Overview Repositories Revisions Requests Users Attributes Meta

Revisions of shorewall

buildservice-autocommit accepted request 810932 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 269) 
baserev update by copy to link target
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) committed (revision 268) 
- Update to bugfix version 5.2.4.5
  + The description of the 'optional' option has been expanded in
    shorewall-interfaces(5).
  + Previously, the AUTOMAKE option did not work properly when
    /etc/shorewall[6] was a symbolic link. That has been corrected.
- Packaging
  + Remove broken %pretrans, move content to %pre
  + Remove use of %release in rpm scriptlet
  + This will avoid constant rebuild.
buildservice-autocommit accepted request 799547 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 267) 
baserev update by copy to link target
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) committed (revision 266) 
- Update to bugfix version 5.2.4.4
  + When DYNAMIC_BLACKLIST=ipset... or when SAVE_IPSETS=Yes in
    shorewall[6].conf, 'shorewall[6] start' could hang. Fixed.
  + 'shorewall[6] start' would not automatically create dynamic
    blacklisting ipsets. That has been corrected.
- This version will served also as maintenance upgrade for Leap
buildservice-autocommit accepted request 796435 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 265) 
baserev update by copy to link target
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) committed (revision 264) 
- Update to version 5.2.4.2
  https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt
  + Fixes for debian
- Update to version 5.2.4.1
  + Fixes for openSUSE shorewall-init
  will now ignore 'start' and 'stop' commands, for running firewalls
  + Spurious messages have been removed
- Packaging
  + Move /usr/sbin/shorewall to shorewall-core so -lite version
    doesn't need main shorewall package
  + To make shorewall remote-* command working we patch lib.cli-std
    to use /usr/sbin instead of /sbin + commented spec
  + Desactivate for the moment the upgrade warning. we need to
    find a 100% working solution.
  + use %{var} form everywhere
buildservice-autocommit accepted request 793944 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 263) 
baserev update by copy to link target
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) committed (revision 262) 
  new problem in TW
- To fix boo#1166114 never restart shorewall-init.service
  macro service_del_postun is replaced by simplier systemd_postun
- Remove conflict between main and lite package.
  A managing station need main to build configuration and can use
  -lite to execute it. Users are in charge of choosing which
  service has to be started and used. ❤ Freedom
  https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt
- Add version to requires in -lite version
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) committed (revision 261) 
- Add perl-base as buildrequirement to force choice of SHA-DIGEST
- Add sed patch line to shorewall-init.service modifying state
  RemainAfterExit=yes become RemainAfterExit=no
  This fix boo#1166114 (no more restart) on mandatory macro
  service_del_postun as the service in no more restarted.
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) committed (revision 260) 
- Remove shorewall require from shorewall-init (was a forgoten
  action)
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) accepted request 790648 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 259) 
- Update to version 5.2.4
  https://shorewall.org/pub/shorewall/5.2/shorewall-5.2.4/releasenotes.txt 
  + Previously, when a Shorewall6 firewall was placed into the
    'stopped' state, ICMP6 packets required by RFC 4890 were not
    automatically accepted by the generated ruleset.
    Beginning with this release, those packets are automatically
    accepted.
  + Previously, the output of 'shorewall[6] help' displayed the
    superseded 'load' command. That text has been deleted.
  + The QOSExample.html file in the documentation and on the web site
    previously showed tcrules content for the /etc/shorewall/mangle
    file (recall that 'mangle' superseded 'tcrules'). That page has
    been corrected.
  + The 'Starting and Stopping' and 'Configuration file basics'
    documents have been updated to align them with the current product
    behavior.
  +  The 'ipsets' document has been updated to clarify the use of
    ipsets in the stoppedrules file.
- Packaging
  + shorewall-init package has a removed %service_del_postun
    macro to close bug boo#1166114 Restarting this service can
    lock down admin out of the system.
  + shorewall(6) and shorewall(6)-lite conflict has they shouldn't
    be installed together on the same system.
  + conf_update flag is set to 1 to activate update reminder
  + Adjust and cleanup requires
buildservice-autocommit accepted request 785459 from Paolo Stivanin's avatar Paolo Stivanin (polslinux) (revision 258) 
baserev update by copy to link target
Paolo Stivanin's avatar Paolo Stivanin (polslinux) accepted request 785384 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 257) 
- Update to minor bugfix version 5.2.3.7
  + When DOCKER=Yes, if both the DOCKER-ISOLATE and
    DOCKER-ISOLATE-STAGE-1 existed then the DOCKER-ISOLATE-STAGE-*
    chains were not preserved through shorewall state changes.
    That has been corrected so that both chains are preserved if
    present.
  + Previously, the compiler always detected the OLD_CONNTRACK_MATCH
    capability as being available in IPv6. When OLD_CONNTRACK_MATCH
    was available, the compiler also mishandled inversion ('!') in the
    ORIGDEST columns, leading to an assertion failure.
    Both the incorrect capability detection and the mishandled
    inversion have been corrected.
  + During 'enable' processing, if address variables associated with
    the interface have values different than those when the firewall
    was last started/restarted/reloaded, then a 'reload' is performed
    rather than a simple 'enable'. The logic that checks for those
    changes was incorrect in some configurations, leading to unneeded
    reload operations. That has been corrected.
  + When MANGLE_ENABLED=No in shorewall[6].conf, some features
    requiring use of the mangle table can be allowed, even though the
    mangle table is not updated. That has been corrected such that use
    of such features will raise an error.
  + When the IfEvent(...,reset) action was invoked, the compiler
    previously emitted a spurious "Resetting..." message. That message
    has been suppressed.
- Packaging
  + Do not provide anymore unsused notrack file
  + Introduce define conf_need_update to track when we activate the
  + Add version to requires in -lite version
buildservice-autocommit accepted request 774964 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 256) 
baserev update by copy to link target
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) accepted request 774963 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 255) 
- Update to bugfix minor 5.2.3.6
  + Fix for possible start failure when both Docker containers 
    and Libvirt VMs were in use.
buildservice-autocommit accepted request 769770 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 254) 
baserev update by copy to link target
buildservice-autocommit accepted request 766579 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 252) 
baserev update by copy to link target
Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) accepted request 766493 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 251) 
- Update to bugfix minor 5.2.3.5
  + A typo in the FTP documentation has been corrected.
  + The recommended mss setting when using IPSec with ipcomp
    has been corrected.
  + A number of incorrect links in the manpages have been
    corrected.
  + The 'bypass' option is now allowed when specifying an
    NFQUEUE policy. Previously, specifying that option resulted
    in an error.
  + Corrected IPv6 Address Range parsing.
  + Previously, such ranges were required to be of the form
    [<addr1>-<addr2>] rather than the more standard form
    [<addr1>]-[<addr2>]. In the snat file (and in nat actions),
    the latter form was actually flagged as an error while in
    other contexts, it resulted in a less obvious error being
    raised.
  + The manpages have been updated to refer to
    https://shorewall.org rather than http://www.shorewall.org.
- Refresh spec file
buildservice-autocommit accepted request 730211 from Bruno Friedmann's avatar Bruno Friedmann (bruno_friedmann) (revision 250) 
baserev update by copy to link target
Displaying revisions 21 - 40 of 289
openSUSE Build Service is sponsored by
Places