall (1.0-11) unstable; urgency=low
355 * bug fix: correctly set ipversion for aliases in verify_rule
357 * save restore commands into files to make debugging
358 easier (/var/lib/pve-firewall/)
360 -- Proxmox Support Team <support@proxmox.com> Fri, 28 Nov 2014 08:04:05 +0100
362 pve-firewall (1.0-10) unstable; urgency=low
364 * add IPv6 support for VMs (hostfw is IPv4 only)
366 -- Proxmox Support Team <support@proxmox.com> Wed, 26 Nov 2014 07:00:29 +0100
368 pve-firewall (1.0-9) unstable; urgency=low
370 * fix max ipset name name length
372 -- Proxmox Support Team <support@proxmox.com> Tue, 14 Oct 2014 16:29:34 +0200
374 pve-firewall (1.0-8) unstable; urgency=low
376 * implement permission
378 -- Proxmox Support Team <support@proxmox.com> Mon, 08 Sep 2014 12:15:21 +0200
380 pve-firewall (1.0-7) unstable; urgency=low
382 * proxy host rule API calls to correct node
384 * always generate MAC and IP filter rules if firewall is enabled on NIC
386 -- Proxmox Support Team <support@proxmox.com> Thu, 26 Jun 2014 07:12:57 +0200
388 pve-firewall (1.0-6) unstable; urgency=low
390 * ipmlement ipfilter ipsets
392 -- Proxmox Support Team <support@proxmox.com> Thu, 12 Jun 2014 08:37:08 +0200
394 pve-firewall (1.0-5) unstable; urgency=low
396 * remove ipsets when firewall disabled
398 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 08:50:18 +0200
400 pve-firewall (1.0-4) unstable; urgency=low
402 * depend on iptables and ipset
404 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:45:33 +0200
406 pve-firewall (1.0-3) unstable; urgency=low
408 * change dh_installinit order (register pvefw-logger before pve-firewall)
410 -- Proxmox Support Team <support@proxmox.com> Wed, 04 Jun 2014 06:24:21 +0200
412 pve-firewall (1.0-2) unstable; urgency=low
414 * add experimental nflog logging daemon
416 -- Proxmox Support Team <support@proxmox.com> Thu, 13 Mar 2014 08:27:01 +0100
418 pve-firewall (1.0-1) unstable; urgency=low
422 -- Proxmox Support Team <support@proxmox.com> Mon, 03 Mar 2014 08:37:06 +0100
projects / pve-firewall.git / blob