Overview

File ferm.changes of Package ferm

-------------------------------------------------------------------
Fri Oct  3 12:39:30 UTC 2025 - Martin Hauke <mardnh@gmx.de>

- Update to version 2.7
  * updated netfilter modules:
    + MASQUERADE: support "--random-fully".
    + support nfacct module.
  * fix @resolve() wrapped in @ipfilter() and @cat().
  * fix @resolve() with empty result.
- Specfile cleanup
- Add patch
  * ferm-explicit_prototype.patch

-------------------------------------------------------------------
Thu Jun  3 18:50:26 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to 2.6
  - apply $PREFIX to systemd service file during install
  - support netfilter targets:
    * JOOL, JOOL_SIIT (out-of-tree)
  - updated netfilter modules:
    * CT: support "--zone-orig", "--zone-reply"
  - fix (deferred) functions within target arguments
  - "@preserve" supports regular expressions
  - fix negated @ipfilter/@resolve
  - @resolve filters out numeric IP addresses for the wrong domain
  - @resolve allows numeric IP address with netmask prefix
- Run spec-cleaner
- Add source tarball signature verification

-------------------------------------------------------------------
Wed Apr 29 12:40:31 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>

- update to 2.5.1
  - adjust multiport splicing for port ranges
  - fix lazy subchain protocol propagation for all protocols
  - default to --fast when Getopt::Long is not installed
  - fix $LINE after function call
  - add shortcuts "sports", "dports", "comment"
  - support netfilter targets:
    - RTPENGINE
  - updated netfilter modules:
    * ipv4options
    * time: support "--kerneltz", remove "--localtz"
  - make chain name length validation an error not a warning
  - support empty NOERROR responses in @resolve
  - use atomic table update with ebtables
  - fix $TABLE and $CHAIN evaluation in multi-table/multi-chain rules
  - copy protocol specification to subchains only if needed
  - make @resolve dual stack
  - allow passing arrays to @cat
  - add function @join
  - call "legacy" xtables tools because nft based tools are incompatible

-------------------------------------------------------------------
Mon Feb 26 14:18:26 UTC 2018 - mrueckert@suse.de

- update to 2.4.1
  - updated netfilter modules:
    * SYNPROXY: rename "timestamps" back to "timestamp"
    * recent: "--mask" has a value

-------------------------------------------------------------------
Sun Apr 30 22:55:57 UTC 2017 - mrueckert@suse.de

- update to 2.4
  - support netfilter match modules:
    * cgroup
  - updated netfilter modules:
    * recent: add mask, reap
  - sort domains and tables in --fast output
  - "@preserve" preserves existing chains
  - import-ferm: translate "-f" to "fragment"

-------------------------------------------------------------------
Sat Feb  4 19:13:14 UTC 2017 - mrueckert@suse.de

- update to 2.3.1
  - support netfilter match modules:
    * devgroup
    * geoip
    * socket
  - updated netfilter modules:
    * connlimit: add connlimit-upto, connlimit-saddr, connlimit-daddr
    * set: add return-nomatch, update-counters, update-subcounters,
      packets-eq, packets-lt, packets-gt, bytes-eq, bytes-lt, bytes-gt
    * SYNPROXY: rename "timestamp" to "timestamps"
    * TPROXY: add on-ip
  - @resolve returns IP addresses as-is
  - import-ferm: Perl 5.24 compatibility

-------------------------------------------------------------------
Sun Jul 17 23:37:54 UTC 2016 - mrueckert@suse.de

- update to 2.3
  - rename "realgoto" to "goto"
  - new keyword @gotosubchain
  - new functions @defined, @glob
  - support netfilter match modules:
    * bpf
    * connlabel
    * cpu
    * dst
    * ipvs
    * rpfilter
  - support netfilter targets:
    * CHECKSUM
    * CONNMARK: support set-xmark, nfmask, and-mark, or-mark,
      xor-mark
    * DNPT
    * HMARK
    * IDLETIMER
    * LED
    * NFQUEUE: support queue-balance, queue-bypass,
      queue-cpu-fanout
    * RATEEST
    * SET: support timeout, exist
    * SNPT
    * TCPOPTSTRIP
  - recognize BROUTING as built-in chain (for ebtables)
  - check exit status of included shell commands
  - documentation
    * fixed wrongly used quotation marks in piped @include example

-------------------------------------------------------------------
Fri Feb 19 00:19:44 UTC 2016 - mrueckert@suse.de

- install the workstation example config as default /etc/ferm.conf
- add /etc/ferm/ for includes to follow debian's example

-------------------------------------------------------------------
Fri Feb 19 00:08:52 UTC 2016 - mrueckert@suse.de

- initial package
openSUSE Build Service is sponsored by
Places