Overview
Request 490302 accepted
Update to new git release 3.6.357:
- implementation of feature FATE#316295: allow incremental update of rpc
rules:
By calling "/usr/sbin/SuSEfirewall2 update-rpc [-s service]" you can now
cause SuSEfirewall to update its rpc related firewall rules to reflect the
current portmapper state in the system, without affecting the rest of the
firewall rule set.
This can for example be put in systemd unit files as ExecStartPost
directives, to always keep port mapping rules up to date, for certain rpc
services. Note that you still need to configure the rpc rules in
/etc/sysconfig/SuSEfirewall2 to make this work. See configuration variables:
FW_SERVICES_DROP_{EXT,INT,DMZ}
FW_SERVICES_ACCEPT_{EXT,INT,DMZ}
FW_SERVICES_{EXT,INT,DMZ}_RPC
- conntrack helpers: explicitly load kernel module to make sure conntrack
helper rules can be applied and to avoid errors messages if kernel module is
not loaded
Update to new git release 3.6.351:
- ship ftp-client service file for allowing active ftp client connections
easily. Also fix use of connection tracker helper on kernel >= 4.7 for ftp.
(boo#1034341)
Request History
mgerstner created request
Update to new git release 3.6.357:
- implementation of feature FATE#316295: allow incremental update of rpc
rules:
By calling "/usr/sbin/SuSEfirewall2 update-rpc [-s service]" you can now
cause SuSEfirewall to update its rpc related firewall rules to reflect the
current portmapper state in the system, without affecting the rest of the
firewall rule set.
This can for example be put in systemd unit files as ExecStartPost
directives, to always keep port mapping rules up to date, for certain rpc
services. Note that you still need to configure the rpc rules in
/etc/sysconfig/SuSEfirewall2 to make this work. See configuration variables:
FW_SERVICES_DROP_{EXT,INT,DMZ}
FW_SERVICES_ACCEPT_{EXT,INT,DMZ}
FW_SERVICES_{EXT,INT,DMZ}_RPC
- conntrack helpers: explicitly load kernel module to make sure conntrack
helper rules can be applied and to avoid errors messages if kernel module is
not loaded
Update to new git release 3.6.351:
- ship ftp-client service file for allowing active ftp client connections
easily. Also fix use of connection tracker helper on kernel >= 4.7 for ftp.
(boo#1034341)
licensedigger accepted review
ok
factory-auto added factory-repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
dimstar_suse set openSUSE:Factory:Staging:H as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:H"
dimstar_suse accepted review
Picked openSUSE:Factory:Staging:H
factory-repo-checker accepted review
Builds for repo security:netfilter/openSUSE_Factory
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory