firewalld 0.5.2 release

A new release of firewalld, version 0.5.2, is available.

This is a bug fix only release.

  • fix rule deduplication causing accidental removal of rules
  • log failure to parse direct rules xml as an error
  • firewall-config: Break infinite loop when firewalld is not running
  • fix set-log-denied not taking effect
  • po: update translations

Source available here:

firewalld 0.5.1 release

A new release of firewalld, version 0.5.1, is available.

This is a bug fix only release.

  • ipXtables: fix iptables-restore wait option detection
  • python3 compatibility fixes
  • ebtables: fix missing default value to set_rule()
  • fw_zone: fix invalid reference to __icmp_block_inversion

Source available here:

firewalld 0.5.0 release

A new release of firewalld, version 0.5.0, is available.

This release is significant because it deprecates the firewallctl command. This secondary CLI is a fair maintenance burden and doesn’t provide anything useful over firewall-cmd other than aesthetics.

Regarding developer related changes, firewalld has gained autotest support. Now you can do a “make check” to run the testsuite. This has been integrated with travis-ci so every push to master and PR automatically runs the testsuite.

Major changes

  • firewallctl: mark deprecated (#261)
  • new test framework with travis-ci integration
  • SUSE ifcfg support

New services

  • nmea-0183
  • syncthing
  • monogoDB
  • upnp

Source available here:

firewalld release

The new firewalld version is available as the sixth bug fix release for 0.4.4.

Main changes

  • Reload nf_conntrack sysctls after the module is loaded
  • Updated repository and mailing list links
  • Improved IPv6 support

New services

  • docker-swarm
  • redis
  • zabbix
  • bgp
  • git
  • kprop
  • minidlna
  • NFSv3
  • murmur
  • IRC

The new firewalld version is available here:

firewalld release

The new firewalld version is available as the fifth bug fix release for 0.4.4.

The main changes are

Fix build from spec

The spec file still contained remains. These have been removed and the missing dependency for autotools has been added.

Fix –remove-service-from-zone option

The wrong option name has been used internally which resulted in the NoneType object is not iterable error.

Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules

This patch adds support to use ports with the protocols sctp and dccp if also a port id is specified. The use of sctp and dccp is now also allowed in source-ports, forward-ports, helpers and rich language rules.

The test suite has been expanded to also test the new combinations.

This fixes RHBZ#1429808

firewall-cmd: Fix –{set,get}-{short,description} for zone

The options --{set,get}-{short,description} have been used on the wrong object in firewall-cmd which resulted in a back trace.

Fixes: RHBZ#1445238

firewall.core.ipXtables: Use new wait option for restore commands if available

The iptables restore commands in the next iptables release will support the wait option. This is very useful and results in less likely collisions with iptables commands used by other services or the user.

New services

ctdb, ovirt-imageio, ovirt-storageconsole, ovirt-vmconsole and nrpe

Rename extension for policy choices (server and desktop) to .policy.choice

firewalld provides a server and a desktop specific policy file. Both files are installed and the one to be used will be linked to org.fedoraproject.FirewallD1.policy. The existance of several policy files using the .policy extensionn in the policy directory could result in a policykit issue. Therefore the policy choice files are now using the extension .policy.choice.

This is done at installation time to still use autofoo targets etc. A change in firewall-offline command to fix –policy-server and –policy-desktop options has been needed for this also.

This fixes RHBZ#1449754

D-Bus interfaces: Fix GetAll for interfaces without properties

The use of GetAll on D-Bus interfaces without properties restulted in the FirewallD does not implement the interface error. This has been fixed and an empty array is returned now.

The property handling code and also the error messages are now consisent in all D-Bus interfaces of firewalld.

This fixes RHBZ#1452017

Load NAT helpers with conntrack helpers

If a conntrack helper is used, then the NAT helper will automatically be loaded also if there is a matching NAT helper. New functionality to detect NAT helpers supported by the kernel has been added. The new property nf_nat_helpers has been added to the firewalld D-Bus interface.

Fixes: RHBZ#1452681

Translation updates

The new firewalld version is available here: