firewalld release

The new firewalld version is available as a security and bug fix release for version 0.4.3.

The main changes are

Fixes CVE-2016-5410

Any locally logged in user, could add and remove tracked passthrough rules and could set ipset entries. On top of this the policy to get zone, service, .. settings and also the log denied value is more strict now.

Standard error is now used for errors and warnings

Errors and warnings can now simply be skipped for example while getting the default zone with the command line client by piping stderr to /dev/null.

Several fixes for use in change roots

The command line use in change roots is not resulting in trace backs anymore. The client class, NetworkManager backend and also the command line clients have been adapted for this.

Systemd service file changes

The systemd service has been changed that firewalld gets started before the and before

Fixed translations in firewall-config

The translations in firewall-config hve not been correct at all times. The gettext textdomain was not set property which resulted in missing translations in the code.

Command line clients

Several error return code fixes have been added to fix the behavior with single and sequence options.

The new firewalld version is available here: