+pve-firewall (5.0.4) bookworm; urgency=medium
+
+ * fix #5335: stable sorting in cluster.fw
+
+ * add configuration option for new nftables firewall tech-preview
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2024 20:04:09 +0200
+
+pve-firewall (5.0.3) bookworm; urgency=medium
+
+ * fix resolution of scoped aliases in ipsets
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 17 Jul 2023 10:39:28 +0200
+
+pve-firewall (5.0.2) bookworm; urgency=medium
+
+ * fix #4556: api: return scoped IPSets and aliases
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 21 Jun 2023 19:17:19 +0200
+
+pve-firewall (5.0.1) bookworm; urgency=medium
+
+ * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 07 Jun 2023 16:06:10 +0200
+
+pve-firewall (5.0.0) bookworm; urgency=medium
+
+ * switch to native versioning scheme
+
+ * build for Proxmox VE 8 / Debian 12 Bookworm
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 22 May 2023 14:43:58 +0200
+
+pve-firewall (4.3-2) bullseye; urgency=medium
+
+ * fix variables declared in conditional statement
+
+ * fix #4730: add safeguards to prevent ICMP type misuse
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 16 May 2023 11:17:58 +0200
+
+pve-firewall (4.3-1) bullseye; urgency=medium
+
+ * allow entering IP address with the host bits (those inside the mask) not
+ being all zero non-zero, like 192.168.1.155/24 for example.
+
+ * api: firewall logger: add optional parameters `since` and `until` for
+ time-range filtering
+
+ * fix #4550: host options: add nf_conntrack_helpers to compensate that
+ kernel 6.1 and newer have removed the auto helpers
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 17 Mar 2023 15:24:56 +0100
+
+pve-firewall (4.2-7) bullseye; urgency=medium
+
+ * fix #4018: add firewall macro for SPICE proxy
+
+ * fix #4204: automatically update each usage of a group to the new ID when
+ it is renamed
+
+ * fix #4268: add 'force' parameter to delete IPSet with members
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 17 Nov 2022 19:53:04 +0100
+
+pve-firewall (4.2-6) bullseye; urgency=medium
+
+ * config defaults: document that the mac filter defaults to on
+
+ * fix #4175: ignore non-filter ebtables tables
+
+ * fix enabling ebtables if VM firewall config is invalid
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 29 Aug 2022 09:43:53 +0200
+
+pve-firewall (4.2-5) bullseye; urgency=medium
+
+ * fix #3677 ipset get chains: handle newer ipset output for actual
+ change detection
+
+ -- Proxmox Support Team <support@proxmox.com> Thu, 04 Nov 2021 16:37:13 +0100
+
+pve-firewall (4.2-4) bullseye; urgency=medium
+
+ * re-build to avoid issues stemming from semi-broken systemd-debhelper version
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 12 Oct 2021 10:39:05 +0200
+
+pve-firewall (4.2-3) bullseye; urgency=medium
+
+ * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the
+ default drop and reject actions
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 10 Sep 2021 13:00:07 +0200
+
+pve-firewall (4.2-2) bullseye; urgency=medium
+
+ * re-set relevant sysctls on every apply round
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 21 Jun 2021 11:31:42 +0200
+
+pve-firewall (4.2-1) bullseye; urgency=medium
+
+ * fix #967: source: dest: limit length
+
+ * re-build for Debian 11 Bullseye based releases (Proxmox VE 7)
+
+ * fix #2358: allow --<opt> in firewall rule config files
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 12 May 2021 20:32:30 +0200
+
+pve-firewall (4.1-3) pve; urgency=medium
+
+ * fix #2773: ebtables: keep policy of custom chains
+
+ * introduce new icmp-type parameter
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 18 Sep 2020 16:51:27 +0200
+
+pve-firewall (4.1-2) pve; urgency=medium
+
+ * revert: rules: verify referenced security group exists
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 06 May 2020 17:41:36 +0200
+
+pve-firewall (4.1-1) pve; urgency=medium
+
+ * logging: add missing log message for inbound rules
+
+ * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP
+
+ * IPSets: parse the CIDR before checking for duplicates
+
+ * verify that a referenced security group exists
+
+ * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255'
+
+ * ICMP: allow one to specify the 'echo-reply' (0) type also as integer
+
+ * improve handling concurrent (parallel) access and modifications to rules
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 04 May 2020 15:01:57 +0200
+
+pve-firewall (4.0-10) pve; urgency=medium
+
+ * macros: add macro for Proxmox Mail Gateway web interface
+
+ * api node: always pass cluster conf to node FW parser to fix false positive
+ error message about non existing aliases, or IP sets, when querying the
+ node FW options GET API call.
+
+ * grammar fix: s/does not exists/does not exist/g
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 27 Jan 2020 19:25:49 +0100
+
+pve-firewall (4.0-9) pve; urgency=medium
+
+ * ensure port range used for offline storage migration and insecure migration
+ traffic is allowed by default rule set.
+
+ -- Proxmox Support Team <support@proxmox.com> Tue, 03 Dec 2019 08:12:20 +0100
+
+pve-firewall (4.0-8) pve; urgency=medium
+
+ * increase default nf_conntrack_max to the kernel's default
+
+ * fix some "use of uninitialized value" warnings when updating CIDRs
+
+ * update schema documentation
+
+ * add explicit dependency on libpve-cluster-perl
+
+ * add support for "raw" tables
+
+ * add options for synflood protection for host firewall:
+ - nf_conntrack_tcp_timeout_syn_recv
+ - protection_synflood: boolean
+ - protection_synflood_rate: SYN rate limit (default 200 per second)
+ - protection_synflood_burst: SYN burst limit (default 1000)
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 18 Nov 2019 13:48:20 +0100
+
+pve-firewall (4.0-7) pve; urgency=medium
+
+ * only add VM chains and rules if VM firewall is enabled
+
+ -- Proxmox Support Team <support@proxmox.com> Wed, 7 Aug 2019 10:55:06 +0200
+
pve-firewall (4.0-6) pve; urgency=medium
* firewall macros: add new Ceph protocol v2 port while keeping v1 port
projects / pve-firewall.git / blobdiff