firewalld 0.7.3 release

A new release of firewalld, version 0.7.3, is available.

This is a bug fix only release.

  • fix: src/tests/Makefile: distclean should clean atconfig
  • fix: test: use debug output based on autotest variable
  • chore: doc: update authors
  • fix: tests/functions: canonicalize XML output
  • fix: failure to load modules no longer fatal
  • fix: don’t probe for available kernel modules
  • fix: build: distribute testsuite
  • fix: tests: convert nftables fib checks to runtime
  • fix: tests: convert probe of nft numeric args to runtime
  • fix: tests: convert ip6tables checks to runtime
  • fix: tests: convert host ipv6 checks to runtime
  • chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES
  • fix: reload: let NM interface assignments override permanent config
  • fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version
  • fix: test: direct passthrough: no need to check for dummy module
  • fix: test/functions: FWD_END_TEST: improve grep for errors/warnings
  • tests: support running in containers, “make check-container”
  • tests: add integration tests, e.g. network-manager

Source available here:


firewalld 0.6.6 release

A new release of firewalld, version 0.6.6, is available.

This is a bug fix only release. It is also the final release for this stable branch.

  • fix: src/tests/Makefile: distclean should clean atconfig
  • tests/functions: increase firewalld debug level
  • fix: test: use debug output based on autotest variable
  • chore: doc: update authors
  • fix: failure to load modules no longer fatal
  • fix: don’t probe for available kernel modules
  • fix: build: distribute testsuite
  • fix: tests: convert nftables fib checks to runtime
  • fix: tests: convert probe of nft numeric args to runtime
  • fix: tests: convert ip6tables checks to runtime
  • fix: tests: convert host ipv6 checks to runtime
  • chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES
  • fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version
  • fix: test: direct passthrough: no need to check for dummy module
  • fix: test/functions: FWD_END_TEST: improve grep for errors/warnings

Source available here:


firewalld 0.8.1 release

A new release of firewalld, version 0.8.1, is available.

This is a big fix only release.

  • fix: CLI: service: also output helpers for service info
  • fix: reload: let NM interface assignments override permanent config
  • tests: support running in containers, “make check-container”
  • tests: add integration tests, e.g. network-manager

Source available here:


firewalld 0.8.0 release

A new release of firewalld, version 0.8.0, is available.

This is a feature release. It also includes all bug fixes since v0.7.0.

New features:

  • nftables: convert to libnftables JSON interface This completely converts firewalld to using the libnftables JSON interface. Firewalld no longer makes calls to the nft binary. It drastically improves rule application times and reliability by applying rules in large transactions.
  • service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”.
  • allow custom helpers using standard helper modules (rhbz 1733066)
  • testsuite is now shipped in the dist tarball

Statistics since v0.7.0:

  • 100 commits
  • 74 files changed, 3593 insertions(+), 2163 deletions(-)

Source available here:


firewalld 0.6.5 release

A new release of firewalld, version 0.6.5, is available.

This is a bug fix only release.

  • fix: do not allow zone drifting
  • fix: test/regression/gh258: add missing keyword for rhbz 1713823
  • fix: rich rule destination with services
  • fix: test/regression/pr323: skip if GRE module doesn’t exist
  • fix: direct: removeRules() was mistakenly removing all rules
  • Revert “fix: ipXtables: using “mangle” in zone not dependent on “nat””
  • fix: guarantee zone source dispatch is sorted by zone name
  • fix: nftables: fix zone dispatch using ipset sources in nat chains
  • doc: add –default-config and –system-config
  • fix: –add-masquerade should only affect ipv4
  • fix: nftables: –forward-ports should only affect IPv4
  • fix: direct: removeRules() not removing all rules in chain
  • fix: allow custom helpers using standard helper modules
  • fix: service: usage of helpers with ‘-‘ in name
  • fix: Revert “ebtables: drop support for broute table”
  • fix: ebtables: don’t use tables that aren’t available
  • Change-interface can accept permanent option

Source available here: