-------------------------------------------------------------------
Tue Sep 14 09:37:49 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_firehol.service.patch
* harden_fireqos.service.patch
-------------------------------------------------------------------
Thu Dec 31 20:01:23 UTC 2020 - Mia Herkt <mia@0x0.st>
- firehol (3.1.7) - 2020-12-31
* FireHOL
- Fix dhcpv6 example to say dhcpv6 #438
- blacklist - add "nolog" option
- blacklist - reject with tcp-reset for outbound TCP connections
- firehol.service - Use `firehol start` for ExecReload=
- Don't drop icmpv6 rules with FIREHOL_RULESET_MODE optimal #372
* FireQos
- workaround for cases where "-ifb" name gets truncated
-------------------------------------------------------------------
Mon Aug 13 09:24:30 UTC 2018 - 9+suse@cirno.systems
- Drop useless _service
firehol (3.1.6) - 2018-08-13
* FireHOL
- Boot startup fix #260
- docker_bridge helper #114
- Allow newer iptables #264
- Log blocked/dropped packets in synproxy, mac, connlimit, fragments, ...
- Fix wait for netfilter ready when using namespaces
- Fast activation fixes #272
- Allow matching DSCP CS0; fixes #288
- Allow DROP_INVALID with any action (e.g. REJECT)
- Add option FIREHOL_ACCEPT_OUTPUT_UNMATCHED_TCP_RST
* FireQOS
- Fix status to works with newer iproute; fixes #317
* Link-Balancer
- linkdown: routes cannot be added or deleted whilst marked invalid #211
* Update-Ipsets
- Various fixes, including #266 #265
- List additions, updates and removals
- Minor enhancements
-------------------------------------------------------------------
Sun Sep 17 13:21:49 UTC 2017 - 9@cirno.systems
firehol (3.1.5) - 2017-09-17
* FireHOL
- Fix some links in documentation
* FireQOS
- Insert a rawmark mask if none specified
* Update-Ipsets
- Support serving ipset files from local web server
- Lower pressure on github
-------------------------------------------------------------------
Sun Aug 20 11:00:29 UTC 2017 - 9@cirno.systems
firehol (3.1.4) - 2017-08-20
* FireHOL
- Google hangouts port range fix #235
- Fix hashlimit option names #223
- Documentation improvements, marks #184 and cthelper #94
- Allow negating interface in blacklist #143
* FireQOS
- DSCP match fixes #248
- TCP match fix #249
- Improve docs on using act_connmark to match ingress marked traffic #231
* Update-Ipsets
- Added various lists, removed discontinued ones
- Include URL in user agent string in #217
- Relax umask to allow stats collection by netdata #221
-------------------------------------------------------------------
Sun Jul 9 00:13:02 UTC 2017 - jengelh@inai.de
- Avoid duplicate expansion of %service_*
- firehol-doc subpackage ought to be noarch
-------------------------------------------------------------------
Wed Mar 29 04:22:53 UTC 2017 - 9@cirno.systems
firehol (3.1.3) - 2017-02-17
* FireHOL
- Be more strict when detecting address ranges
Fixes #199 where hostnames such as x-2.example.com are incorrectly
identified as ranges.
* Common
- Create relative links to binaries, which prevents errors when
installing with DESTDIR other than /
Fix for #178 and #201 proposed by @kneeke
firehol (3.1.2) - 2017-02-05
* FireHOL
- Include user policies in chains before handling orphans. Fixes NFS
client where FIREHOL_DROP_ORPHAN_TCP_* options are in force.
- Do not allow server/client statements without any effect on the
firewall; #193
- Saved firewall contents made reproducible by always zeroing counters
and removing the dates from comments
* FireQOS
- Example had an ambiguous shebang which has been removed
* Common
- Running "make check" now exits non-zero if a test failed or none ran
- Various copyright updates
- Fixed pull requests from external repositories; these would previously
fail to build on Travis
-------------------------------------------------------------------
Thu Feb 2 10:06:45 UTC 2017 - 9@cirno.systems
- 3.1.1