python3-firewall-0.9.3-150300.3.12.1<>,4cp9|Bz9ໜ!֘3e'YF} |*7u0v#oI=8=,;w,LXwϺq9KD`襝S c|+ Ni(XvvHɁ,LFp3  >>? d ' Flpx| $$ $ $ $ %$ %'*$,,../0(0Q80XK91K:7KFCGXHXIXXY\]^ bcdefl u4v4wxyzCpython3-firewall0.9.3150300.3.12.1Python3 bindings for FirewallDThe python3 bindings for firewalld.csheep03 >~SUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-laterhttps://www.suse.com/Productivity/Networking/Securityhttp://www.firewalld.orglinuxnoarch_+F== y)^  _hqK.h DyU houZK oJZ 6$DPv) R $ Qg$ <.a u'/+%hP| 1j>3_: 5R12J$fy>y JK'_1y)2R/ UD:SG!-uW oXA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤ccGcccccccccGcGccGccccGccGccccccccccccccccccccccccccccGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGccGcccccccccccccccGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGcGccGcccccccccccccGcGcGcGcGcGcGcGcGcGe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855b98d3058e41a5f99262751b0341ebbf0bd4fb1bb2d0b48594b68676579edfc7f674bfa4371e2335bb8e632a4d7d886df741dcab6171498a13043a7404842aa780f9904758c4937b1e82c467a4aa0ecf323f0f6597278d7b33eadb2f638b8b3b40d10e1a95fa485b4f86d23525b0d3c74a626c7711f687ffaae3ea862a7bc2fe7fd5699fbdb4b1e3d7518bba34fa4bf0505ff29775b30a6ba27c08c9893a165a1c1dafbedacdb16b143ee5584058071ffd61ff8779e8f74aeacb72a7c1f1da04f12137a3edfebb43a1f5a7b18fa59281a8d43f3a593e92b23179be65b6b701ef50ddc19c813701985df518d9546ae7185cc1f2171496f8d68456fe8bd4799c12e1f1e57527c0671eeb6b76ea1339b5e1c4bb151f97a1f8d556d78083c4050d228a91c40c9ff80de416788313609f6ca088827062087f80cf3550c9101891f24688d8057637810360f0bf4de9d01c0546dd70078e4303a6137c76d984968df25740cd2af71b8a6229a9a0b0b95aeed723833215104f48865b95bd43687c861932306dd28a10d8d2596f4b137f25d460f8aa962aeb4b564d059041d4c558d66e6d6e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855b98d3058e41a5f99262751b0341ebbf0bd4fb1bb2d0b48594b68676579edfc7fc1aeaa76cd36352e23491aa4f3ae42736e22d4a6d8b94b642b5448813b9834999d617449cd163b8923f91052d351215bd43b086ce77e08a1a66f139a6ffd87dfaf6282ef1ef5ce14b4b3ba22875056425466746e378782a8ee2a733dafc5ddcbf471c39f7747a78c1f2a8f5c1875b42c273c908388d73010c8e1e2ce8df9073e45912b2e24cc20bc25454044bdebdf176dcb26b263abda1b395a3d0c922a196af09a0eece1d6d08246685080efb90dddceebb57b94573184b6a23c2d58373a15e4754ebeb84f343dc8f288e032acdf81b834c2fc78e79e955bb8a15e30c9be6422995b585b04907334e7b068e82cd216c7922d2888a0a0c45060f81be9f7f05195fde8b8d29c29a2fe95d2d6b9bd986a038b6509ce0cf07d0fddde580eff84f8ee809ec33af373159752aff5268db6ddb6c44bda3dfb4c30812e54ed057cb850ef6ce3097930ce5c8ba0d6c4134b09c34d6f77f6c5b1256733a0eb4fe2d61ff9f5af3e51e7f469c24464b9029a029b4cc029eb3096ac920b9aba619c71dfa332a33e4da8fa10213c55d720bb246f0424f2a24763550e06b10be4870625ee0d9dca907ccd9893e12b6fecb0b613732bc5d2c6dc2bf21c9fff9d8fc5e4ba486fe993d5a041eae0b1a6c14b069c39dac066b6099d893b8d2d814637e358bb6408d385b04fff635c1d6c42a5309773c9f9bab1a377a78d92368716d81dce514bef719c7095819dce66194f909af583b75bf4924216e8c3b86a8334fbcb06652ea5bbb570c479ea0951d3c0beb337f4ad6d253605b7531df84c4fa4ca049f9036dda6c2e5dc155eb975fab035cadf81bdfaf529f8ce30e930362a68642c47c32420ad0b1db40847d57c31d587b567f8713c21b0576b608ef1953fc23d9f3f2ac8e43d4732524f80d895860788519c612e31e7c5789a733dcf01a18811437b209c98092833728251ccae3df2e40347fb7db550c1941f05fe911656d4256063bc0616cc4cd51521a850927fb3a9a002fb16741417552aff3087cf2b49e89711deada84e9e7b763e04966f21881edf0d94656a9d1eed469ce57f30ec4e92743f1dd3d5fb86297e1e8122b5034c838c22fce8891dd63eeb38f2aead7d35968e8900b81423abff263ac076f5ca7017a402fcb22cfefb8d9f5d50614535145e0469f7d2cd20f6ab17b106fdc739c41690ce7cda3773944790a90966ff383389112ea0a61d43283184d28fb756fe79e60888f48901fd72b2553d2f13c25828644e3deb1f7d3785c50c6046b576955f9adb73120b83b8e7cc2c6289e39864c1e5387263d86fee6f05aac67e656abe27905adefdd13ff33462e1a4bce3a9c16e6780aa76b28dc14fe976b93e18c8c36b3e8f0de0dd55ff96304094f0eece871efcf734aa8db1ccfefcc9dad697214ee4997f8d894fa052a9a8087e95a7a731acfccd9d6d8ef1f9bf6f1be40bdada1c06eb773347abd8a04c4bab5222001f6fb17364c396c72970ddf239da04184782f22ae3e06c08d46bd65dc0c4c48e1b00ef2d5ccdb671712f81b229908e31520e30bc79cd7dea7ab8f7bec530a4a82e44b4c913ec4c9e5d6b3b08706b2b4a712c85faca53b1289e8d35ebe06facae3302aa8b19ae3d08c961cd2701b03aa8bf4cd247dce33954442d66dbe51326ab6657e6f89a69645fdcdbbe0403376e263e7fce8fb637f1011a98eef5b440579da8a89d949d2a1146ea907c9f7fbc1cf40b39a2818a2299d2a6c08ae72da23898215ed592ce4246605e16b5c214246427c32cf93f284b7e3aceef97505d0b8786d54d3afd2e91631d449093175e8bb77e19d46143ec1be133a10df0e646e4775b781d539cb07f269b1665cb223333c35495b8a2226fee358d492d75abf38c7a5697fb0e5e22570fddee7a39d05eb9a81e7d9212202fd3cec6f27f39cbd18a662172436402dc46675745c50053874952179906e86841bfc0eb05fda0bfea8da237948f8ea565acb9a7c2c319259e98fecdbea5773516bf60dc0714009084b8f55b981b93eb6b17dca845256f1891570357a0809f754f4677788370a123897243589ed65d9a9000c5202c2b47ff526c2a2501a55f81fc87d7a0c4fd20162bb04bb0879f8a59bbef110c6865feb0b94bdc9527fd47cbe2bab5660eed9d9081b98dfa993c9c55761a8d835f48e29b3ddb0d73d65b8e6a18890be3e5f0b239704d99f233a2736bfa0f85ec808d6701c9734a8fa1f427babce6df83aa04ffe1cf1fff7b992f1ac6addae6a6bab168166f7e649f39daf2020933e30357ac28e589d5132c6279f1a7fee1cab32dbbc5cbca77b236cd7ccb84ad5de4de6a630867ee7f65898cac2902059546263a8f3103a378ad407c4835a44d1852a2866a9c5d6b25e2d4e76b7f0859a8056c8f0f8a5c8e9f101b73e91a84fae248144945ece7f6b1bb306e1eb87570dea8106ed21fa3764d7fa63c6d8f8f5b4c067461fa0d6be1695dd9dd6a45e6c3fad51e5ec4e04bb88421cecaf092e1b86233e8f8d58f6d61769106aa54cccdc7aae7b3c607883729bf59cc2111ae88bc5bff4caf2961d0924cb1d9af2a9e78012c6f3bfff5bfe5f2ae21770cd83e66d1d7ccd95cec8a0e19116591565639eb18eafb5324da381219d3a66567346fdd796e4ca2dcfe69b832e6e652c6d17e8769822999958a674c109463615669d22057c93a2c73e17f8f7ba5019adcff2e0138424b2d420e2139325b3a971d801f809bdd180068be371ef3421dc76892d2aac2c9f23f98a7ed15304209d2b495b1be113e802527a6b84284801b77f17959a492f19fa02e9f7dc3def627714810f22ae5d65a99f0d2e1d6c7d99d5fdf6b9e819024908668cb1f35ff5a12a644a2fe22c723fdcc0cb30e2b7c682aef34aa3075f77c941e11dbefc88cc68b8b7951d077268f5898dab92f51dec220680b34693d93d31cf3210dc6a0437b36e4baca2ab27029b8bd6c45d9c9a03e49a16f701909031372bbe550783bb4ad973d0117277ab8da9d63ed60f2083587aeaba2b7302729b3bb86b0c3516e4727bd5101cc3e7a17500d95cc2c780b2fc22ff4d263d11c809bf458fad298bf621f951d554c0522e6a7cbaa68b5c952101e5d34a00be91ca79e8f865120dd4add70f2e90db842aa2a93203e430f333a1d650d5d875bd5de24d9436f72efe9ee99302f73ef5992232e29b25a306a99060d2461b37ce69f8e15f3db59d9898df4b44736a6d6b71fc0a59fca7087772ce612b1eaefb2b687b32004892089d8d3c60ff5cdab65c22e6ea0fb77fbb92983fa627f0e3c94de64e198db01ac69ea0e30d45b7709b3583d71b58a6b3caf903a3b1b82fcb102a17fed003661a9c69b0a5b85bfcb5de4fb1dbe10cf38a6b851eceed9e38c6aa3c76f283b9d940998bd6fa633b3415e440645220f332b9419988cfdee412476143cdb92c874bc54f92e8e7186fc35dafc32f7e4083fd40af5d3fc8fe56aeb8751406d9358161830e8b5b68e96e94be59a70bc63c57fa4e3020241a0f6ef113d7698976db82f0899aa6382e72fe67f8ed5971e0ce160b77b04d16aaf7b66d63612baf5f181d726a3c52d3290d5ac789a8152f47d283c516a6ccdbcfdfa9e802ffc573526044d932135efe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855b98d3058e41a5f99262751b0341ebbf0bd4fb1bb2d0b48594b68676579edfc7f98a4c8b674d03ce1ea89d064087fc07db09bfa13fbbae80a081f566ce98621c7aea65695057fd5eef1fcac4840cdbb2784ffea569e93c694eb130cbecf77af74b46a5f936bb168d090bf64daa4992bdc1b755f5527e6ce0086a863770735a0a76858d4e0a65ba08f511e77a3e38506e10a34fbb97711db02ff61915bf64047b91c02e10baf7d0a6d7dc90e2e97e56b94bdef462d4ffff43fd31db29c7ff726e6de8a2496c8e473eacfaa1e8514cf79d81d3fb59c83b6f0af541bc70ea2211e218e579e6c7492f0f0d39b3953e44cbd0afb579a8d16d5206941471523428569d19e15170af38741255265f4331ed1571a5af8ef53d020f7186c6de430258ec9d6bb8d873932335d0ed11a1410c598ac9acae1e1d4ebea2b4f546ecee899dd6a1459b988c7ca674bc979a489ebc7ed9a70fd8fd32a9033a606482d9f06f39468c5232dd9661de5ebf124fc2429d7fef99412f126636cbe2c7a8d579a494cf2501baeb1e7ab23b84cb42c96ff54e0404083e334e0e5d31d3d03e340f50eede80ffe057ab7f04335ca27c374b6e311690d292e6c2b6f191ee56f4c6900b08e92c4ce9b88b28fd370cad1d4cbe216803c69f857686702e918b8d18bbfe7c3059a70be984242a4ac6582281f6094c82e02a458ce64684d01af2990fcab556daf69e7f3128d71f53b65588656728c911dd97d24c489aec55268014aef8585859e5e73834780453f6dac94c2c8101e8c9bac637a96bdd19e7cd462806d52b62ce904055e9a758af4a60dbf8299791185ad992b814acc63de87ecb703e944e050665ea392a2ab184fbef7f50ff84ffc7f204b201f8e300c6aa1908686f1748b22559a7050087b161daef60f2f86d72b88d15799e6ee74918186563caa2f8afdba843951cbrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfirewalld-0.9.3-150300.3.12.1.src.rpmpython3-firewall@     @@@@dbus-1-python3python(abi)python3-decoratorpython3-gobjectpython3-slip-dbusrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)typelib(GLib)typelib(GObject)typelib(Gio)typelib(NM)3.63.0.4-14.6.0-14.0.4-14.0-15.2-11.04.14.3cGby@bA@b1@`m`@``2@_/@_[f_X_R,@_9_3^%@^d@^9\]p]@]4@]4@]v>\\\@\s\Z@\73[ā@[[@[[@[[qr[m~@[h8@[?YZz@Z3@ZZ@Zs@Zp^@Zk@Z;@Z@ZOZ@Zr@Z }Z ,@ZY6@XXXEVX)@X2@WiW@W{@WrfWj}WXWM|W,@W#LWV޾VՄ@V2V@V@VHmohd.saquib@suse.comsflees@suse.dewitold.bedyk@suse.commrostecki@suse.commrostecki@suse.commrostecki@suse.commrostecki@suse.comrfrohl@suse.commrostecki@suse.comfbui@suse.commrostecki@suse.comcallumjfarmer13@gmail.comdmueller@suse.commrostecki@suse.comMathias.Homann@opensuse.orghpj@urpla.netbjorn.lie@gmail.comngompa13@gmail.comMathias.Homann@opensuse.orgMathias.Homann@opensuse.orgMathias.Homann@opensuse.orgmrostecki@opensuse.orgmrostecki@opensuse.orgdimstar@opensuse.orgdimstar@opensuse.orgmrostecki@opensuse.orgmrostecki@opensuse.orgmrostecki@suse.demchandras@suse.demchandras@suse.deluizluca@gmail.commchandras@suse.demchandras@suse.deluc14n0@linuxmail.orgmchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.desbrabec@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dedimstar@opensuse.orgmchandras@suse.derbrown@suse.commpluskal@suse.commchandras@suse.demchandras@suse.dempluskal@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejengelh@inai.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejslaby@suse.commchandras@suse.de- Fix firewall-offline-cmd fails with ERROR: Calling pre func Added following patch (bsc#1206928) [+ 0003-firewall-offline-cmd-fail-fix.patch]- Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) * feature-upstream-new-check-config-1.patch * feature-upstream-new-check-config-2.patch- Provide dummy firewalld-prometheus-config package (bsc#1197042)- Add patch which fixes the zone configuration (bsc#1191837) * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch- Remove dependency on firewalld from firewall-macros (bsc#1183404)- Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option. * 0002-Disable-FlushAllOnReload-option.patch- Update to 0.9.3 (jsc#SLE-17336): * docs(dbus): fix invalid method names * fix(forward): iptables: ipset used as zone source * fix(rich): non-printable characters removed from rich rules * docs(firewall-cmd): small description grammar fix * fix(rich): limit table to strip non-printables to C0 and C1 * fix(zone): add source with mac address- Add dependency for firewall-offline-cmd (bsc#1180883)- Remove the patch which enforces usage of iptables instead of nftables (jsc#SLE-16300): * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Add firewalld zone for the docker0 interface. This is the workaround for lack of nftables support in docker. Without that additional zone, containers have no Internet connectivity. (rhbz#1817022, jsc#SLE-16300) - Update to 0.9.1: * Bugfixes: * docs(firewall-cmd): clarify lockdown whitelist command paths * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active * fix(policy): zone interface/source changes should affect all using zone- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- Add python3-nftables as a requirement.- update to 0.9.0: * New major features * prevention of Zone Drifting * Intra Zone Forwarding * Policy Objects * For a full list of changes, see https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0- update to 0.8.3: * nftables: convert to libnftables JSON interface * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. * allow custom helpers using standard helper modules (rhbz 1733066) * testsuite is now shipped in the dist tarball * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting * fix: add logrotate policy * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: ipset types using “port” * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify –set-target values “default” vs “reject” * fix: update dynamic DCE RPC ports in freeipa-trust service * fix: nftables: ipset: port ranges for non-default protocols * fix(systemd): Conflict with nftables.service * fix(direct): rule in a zone chain * fix(client): addService needs to reduce tuple size * fix(doc): dbus: signatures for zone tuple based APIs * fix(config): bool values in dict based import/export * fix(dbus): service: don’t cleanup config for old set APIs * fix(ipset): flush the set if IndividiualCalls=yes * fix(firewall-offline-cmd): remove instances of “[P]” in help text * fix(rich): source mac with nftables backend * docs: replace occurrences of the term blacklist with denylist * fix: core: rich: Catch ValueError on non-numeric priority values * docs(README): add libxslt for doc generation * fix(cli): add –zone is an invalid option with –direct * fix(cli): add ipset type hash:mac is incompatible with the family parameter- Update to version 0.7.5 (jsc#SLE-12281): * release: v0.7.5 * chore(translation): merge from master * fix(cli): add ipset type hash:mac is incompatible with the family parameter Fixes: rhbz1541077 * test(rhbz1483921): better test name * fix(cli): add --zone is an invalid option with --direct * fix: core: rich: Catch ValueError on non-numeric priority values * fix: update dynamic DCE RPC ports in freeipa-trust service * docs: replace occurrences of the term blacklist with denylist * docs(README): add libxslt for doc generation * test(rich): source mac with nftables backend * fix(firewall-offline-cmd): remove instances of "[P]" in help text * test(check-container): add support for centos8 stream * test(functions): use IndividualCalls if host doesn't support nft rule index * test(functions): add macro IF_HOST_SUPPORTS_NFT_RULE_INDEX * test(dbus): better way to check IPv6_rpfilter expected value * fix(ipset): flush the set if IndividiualCalls=yes * test(ipv6): skip square bracket address tests if ipv6 not available * test(gh509): only run test for nftables backend * fix(dbus): service: don't cleanup config for old set APIs * fix(config): bool values in dict based import/export * fix(doc): dbus: signatures for zone tuple based APIs * test(dbus): zone: fix zone runtime functional test title * test(dbus): zone: fix false failure due to list order * fix(client): addService needs to reduce tuple size * test(direct): rule in a zone chain * fix(direct): rule in a zone chain * test(dbus): zone: verify runtime config APIs * test(dbus): zone: verify permanent config APIs * fix(systemd): Conflict with nftables.service * fix: test/regression/gh599: use expr to be more portable * test: dbus: zone: verify runtime config API signatures * test: dbus: zone: verify permanent config API signatures * fix: test/regression/gh599: fix if not using debug output * test: log: verify logging still works after truncate * test: ipset: verify port ranges for non-default protocol- Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/*.at changes * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject"- Update to version 0.7.3: * release: v0.7.3 * chore: update translations * doc: README: add note about integration tests * test: check-container: also run check-integration * test: integration: NM zone overrides interface on reload * test: build: support integration tests * test: functions: add macro NMCLI_CHECK * test: functions: new macros for starting/stopping NetworkManager * fix: test: leave "cleanup" for tests cases * test: check-container: add support for fedora rawhide * test: check-container: add support for debian sid * test: build: add support for running in containers * fix: test/functions: FWD_END_TEST: improve grep for errors/warnings * fix: test: direct passthrough: no need to check for dummy module * fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version * fix: reload: let NM interface assignments override permanent config * chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES * fix: tests: convert host ipv6 checks to runtime * fix: tests: convert ip6tables checks to runtime * fix: tests: convert probe of nft numeric args to runtime * fix: tests: convert nftables fib checks to runtime * fix: build: distribute testsuite * fix: don't probe for available kernel modules * fix: failure to load modules no longer fatal * fix: tests/functions: canonicalize XML output * chore: doc: update authors * fix: test: use debug output based on autotest variable * fix: src/tests/Makefile: distclean should clean atconfig- No longer recommend -lang: supplements are in use.- Replace incorrect usage of %_libexecdir with %_prefix/lib- rebased the original patch from revision 19- Added a patch to make iptables the default again on openSUSE- Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4- Update to version 0.7.1: * Rich Rule Priorities * Service Definition Includes - Service definitions can now include lines like: which will include all the ports, etc from the https service. * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in firewalld.conf is available. It does filtering based on RFC3964 in regards to IPv4 addresses. This functionality was traditionally in network-scripts. * FlushAllOnReload - A new option FlushAllOnReload in firewalld.conf is available. Older release retained some settings (direct rules, interface to zone assignments) during a - -reload. With the introduction of this configuration option that is no longer the case. Old behavior can be restored by setting FlushAllOnReload=no. * 15 new service definitions * fix: firewall-offline-cmd: service: use dict based APIs * fix: client: service: use dict based dbus APIs * test: dbus: coverage for new service APIs * fix: dbus: new dict based APIs for services * test: dbus: service API coverage * test: functions: add macro DBUS_INTROSPECT * test: functions: add CHOMP macro for shell output * fix: tests/functions: use gdbus instead of dbus-send * fix: dbus: add missing APIs for service includes - Remove patch for using iptables instead of nftables - we should finally switch to nftables and fix its issues properly if they occur again: * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Remove patch which was released upstream: * 0002-Add-FlushAllOnReload-config-option.patch- Update to version 0.6.4: * chore: update translations * treewide: fix over indentation (flake8 E117) * test: travis: add another test matrix for omitting ip6tables * chore: travis: split test matrix by keywords * chore: tests: add AT_KEYWORDS for firewall-offline-cmd * improvement: tests: Use AT_KEYWORDS for backends * fix: tests: guard occurrences of IPv6 * fix: tests/functions: ignore warnings about missing ip6tables * test: add macro IF_IPV6_SUPPORTED- Move RPM macros to %_rpmmacrodir.- Revert last change: the macros DO reference firewall-cmd, but as they are expanded during build time of the package, not at runtime, the point in time is wrong to require firewalld. The consumer of the macro is responsible to ask for the right commands to be present at runtime of the scripts (boo#1125775#c9).- Add dependency between firewall-macros and firewalld. (boo#1125775)- Fix --with-ifcfgdir configure parameter. (boo#1124212)- Add upstream patch to make --reload/--complete-reload forget the runtime configuration and always load the permanent one (bsc#1121277) * 0002-Add-FlushAllOnReload-config-option.patch- Update to 0.6.3. Some of the changes are: * update translations * nftables: fix reject statement in "block" zone * shell-completion: bash: don't check firewalld state * firewalld: fix --runtime-to-permanent if NM not in use. * firewall-cmd: sort --list-protocols output * firewall-cmd: sort --list-services output * command: sort services/protocols in --list-all output * services: add audit * nftables: fix rich rule log/audit being added to wrong chain * nftables: fix destination checks not allowing masks * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361) * fw_zone: expose _ipset_match_flags() * tests/firewall-cmd: exercise multiple interfaces and zones * fw_transaction: On clear zone transaction, must clear fw and other zones * Fix translating labels (gh#firewalld/firewalld#392) - Remove patches which have made it upstream: * 0001-Fix-translating-labels-392.patch * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch- Add upstream patch to mark more strings as translatable which is required by firewall UI when creating rich rules (bsc#1096542) * 0001-Fix-translating-labels-392.patch- Add upstream patch to fix rich rules that uses ipset (bsc#1104990) * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch- Update to 0.6.2. Some of the changes are: * update translations * nftables: fix log-denied with values other than "all" or "off" * fw_ipset: raise FirewallError if backend command fails * ipset: only use "-exist" on restore * fw_ipset: fix duplicate add of ipset entries * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) * ipXtables: increase wait lock to 10s * nftables: fix rich rules ports/protocols/source ports not considering ct state * ports: allow querying a single added by range * fw_zone: do not change rich rule errors into warnings * fw_zone: fix services with multiple destination IP versions (bsc#1105899) * fw_zone: consider destination for protocols * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) * fw: If direct rules fail to apply add a "Direct" label to error msg * fw: if startup fails on reload, reapply non-perm config that survives reload * nftables: fix rich rule audit log * ebtables: replace RETURN policy with explicit RETURN at end of chain * direct backends: allow build_chain() to build multiple rules * fw: if failure occurs during startup set state to FAILED * fw: on restart set policy from same function * ebtables: drop support for broute table - Remove upstream patches * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch * firewalld-fix-firewalld-config-crash.patch- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821) * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch - Add upstream patch to fix building rules for multiple IP families (bsc#1105899) * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch- Add firewalld-fix-firewalld-config-crash.patch: set nm_get_zone_of_connection to return 'None' instead of 'False' for automatically generated connections to avoid firewall-config crashes. Patch provided by upstream (boo#1106319, gh#firewalld/firewalld#370).- Also switch firewall backend fallback to 'iptables' (bsc#1102761) This ensures that existing configuration files will keep working even if FirewallBackend option is missing. * 0001-firewall-backend-Switch-default-backend-to-iptables.patch- Update to 0.6.1. Some of the changes are: * Correct source/destination in rich rule masquerade * Only modify ifcfg files for permanent configuration changes * Fix a backtrace when calling common_reverse_rule() * man firewalld.conf: Show nftables is the default FirewallBackend * firewall-config: fix some untranslated strings that caused a UI bug causing rich rules to not be modify-able (bsc#1096542) * fw_direct: avoid log for untracked passthrough queries * fixed many issues if iptables is actually iptables-nft * Use preferred location for AppData files * ipXtables: fix ICMP block inversion with set-log-denied * fixes ICMP block inversion with set-log-denied with IndividualCalls=yes * nftables: fix set-log-denied if target is not ACCEPT * fw_direct: strip _direct chain suffix if using nftables * NetworkManager integration bugfixes.- Switch back to 'iptables' backend as default (bsc#1102761)- Update to 0.6.0. Some of the changes are: * update translations * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) * IPv6 rpfilter: explicitly allow neighbor solicitation * nftables backend (default) * Added loads of new services * firewall-cmd: add --check-config option * firewall-offline-cmd: add --check-config option * firewallctl: completely remove all code and references * dbus: expose FirewallBackend * dbus: fix erroneous fallback for AutomaticHelpers - Remove patches which have made it upstream * firewalld-add-additional-services.patch - spec-cleaner fixes- Update to 0.5.3 (bsc#1093120) * tests/regression: add test for ipset with timeout * ipset: allow adding entries to ipsets with timeout * translations: update * helpers: load helper module explicitly if no port given * helpers: nf_conntrack_proto-* helpers needs name cropped * config/Makefile: correct name of proto-gre helper * tests/regression: test helper nf_conntrack_proto_gre (#263) * functions: get_nf_nat_helpers() should look in other directories too * functions: Allow nf_conntrack_proto_* helpers * services: Add GRE * helpers: Add proto-gre * tests/regression: add test to verify ICMP block in forward chain * ipXtables: fix ICMP block not being present in FORWARD chain- Translations update (bsc#1081623).- Backport upstream patches to add additional services (bsc#1082033) * firewalld-add-additional-services.patch- Update to 0.5.2 * fix rule deduplication causing accidental removal of rules * log failure to parse direct rules xml as an error * firewall-config: Break infinite loop when firewalld is not running * fix set-log-denied not taking effect * po: update translations- Remove high-availability service. SUSE HA uses the cluster service provided by the yast2-cluster package (bsc#1078223)- Update to 0.5.1 * ipXtables: fix iptables-restore wait option detection * python3: use "foo in dict" not dict.has_key(foo) * Fix potential python3 keys() incompatibility in watcher * Fixed python3 compatibility * ebtables: fix missing default value to set_rule() * fw_zone: fix invalid reference to __icmp_block_inversion * zones: Correct and defer check_name for combined zones- Update to 0.5.0 * firewallctl: mark deprecated (gh#firewalld/firewalld##261) * Add nmea-0183 service * Add sycthing-gui service * Add syncthing service * Adding FirewallD jenkins service (gh#firewalld/firewalld#256) * services/high-availability: Add port 9929 * Fix and improve firewalld-sysctls.conf * firewalld: also reload dbus config interface for global options * Add MongoDB service definition * src: firewall: Add support for SUSE ifcfg scripts * Add UPnP client service * firewalld: Allow specifying log file location * firewalld/firewall-offline-cmd: Allow setting system config directories - Drop obsolete patch * 0001-suse-ifcfg-files.patch - Drop tests installation- Introduce new python3-firewall and firewall-macros subpackages. The first one contains the firewalld python3 bindings and the second one contains the RPM macros for firewalld.- Replace dbus-1-python requires with dbus-1-python3: since firewalld was migrated to python3, we also have to require the python3 dependencies (boo#1070310).- Add missing python3-gobject-Gdk dependency (boo#1069952)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Make sure to use python3 everywhere (boo#1068778)- Add combined upstream patch to support SUSE ifcfg network files. * 0001-suse-ifcfg-files.patch (gh#firewalld/firewalld#262, fate#323460)- Update to version 0.4.4.6 * firewall.core.fw_config: Fix check for icmp builtin name * config.services: docker-swarm: fix incorrect attribute * xmlschema/service.xsd: Fix protocol looking for name instead of value * Add docker swarm service (gh#firewalld/firewalld#230) * Adding FirewallD redis service (gh#firewalld/firewalld#248) * Adding firewalld zabbix server and agent services (gh#firewalld/firewalld#221) * firewall-offline-cmd: Don't require root for help output * doc: firewall-cmd: Document --query-* options return codes * firewall-cmd: Use colors only if output is a TTY * core: Log unsupported ICMP types as informational only * add bgp service to predefined services edit to config/Makefile.am * Add git service * Add kprop service * minidlna definitions (gh#firewalld/firewalld#236) * SpiderOak ONE listens on port 21327 and 21328 * autogen.sh: Allow skipping configure via NOCONFIGURE env var * Add missing ports to RH-Satellite-6 service * Reload nf_conntrack sysctls after the module is loaded * Add NFSv3 service. * config/Makefile.am: Add murmur service (a95eed1) * add new service IRC * firewall.core.prog: Simplify runProg output: Combine stderr and stdout * firewall.core.fw: Fix possible dict size change in for loop * firewall.core.fw: Use new firewalld git repo in firewalld organization * config/firewall-config.appdata.xml.in: Use new firewalld git repo in firewalld organization * firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting family * firewall.core.rich: Add checks for Rich_Source validation * Handle also IPv6 with the zone masquerade flag * Add IPv6 support for forward-ports in zones * firewall.command: Enable parse_forward_port to work with IPv6 adresses * firewall.core.fw_zone: Fix IPv6 address in rich rule forward ports * add Murmur (Mumble server) service - spec file fixes to avoid rpmlint warnings about duplicate files.- Switch to python3 - Run spec cleaner - Move autogen to build section - Add systemd requirements- Update to version 0.4.4.5 * firewall-offline-cmd: Fix --remove-service-from-zone option (rh#1438127) * Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules * firewall-cmd: Fix --{set,get}-{short,description} for zone * firewall.core.ipXtables: Use new wait option for restore commands if available * Adding ovirt-vmconsole service file * Adding oVirt storage-console service. * Adding ctdb service file. * Adding service file for nrpe. * Rename extension for policy choices (server and desktop) to .policy.choice (rh#1449754) * D-Bus interfaces: Fix GetAll for interfaces without properties (rh#1452017) * firewall.core.fw_config: Fix wrong variable use in repr output * firewall.core.fw_icmptype: Add missing import for copy * firewall.core.fw_test: Fix wrong format string in repr * firewall.core.io.zone: Fix getattr use on super(Zone) * firewall.functions: New function get_nf_nat_helpers * firewall.core.fw: Get NAT helpers and store them internally. * firewall.core.fw_zone: Load NAT helpers with conntrack helpers * firewalld.dbus: Add missing properties nf_conntrach_helper_setting and nf_conntrack_helpers * firewall.server.firewalld: New property for NAT helpers supported by the kernel- Update to version 0.4.4.4 * Drop references to fedorahosted.org from spec file and Makefile.am * firewall-config: Show invalid ipset type in the ipset dialog in the bad label * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env * firewall.server.firewalld: Provide information about the supported icmp types * firewall.core.fw_icmptype: Add ICMP type only if the type is supported * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types * firewall.core.ipXtables: New method supported_icmp_types * firewall-config: Deactivate edit buttons if there are no items * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594) * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions - Remove upstream patch: * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch- Update to version 0.4.4.3 * New service freeipa-trust (rh#1411650) * Complete icmp types for IPv4 and IPv6 * New h323 helper container * Support helper container: h323 * firewall.server.decorators: ALREADY_ errors should be logged as warnings * firewall.command: ALREADY_SET should also result in zero exit code * tests/firewall-offline-cmd_test.sh: Only use firewall-offline-cmd * Support more ipset types: hash:ip,port, hash:ip,port,ip, hash:ip,port,net, hash:ip,mark, hash:net,net, hash:net,port, hash:net,port,net, hash:net,iface * New checks for ipset entry validation * Use ipset dimension for match * firewall.core.base: New ZONE_SOURCE_IPSET_TYPES list * New firewall.core.icmp providing names and types for icmp and icmpv6 values * firewall.core.fw_ipset: New methods to get ipset dimension and applied state * firewall.errors: New error NOT_APPLIED * firewall-cmd man page: Add missing --get-ipset-types * firewall.core.fw_nm: No trace back on failed get_connection call (rh#1413345) * firewall.core.prog: Fix addition of the error output in runProg * Speed up ipset handling, (re)loading and import from file * Support --family option for --new-ipset * Handle FirewallError for query sequences in command line tools * Fail to alter entries of ipsets with timeout * Extended tests for ipset options * Return empty list for ipsets using timeouts * firewall.functions: Fix checks in checkIPnMask and checkIP6nMask (gh#t-woerner/firewalld#186) * firewalld.conf man page: New section about AutomaticHelpers * firewall-offline-cmd man page: Added -v and -q options, fixed section ids * firewall{-cmd, ctl}: Fix scope of final return in try_set_zone_of_interface * firewall.core.fw_zone: Limit masquerading forward rule to new connections * firewall-config: Update active zones on reloaded signal * firewall-applet: Update active zones and tooltip on reloaded signal * firewall.core.fw_zone: Fix missing chain for helper in rich rules using service (rh#1416578) * Support icmp-type usage in rich rules (rh#1409544) * firewall[-offline]-cmd: Fix --{set,get}-{short,description} for ipset and helper (rh#1416325) * firewall.core.ipset: Solve ipset creation issues with -exist and more flag tests * Speed up start and restart for ipsets with lots of entries (rh#1416817) * Speed up of ipset alteration by adding and removing entries using a file (rh#1416817) * Code cleanup and minor bug fixes * firewall.core.prog: Fix addition of the error output in runProg * New services mssql, kibana, elasticsearch, quassel, bitcoin-rpc, bitcoin-testnet-rpc, bitcoin-testnet, bitcoin and spideroak-lansync * Translation updates - Add upstream patch to fix ipset overloading from /etc/firewalld/ipsets (gh#t-woerner/firewalld#206) * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch- Update to version 0.4.4.2 * firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem * firewall.core.fw_nm: create NMClient lazily * Do not use hard-coded path for modinfo, use autofoo to detect it * firewall.core.io.ifcfg: Dropped invalid option warning with bad format string * firewall.core.io.ifcfg: Properly handle quoted ifcfg values * firewall.core.fw_zone: Do not reset ZONE with ifdown * Updated translations from zanata * firewall-config: Extra grid at bottom to visualize firewalld settings- Update to version 0.4.4.1 * Translation updates form zanata * firewallctl: New support for helpers * firewallctl: Use sys.excepthook to force exception_handler usage always * firewall-config: Use proper source check in sourceDialog- Update to version 0.4.4 * firewall-applet: Use PyQt5 * firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property * New helpers Q.931 and RAS from nf_conntrack_h323 * firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table * firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table * New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp * firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones * firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences * Misc bug fixes. * For the complete list of changes please see: https://github.com/t-woerner/firewalld/releases/tag/v0.4.4- Relax permissions for default installation files. The files in /usr/lib/firewalld are the default ones as shipped by the package and there is nothing secret in them.- Update to version 0.4.3.3 * Fixes CVE-2016-5410 (bsc#992772) * Standard error is now used for errors and warnings * Several fixes for use in change roots * Systemd service file changes * Fixed translations in firewall-config * Command line clients * Fixes infinite event handling loop in firewall-{config,applet} (bsc#992082)- Update to version 0.4.3.2 * Fix regression with unavailable optional commands * All missing backend messages should be warnings * Individual calls for missing restore commands * Only one authenticate call for add and remove options and also sequences * New service RH-Satellite-6- Update to version 0.4.3.1 * firewall.command: Fix python3 DBusException message not interable error * src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing * firewallctl: Do not trace back on list command without further arguments * firewallctl (man1): Added remaining sections zone, service, .. * firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting * firewall.server.config: Allow to set IndividualCalls property in config interface * Fix missing icmp rules for some zones * runProg: Fix issue with running programs * firewall-offline-cmd: Fix issues with missing system-config-firewall * firewall.core.ipXtables: Split up source and dest addresses for transaction * firewall.server.config: Log error in case of loading malformed files in watcher * Install and package the firewallctl man page * Translation updates- Update to version 0.4.3 * New firewallctl utility (rh#1147959) * doc.xml.seealso: Show firewalld.dbus in See Also sections * firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (rh#1339251) * {zone,service,ipset,icmptype}_writer: Do not fail on failed backup * firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd * firewall-cmd: Dropped duplicate setType call in --new-ipset * radius service: Support also tcp ports (RBZ#1219717) * xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources * config.xmlschema.service.xsd: Fix service destination conflicts (rh#1296573) * firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg * firewall.command: Only print summary and description in print_X_info with verbose * firewall.command: print_msg should be able to print empty lines * firewall-config: No processing of runtime passthroughs signals in permanent * Landspace.io fixes and pylint calm downs * firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes * firewall-config: Fixed titles of command and context dialogs, also entry lenths * firewall-config: pylint calm downs * firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit * firewall-config: Use self.active_zoens in conf_zone_added_cb * firewall.command: New parse_port, extended parse methods with more checks * firewall.command: Fixed parse_port to use the separator in the split call * firewall.command: New [de]activate_exception_handler, raise error in parse_X * services ha: Allow corosync-qnetd port * firewall-applet: Support for kde5-nm-connection-editor * tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications * firewall-offline-cmd: Use FirewallCommand for simplification and sequence options * tests/firewall-cmd_test.sh: New tests for service and icmptype modifications * firewall-cmd: Fixed set, remove and query destination options for services * firewall.core.io.service: Source ports have not been checked in _check_config * firewall.core.fw_zone: Method check_source_port is not used, removed * firewall.core.base: Added default to ZONE_TARGETS * firewall.client: Allow to remove ipv:address pair for service destinations * tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent * firewall-cmd: Landscape.io fixes, pylint calm downs * firewall-cmd: Use FirewallCommand for simplification and sequence options * firewall.command: New FirewallCommand for command line client simplification * New services: kshell, rsh, ganglia-master, ganglia-client * firewalld: Cleanup of unused imports, do not translate some deamon messages * firewalld: With fd close interation in runProg, it is not needed here anymore * firewall.core.prog: Add fd close iteration to runProg * firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function * firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib * firewall-config: New add/remove ipset entries from file, remove all entries * firewall-applet: Fix tooltip after applet start with connection to firewalld * firewall-config: Select new zone, service or icmptype if the view was empty * firewalld.spec: Added build requires for iptables, ebtables and ipset * Adding nf_conntrack_sip module to the service SIP * firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist * Drop unneeded python shebangs * Translation updates - Remove obsolete patches: * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch - Add missing %{?_smp_mflags} during install. This will speed up the installation phase as well as expose build system's problems due to higher level of parallelism. - Run make during %build to ensure missing documentation is generated. - spec file cleanups.- Add upstream patch to prevent unconditional dependencies to the NetworkManager typelib (gh#t-woerner/firewalld#119) * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch- Update to version 0.4.2 * New module to search for and change ifcfg files for interfaces not under control of NM * firewall_config: Enhanced messages in status bar * firewall-config: New message window as overlay if not connected * firewall-config: Fix sentivity of option, view menus and main paned if not connected * firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup * firewall-[offline]cmd: Show target in zone information * D-Bus: Completed masquerade methods in FirewallClientZoneSettings * Fixed log-denied rules for icmp-blocks * Keep sorting of interfaces, services, icmp-blocks and other settings in zones * Fixed runtime-to-permanent not to save interfaces under control of NM * New icmp-block-inversion flag in the zones * ICMP type filtering in the zones * New services: sip, sips, managesieve * rich rules: Allow destination action (rh#1163428) * firewall-offline-cmd: New option -q/--quiet * firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file * firewall-[offline-]cmd: Fix option for setting the destination address * firewall-config: Fixed resizing behaviour * New transaction model for speed ups in start, restart, stop and other actions * firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults * Fixed memory leak in dbus_introspection_add_properties * Landscape.io fixes, pylint calm downs * New D-Bus getXnames methods to speed up firewall-config and firewall-cmd * ebtables-restore: No support for COMMIT command * Source port support in services, zones and rich rules * firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets * firewall-config: New active bindings side bar for simple binding changes * Reworked NetworkManager module * Proper default zone handling for NM connections * Try to set zone binding with NM if interface is under control of NM * Code cleanup and bug fixes * Include test suite in the release and install in /usr/share/firewalld/tests * New Travis-CI configuration file * Fixed more broken frensh translations * Translation updates - Add upstream patches * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes unneeded python shebangs * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do not try to access the network-scripts ifcfg directory. - Drop rejected patch * drop-standard-output-error-systemd.patch - Minor spec file clean-up- Avoid runtime dependency on systemd, the macros can all deal with its absence.- Suggest the susefirewall2-to-firewalld package which could assist in migrating the SuSEFirewall2 iptables rules to FirewallD.- Update to version 0.4.1.2 * Install fw_nm module * firewalld: Do not fail if log file could not be opened * Make ipsets visible per default in firewall-config * Fixed translations with python3 [changes in 0.4.1.1] * Fix for broken frensh translation [changes in 0.4.1] * Enhancements of ipset handling * No cleanup of ipsets using timeouts while reloading * Only destroy conflicting ipsets * Only use ipset types supported by the system * Add and remove several ipset entries in one call using a file * Reduce time frame where builtin chains are on policy DROP while reloading * Include descriptions in --info-X calls * Command line interface support to get and alter descriptions of zones, * services, ipsets and icmptypes with permanent option * Properly watch changes in combined zones * Fix logging in rich rule forward rules * Transformed direct.passthrough errors into warnings * Rework of import structures * Reduced calls to get ids for port and protocol names (rh#1305434) * Build and installation fixes by Markos Chandras * Provide D-Bus properties in introspection data * Fix for flaws found by landscape.io * Fix for repeated SUGHUP * New NetworkManager module to get and set zones of connections, used in firewall-applet and firewall-config * configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset) * Code cleanups * Bug fixes - Fix drop-standard-output-error-systemd.patch tagging - Add libxslt-tools build dependency- Do not recommend a specific version for the lang subpackage- Move translations to a new subpackage- Set DISABLE_RESTART_ON_UPDATE to 'yes' instead of '1'. The macros in /etc/rpm/macros.systemd only check for the 'yes' value so fix it to properly prevent the firewalld service from being restarted during updates.- Drop typelib(NetworkManager), NetworkManager-glib, gtk3 and libnotify dependencies (see OBS SR#360792)- firewall-config needs typelib(NetworkManager) to run- Initial commit. Version 0.4.0 * drop-standard-output-error-systemd.patch (gh#t-woerner/firewalld/pull/67)sheep03 1676870109  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkmnopqrstuvwxyz{|}~0.9.3-150300.3.12.1 firewall__init__.py__pycache____init__.cpython-36.pycclient.cpython-36.pyccommand.cpython-36.pycdbus_utils.cpython-36.pycerrors.cpython-36.pycfunctions.cpython-36.pycfw_types.cpython-36.pycclient.pycommand.pyconfig__init__.py__pycache____init__.cpython-36.pycdbus.cpython-36.pycdbus.pycore__init__.py__pycache____init__.cpython-36.pycbase.cpython-36.pycebtables.cpython-36.pycfw.cpython-36.pycfw_config.cpython-36.pycfw_direct.cpython-36.pycfw_helper.cpython-36.pycfw_icmptype.cpython-36.pycfw_ifcfg.cpython-36.pycfw_ipset.cpython-36.pycfw_nm.cpython-36.pycfw_policies.cpython-36.pycfw_policy.cpython-36.pycfw_service.cpython-36.pycfw_transaction.cpython-36.pycfw_zone.cpython-36.pychelper.cpython-36.pycicmp.cpython-36.pycipXtables.cpython-36.pycipset.cpython-36.pyclogger.cpython-36.pycmodules.cpython-36.pycnftables.cpython-36.pycprog.cpython-36.pycrich.cpython-36.pycwatcher.cpython-36.pycbase.pyebtables.pyfw.pyfw_config.pyfw_direct.pyfw_helper.pyfw_icmptype.pyfw_ifcfg.pyfw_ipset.pyfw_nm.pyfw_policies.pyfw_policy.pyfw_service.pyfw_transaction.pyfw_zone.pyhelper.pyicmp.pyio__init__.py__pycache____init__.cpython-36.pycdirect.cpython-36.pycfirewalld_conf.cpython-36.pycfunctions.cpython-36.pychelper.cpython-36.pycicmptype.cpython-36.pycifcfg.cpython-36.pycio_object.cpython-36.pycipset.cpython-36.pyclockdown_whitelist.cpython-36.pycpolicy.cpython-36.pycservice.cpython-36.pyczone.cpython-36.pycdirect.pyfirewalld_conf.pyfunctions.pyhelper.pyicmptype.pyifcfg.pyio_object.pyipset.pylockdown_whitelist.pypolicy.pyservice.pyzone.pyipXtables.pyipset.pylogger.pymodules.pynftables.pyprog.pyrich.pywatcher.pydbus_utils.pyerrors.pyfunctions.pyfw_types.pyserver__init__.py__pycache____init__.cpython-36.pycconfig.cpython-36.pycconfig_helper.cpython-36.pycconfig_icmptype.cpython-36.pycconfig_ipset.cpython-36.pycconfig_policy.cpython-36.pycconfig_service.cpython-36.pycconfig_zone.cpython-36.pycdecorators.cpython-36.pycfirewalld.cpython-36.pycserver.cpython-36.pycconfig.pyconfig_helper.pyconfig_icmptype.pyconfig_ipset.pyconfig_policy.pyconfig_service.pyconfig_zone.pydecorators.pyfirewalld.pyserver.py/usr/lib/python3.6/site-packages//usr/lib/python3.6/site-packages/firewall//usr/lib/python3.6/site-packages/firewall/__pycache__//usr/lib/python3.6/site-packages/firewall/config//usr/lib/python3.6/site-packages/firewall/config/__pycache__//usr/lib/python3.6/site-packages/firewall/core//usr/lib/python3.6/site-packages/firewall/core/__pycache__//usr/lib/python3.6/site-packages/firewall/core/io//usr/lib/python3.6/site-packages/firewall/core/io/__pycache__//usr/lib/python3.6/site-packages/firewall/server//usr/lib/python3.6/site-packages/firewall/server/__pycache__/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:27854/SUSE_SLE-15-SP3_Update/406a35b2ea42ae037c86240675e7dede-firewalld.SUSE_SLE-15-SP3_Updatedrpmxz5noarch-suse-linuxdirectoryemptypython 3.6 byte-compiledPython script, ASCII text executableASCII text  !"#$%&'()*+,-./01234789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_bcdefghijklmnopqrtvxz|~RRRRRRRRRR R RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR R RRRRRRRRRRRRRRRRRR RR RR RR RR RR RR RRR R RR R 2(;$%][&utf-82c6ddfa8328d0713477eac5b4feb69233b58be7a4c04e752b5f519a6c225eb92? 7zXZ !t/6]"k%4Pa h%#9L=[ qZ/8j:: g4I[Vo>_فX&wbNh}Ys>ILQ4N2=.`^;(U[sHB[h)lg`i4nl%28{;+ߨ.G]PwxzpE$noTHNbBP.J92aA2G\4Qݪ\1G\|-O_BnZCC%Rߒu #xmApuqObT;]s/eDQ}KEٞ0!i{9"$~L$QT)^2#1#McF^XLTo@sYz|*wLXO:#P=2εShĜ1wc\Sgi9$Sh9Y4 c8Oy@.\mflwObk>VΨ@@e:A(lJߡg+ɬ"Q)k`2~i}FD=™X7؟*$Տ9lx *+~@Z5pL6~f0c(Lqr$4QlD^1Anr&ʢ\=b<Q+.[?B"7_:5y|;#T)Mjbk"r9jOMR?l1h "kܡ_Fn7tiߘVZ uT[o&xfqc".h$aj*G2=3 O?ekoTb\݄F,pY׳eP2*!]!ۊҼi%R˺?!xaW8^EpMK?\P& u>[/ 9(f;F%!U~clPFvH18YP"gP =f{] 81'%l6b)K)~ G16OGkpy(z8A5z YˍJvo1?{Q@ /"wL2d2(^{"mv"O$ܣ= p^Rbo4ӐW,+A@&_Ub%L*L&(_+ +F]޻vbm{_kxT\ˀ>_a#Nr0H2r/mvࡺGIu: 0Ǚڿ*KR "շЗ)n4 x:rx YaWE([zlTH$fAӑd p׮Yꈘ!}1ZPNv/2䱊,O?(m]a0 9s@1Wg{^8׍_C2fut۴LG'oa0Ǡ 4'GvZ̟zl|Ƃ'n=^ ڔz-{`Hٛ"[z-uxr3"o"xkTS1 O$'- ~"}f@sAԕR'