X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=debian%2Fchangelog;h=24378efe357ed2ee52d5dccb2ec2f6a903820add;hp=f57a1978e3f68e380306f51989f90cdf2080c30b;hb=refs%2Fheads%2Fmaster;hpb=033a15b372734fcfb390c3b747f67bfa4643dabd

diff --git a/debian/changelog b/debian/changelog
index f57a197..7d62a41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,211 @@
+pve-firewall (5.0.7) bookworm; urgency=medium
+
+  * also signal force-disable nftables if FW is completely disabled
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 30 Apr 2024 10:30:16 +0200
+
+pve-firewall (5.0.6) bookworm; urgency=medium
+
+  * add flag to signal the new nftables-based proxmox-firewall that it's
+    disabled without the need to parse the config
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 26 Apr 2024 17:19:50 +0200
+
+pve-firewall (5.0.5) bookworm; urgency=medium
+
+  * simulator: adapt to more flexible bridge naming scheme
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 23 Apr 2024 13:11:43 +0200
+
+pve-firewall (5.0.4) bookworm; urgency=medium
+
+  * fix #5335: stable sorting in cluster.fw
+
+  * add configuration option for new nftables firewall tech-preview
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Apr 2024 20:04:09 +0200
+
+pve-firewall (5.0.3) bookworm; urgency=medium
+
+  * fix resolution of scoped aliases in ipsets
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 17 Jul 2023 10:39:28 +0200
+
+pve-firewall (5.0.2) bookworm; urgency=medium
+
+  * fix #4556: api: return scoped IPSets and aliases
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 21 Jun 2023 19:17:19 +0200
+
+pve-firewall (5.0.1) bookworm; urgency=medium
+
+  * fix #4556: support 'dc/' and 'guest/' prefix for aliases and ipsets
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 07 Jun 2023 16:06:10 +0200
+
+pve-firewall (5.0.0) bookworm; urgency=medium
+
+  * switch to native versioning scheme
+
+  * build for Proxmox VE 8 / Debian 12 Bookworm
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 22 May 2023 14:43:58 +0200
+
+pve-firewall (4.3-2) bullseye; urgency=medium
+
+  * fix variables declared in conditional statement
+
+  * fix #4730: add safeguards to prevent ICMP type misuse
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 16 May 2023 11:17:58 +0200
+
+pve-firewall (4.3-1) bullseye; urgency=medium
+
+  * allow entering IP address with the host bits (those inside the mask) not
+    being all zero non-zero, like 192.168.1.155/24 for example.
+
+  * api: firewall logger: add optional parameters `since` and `until` for
+    time-range filtering
+
+  * fix #4550: host options: add nf_conntrack_helpers to compensate that
+    kernel 6.1 and newer have removed the auto helpers
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 17 Mar 2023 15:24:56 +0100
+
+pve-firewall (4.2-7) bullseye; urgency=medium
+
+  * fix #4018: add firewall macro for SPICE proxy
+
+  * fix #4204: automatically update each usage of a group to the new ID when
+    it is renamed
+
+  * fix #4268: add 'force' parameter to delete IPSet with members
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 17 Nov 2022 19:53:04 +0100
+
+pve-firewall (4.2-6) bullseye; urgency=medium
+
+  * config defaults: document that the mac filter defaults to on
+
+  * fix #4175: ignore non-filter ebtables tables
+
+  * fix enabling ebtables if VM firewall config is invalid
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 29 Aug 2022 09:43:53 +0200
+
+pve-firewall (4.2-5) bullseye; urgency=medium
+
+  * fix #3677 ipset get chains: handle newer ipset output for actual
+    change detection
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 04 Nov 2021 16:37:13 +0100
+
+pve-firewall (4.2-4) bullseye; urgency=medium
+
+  * re-build to avoid issues stemming from semi-broken systemd-debhelper version
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 12 Oct 2021 10:39:05 +0200
+
+pve-firewall (4.2-3) bullseye; urgency=medium
+
+  * fix #2721: remove the (nowadays) bogus reject for TCP port 43 from the
+    default drop and reject actions
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 10 Sep 2021 13:00:07 +0200
+
+pve-firewall (4.2-2) bullseye; urgency=medium
+
+  * re-set relevant sysctls on every apply round
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 21 Jun 2021 11:31:42 +0200
+
+pve-firewall (4.2-1) bullseye; urgency=medium
+
+  * fix #967: source: dest: limit length
+
+  * re-build for Debian 11 Bullseye based releases (Proxmox VE 7)
+
+  * fix #2358: allow --<opt> in firewall rule config files
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 12 May 2021 20:32:30 +0200
+
+pve-firewall (4.1-3) pve; urgency=medium
+
+  * fix #2773: ebtables: keep policy of custom chains
+
+  * introduce new icmp-type parameter
+
+ -- Proxmox Support Team <support@proxmox.com>  Fri, 18 Sep 2020 16:51:27 +0200
+
+pve-firewall (4.1-2) pve; urgency=medium
+
+  * revert: rules: verify referenced security group exists
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 06 May 2020 17:41:36 +0200
+
+pve-firewall (4.1-1) pve; urgency=medium
+
+  * logging: add missing log message for inbound rules
+
+  * fix #2686: avoid adding 'arp-ip-src' IP filter if guests uses DHCP
+
+  * IPSets: parse the CIDR before checking for duplicates
+
+  * verify that a referenced security group exists
+
+  * ICMP: fix iptables-restore failing if ICMP-type values bigger than '255'
+
+  * ICMP: allow one to specify the 'echo-reply' (0) type also as integer
+
+  * improve handling concurrent (parallel) access and modifications to rules
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 04 May 2020 15:01:57 +0200
+
+pve-firewall (4.0-10) pve; urgency=medium
+
+  * macros: add macro for Proxmox Mail Gateway web interface
+
+  * api node: always pass cluster conf to node FW parser to fix false positive
+    error message about non existing aliases, or IP sets, when querying the
+    node FW options GET API call.
+
+  * grammar fix: s/does not exists/does not exist/g
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 27 Jan 2020 19:25:49 +0100
+
+pve-firewall (4.0-9) pve; urgency=medium
+
+  * ensure port range used for offline storage migration and insecure migration
+    traffic is allowed by default rule set.
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 03 Dec 2019 08:12:20 +0100
+
+pve-firewall (4.0-8) pve; urgency=medium
+
+  * increase default nf_conntrack_max to the kernel's default
+
+  * fix some "use of uninitialized value" warnings when updating CIDRs
+
+  * update schema documentation
+
+  * add explicit dependency on libpve-cluster-perl
+
+  * add support for "raw" tables
+
+  * add options for synflood protection for host firewall:
+    - nf_conntrack_tcp_timeout_syn_recv
+    - protection_synflood: boolean
+    - protection_synflood_rate: SYN rate limit (default 200 per second)
+    - protection_synflood_burst: SYN burst limit (default 1000)
+
+ -- Proxmox Support Team <support@proxmox.com>  Mon, 18 Nov 2019 13:48:20 +0100
+
+pve-firewall (4.0-7) pve; urgency=medium
+
+  * only add VM chains and rules if VM firewall is enabled
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 7 Aug 2019 10:55:06 +0200
+
 pve-firewall (4.0-6) pve; urgency=medium
 
   * firewall macros: add new Ceph protocol v2 port while keeping v1 port