Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

SuSEfirewall2-3.6.378-lp152.3.27 RPM for noarch

From OpenSuSE Leap 15.2 for noarch

Name: SuSEfirewall2 Distribution: openSUSE Leap 15.2
Version: 3.6.378 Vendor: openSUSE
Release: lp152.3.27 Build date: Tue Jun 9 01:22:28 2020
Group: Productivity/Networking/Security Build host: lamb10
Size: 305778 Source RPM: SuSEfirewall2-3.6.378-lp152.3.27.src.rpm
Summary: Stateful Packet Filter Using iptables and netfilter
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.

SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.






* Tue Jan 16 2018
  - Fixed a regression in setting up the final LOG/DROP/REJECT rules for IPv6 (bnc#1075251)
  - Set RPC related rules also for IPv6 (bnc#1074933)
* Tue Nov 28 2017
  - logging: correctly set the PID of the logging process
* Tue Nov 28 2017
  - main script: remove duplicate rules in the rpc rules area (bnc#1069760)
  - main script: support --trace messages
* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Wed Oct 18 2017
  - rpcinfo: recognize execution errors of the perl script and terminate accordingly
  - rpcinfo: fixed security issue with too open implicit portmapper rules
    (bnc#1064127): A source net restriction for _rpc_ services was not taken
    into account for the implicitly added rules for port 111, making the portmap
    service accessible to everyone in the affected zone.
* Fri Jul 28 2017
  - Removed bogus nfs alias units, added correct nfs-client target in
    SuSEfirewall2.service (bnc#946325).
    The nfs alias units are false friends, because they don't fix the startup
    ordering between nfs and SuSEfirewall2.
    The missing nfs-client target could cause nfs mounts for nfs versions < 4.1
    to be unable to receive callbacks from the server, when the nfs client was
    started before the SuSEfirewall2 was started on boot.
* Wed Jul 12 2017
  - sysctl settings: make list of sysctl.d directories configurable via
    FW_SYSCTL_PATHS (bnc#1044523)
* Thu Jul 06 2017
  - clarified warning message about FW_ROUTE being enabled but ip_forwarding not configured
  - sysctl.d: avoid error messages if no /etc/sysctl.d/*.conf files are existing (bnc#1044523)
* Wed Jun 28 2017
  - Only consider *.conf files to ignore backup files and similar (bnc#1044523)
* Tue Jun 20 2017
  - Also check /etc/sysctl.d for custom sysctl overrides (bnc#1044523)
  - improved documentation of FW_SERVICES_DROP_... to mention "all" protocols
* Mon Apr 24 2017
  - implementation of feature FATE#316295: allow incremental update of rpc
    By calling "/usr/sbin/SuSEfirewall2 update-rpc [-s service]" you can now
    cause SuSEfirewall to update its rpc related firewall rules to reflect the
    current portmapper state in the system, without affecting the rest of the
    firewall rule set.
    This can for example be put in systemd unit files as ExecStartPost
    directives, to always keep port mapping rules up to date, for certain rpc
    services. Note that you still need to configure the rpc rules in
    /etc/sysconfig/SuSEfirewall2 to make this work. See configuration variables:
  - conntrack helpers: explicitly load kernel module to make sure conntrack
    helper rules can be applied and to avoid errors messages if kernel module is
    not loaded
* Tue Apr 18 2017
  Update to new git release 3.6.351:
  - ship ftp-client service file for allowing active ftp client connections
    easily. Also fix use of connection tracker helper on kernel >= 4.7 for ftp.
* Mon Mar 20 2017
  Update to new git release 3.6.346:
  - harmonized the logic of setting IPv4/IPv6 forwarding when FW_ROUTE is set to
    "yes". Previously only IPv4 forwarding was exclusively set by SuSEfirewall2,
    while IPv6 forwarding could only be set via "yast2 firewall". With this
    update you should always configure IPv4/IPv6 forwarding with yast.
    SuSEfirewall2 will still provide backwards compatibility to temporarily
    enable IPv4/IPv6 forwarding if not already enabled system wide. Also
    forwarding can now be configured separately for IPv4/IPv6 if only one of
    both is required. See FW_ROUTE documentation. (bnc#572202)
  - ignore the bootlock when incremental updates for hotplugged or virtual
    devices are coming in during boot. This prevents lockups for example when
    drbd is used with FB_BOOT_FULL_INIT. (bnc#785299)
  - fixed a race condition in systemd unit files that could cause the
    SuSEfirewall2_init unit to sporadically fail, because /tmp was not
    there/writable yet. (bnc#1014987)
  - support new kernels >= 4.7 that run with
    net.netfilter.nf_conntrack_helper = 0
    by default. Currently only netbios/samba is fully covered. (bnc#986527)
  - allow mdns multicast packets input in unconfigured firewall setups (no zones
    configured) to make zeroconf setups (like avahi) work out of the box for
    typical desktops connecting via DSL/WiFi router scenarios. (bnc#959707)
  - refurbished the documentation in /usr/share/doc. (bnc#884037)
  - updated GPL license texts with the current address from FSF
  - support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046)
  - don't log dropped broadcast IPv6 broadcast/multicast packets by default to
    avoid cluttering the kernel log. (bnc#847193)
  - recognize a running libvirtd instance and cause it to recreate its custom
    firewall rules on SuSEfirewall2 reload, to not break VM networking.
  - only apply FW_KERNEL_SECURITY proc settings, if not overriden by the
    administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit
    from some of the kernel security settings, while overwriting others.
  - don't enable FW_LO_NOTRACK by default any more, because it breaks expected
    behaviour in some scenarios (bnc#916771)
  - increase security when sourcing external script files by checking file
    ownership and permissions first (to avoid sourcing untrusted files owned by
    non-root or world-writable)
  - fixed "/usr/sbin/SUSEfirewall log" pretty logfile parsing functionality when
    running under systemd with journald.
* Tue Mar 07 2017
  - Install symlink to SuSEfirewall2 with the updated SUSE spelling
    (bsc#938727, FATE#316521)
  - Added rpmlintrc file to suppress some bogus warnings during building
* Fri Feb 10 2017
  - Remove unused PreReq for insserv and fillup
* Wed Feb 10 2016
  - add nfs-server.service too as dependency, remove again
    as it makes trouble (bsc#963740)
  - and SuSEfirewall2 have a loop, remove it bsc#961258
* Tue Feb 09 2016
  - change dependencies of SUSEfirewall2_init, so it gets run after systemd
    version update brought new dependencies somehow (bsc#963969)
* Thu Jan 28 2016
  - add, so SuSEfirewall2 final will be started after
    all other services. This is relevant for rpc services like the NFS rpc
    process group, where ports are opened dynamically. bsc#963740
* Mon Jan 18 2016
  - Merge pull request #5 from hwoarang/firewalld-conflict
  - SuSEfirewall2{,_init}.service: Conflict with firewalld service
* Fri Jan 15 2016
  - basic.service -> (bsc#961258)
* Wed Jun 24 2015
  - reduce amount of setprocinfo set values, adjusted to existence and
    also current kernel defaults.
  - missing IPv6 commands to enable broadcast (e.g.: avahi over ipv6)



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon May 9 12:54:53 2022