opensuse:susefirewall2.git
4 years agotypo fix customary -> custom bnc#835677 master
Marcus Meissner [Mon, 13 Jan 2014 13:53:37 +0000 (14:53 +0100)]
typo fix customary -> custom bnc#835677

5 years agoadjust service files so manual starts work better (bnc#819499)
Marcus Meissner [Thu, 27 Jun 2013 11:15:00 +0000 (13:15 +0200)]
adjust service files so manual starts work better (bnc#819499)

5 years agoclarify what the default is in FW_MASQ_NETS (bnc#817233)
Marcus Meissner [Thu, 2 May 2013 14:41:38 +0000 (16:41 +0200)]
clarify what the default is in FW_MASQ_NETS (bnc#817233)

5 years agoremoved the --rttl option in recent matches, as this could also be used
Marcus Meissner [Thu, 2 May 2013 14:08:51 +0000 (16:08 +0200)]
removed the --rttl option in recent matches, as this could also be used
by attackers (bnc#800719)

5 years agodo not add dependency information about YaST2 Second Stage openSUSE-12.3
Frederic Crozat [Mon, 28 Jan 2013 12:53:27 +0000 (13:53 +0100)]
do not add dependency information about YaST2 Second Stage

Keep dependencies about YaST2-Second-Stage in its own systemd .service
file and don't spread them across various services (including
SuSEfirewall2).

5 years agoupdate TODO
Ludwig Nussel [Sat, 19 Jan 2013 11:34:40 +0000 (12:34 +0100)]
update TODO

5 years agofix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834)
Ludwig Nussel [Thu, 17 Jan 2013 11:10:33 +0000 (12:10 +0100)]
fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834)

5 years agomove to /usr, remove init scripts
Ludwig Nussel [Thu, 13 Dec 2012 12:20:59 +0000 (13:20 +0100)]
move to /usr, remove init scripts

5 years agoadjust for starting via systemd service files
Ludwig Nussel [Wed, 12 Dec 2012 15:30:10 +0000 (16:30 +0100)]
adjust for starting via systemd service files

5 years agomove lock files to /run
Ludwig Nussel [Wed, 12 Dec 2012 15:29:21 +0000 (16:29 +0100)]
move lock files to /run

5 years agojust CT instead of NOTRACK (bnc#793459)
Ludwig Nussel [Wed, 12 Dec 2012 15:27:33 +0000 (16:27 +0100)]
just CT instead of NOTRACK (bnc#793459)

5 years agoskip non-existing devices
Ludwig Nussel [Tue, 11 Sep 2012 08:29:29 +0000 (10:29 +0200)]
skip non-existing devices

5 years agogetdevinfo is gone as per commit 0c5ac93 (bnc#777271) openSUSE-12.2
Ludwig Nussel [Tue, 11 Sep 2012 08:24:54 +0000 (10:24 +0200)]
getdevinfo is gone as per commit 0c5ac93 (bnc#777271)

6 years agohonor FW_IPv6 setting also in debug mode (bnc#769411) openSUSE-12.2
Vladimir Anufriev [Fri, 13 Jul 2012 12:42:35 +0000 (14:42 +0200)]
honor FW_IPv6 setting also in debug mode (bnc#769411)

6 years agofix logging in test mode
Ludwig Nussel [Tue, 19 Jun 2012 11:31:34 +0000 (13:31 +0200)]
fix logging in test mode

6 years agoallow icmpv6 in FW_SERVICES_*_*
Ludwig Nussel [Mon, 18 Jun 2012 09:30:35 +0000 (11:30 +0200)]
allow icmpv6 in FW_SERVICES_*_*

6 years agoallow ICMPv6 Multicast Listener Query (bnc#767392)
Ludwig Nussel [Mon, 18 Jun 2012 09:23:17 +0000 (11:23 +0200)]
allow ICMPv6 Multicast Listener Query (bnc#767392)

6 years agofix typo spotted by Frederic, thanks!
Ludwig Nussel [Tue, 29 May 2012 13:10:20 +0000 (15:10 +0200)]
fix typo spotted by Frederic, thanks!

6 years agoenable osc ci
Ludwig Nussel [Wed, 18 Jan 2012 14:17:36 +0000 (15:17 +0100)]
enable osc ci

6 years agobetter make package target
Ludwig Nussel [Wed, 18 Jan 2012 13:55:57 +0000 (14:55 +0100)]
better make package target

6 years agoassume all interface names are correct (bnc#739084)
Ludwig Nussel [Wed, 18 Jan 2012 13:10:10 +0000 (14:10 +0100)]
assume all interface names are correct (bnc#739084)

- remove the obsolete calls to getcfg-interface
- don't check interfaces actually exist in sysfs. Instead install
  rules for all listed interfaces always.

6 years agofix forward masquerading (bnc#736205)
Ludwig Nussel [Wed, 14 Dec 2011 16:54:32 +0000 (17:54 +0100)]
fix forward masquerading (bnc#736205)

6 years agoenhance debug mode
Ludwig Nussel [Tue, 29 Nov 2011 13:37:10 +0000 (14:37 +0100)]
enhance debug mode

- allow to turn off interface auto detection
- don't log to syslog

6 years agocompat syntax for negated options no longer works (bnc#660156, bnc#731088)
Ludwig Nussel [Mon, 28 Nov 2011 15:57:25 +0000 (16:57 +0100)]
compat syntax for negated options no longer works (bnc#660156, bnc#731088)

6 years agouse /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438) openSUSE-12.1
Ludwig Nussel [Mon, 7 Nov 2011 10:55:00 +0000 (11:55 +0100)]
use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438)

6 years agoset SYSTEMD_NO_WRAP for status (bnc#727445)
Ludwig Nussel [Wed, 2 Nov 2011 15:26:04 +0000 (16:26 +0100)]
set SYSTEMD_NO_WRAP for status (bnc#727445)

6 years agofix manual rcSuSEfirewall2 stop with sytemd (bnc#717583)
Ludwig Nussel [Fri, 14 Oct 2011 09:45:56 +0000 (11:45 +0200)]
fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583)

6 years agofix typo (bnc#721845)
Ludwig Nussel [Tue, 4 Oct 2011 14:52:13 +0000 (16:52 +0200)]
fix typo (bnc#721845)

6 years agoatomic zone status writing
Ludwig Nussel [Wed, 28 Sep 2011 13:26:33 +0000 (15:26 +0200)]
atomic zone status writing

6 years agosanitize FW_ZONE_DEFAULT (bnc#716013)
Ludwig Nussel [Tue, 6 Sep 2011 09:33:05 +0000 (11:33 +0200)]
sanitize FW_ZONE_DEFAULT (bnc#716013)

6 years agotypo
Ludwig Nussel [Thu, 4 Aug 2011 08:13:57 +0000 (10:13 +0200)]
typo

6 years agoadd warning about iptables-batch to SuSEfirewall2-custom
Ludwig Nussel [Thu, 4 Aug 2011 08:13:13 +0000 (10:13 +0200)]
add warning about iptables-batch to SuSEfirewall2-custom

6 years ago/proc/net/ip_tables_names is not readable for users
Ludwig Nussel [Thu, 4 Aug 2011 08:03:25 +0000 (10:03 +0200)]
/proc/net/ip_tables_names is not readable for users

6 years agodon't install input rules for interfaces in default zone
Ludwig Nussel [Wed, 3 Aug 2011 09:33:20 +0000 (11:33 +0200)]
don't install input rules for interfaces in default zone

The default rule catches them anyways

7 years agoAdd hook fw_custom_after_finished
Peter Varkoly [Fri, 10 Jun 2011 13:53:04 +0000 (15:53 +0200)]
Add hook fw_custom_after_finished

fw_custom_after_finished is run after everything, just before
SuSEfirewall2 exits.

7 years agoremove obsolete sync target
Ludwig Nussel [Fri, 20 May 2011 06:38:46 +0000 (08:38 +0200)]
remove obsolete sync target

7 years agoregen doc
Ludwig Nussel [Fri, 20 May 2011 06:37:43 +0000 (08:37 +0200)]
regen doc

7 years agoupdate FAQ (bnc#694464)
Ludwig Nussel [Fri, 20 May 2011 06:37:28 +0000 (08:37 +0200)]
update FAQ (bnc#694464)

7 years agoclean up overrides when stopping the firewall (bnc#630961)
Ludwig Nussel [Wed, 27 Apr 2011 13:44:01 +0000 (15:44 +0200)]
clean up overrides when stopping the firewall (bnc#630961)

7 years agochange default FW_LOG_ACCEPT_CRIT to "no"
Ludwig Nussel [Thu, 7 Apr 2011 12:46:00 +0000 (14:46 +0200)]
change default FW_LOG_ACCEPT_CRIT to "no"

7 years agoallow redir without port specification
Ludwig Nussel [Thu, 7 Apr 2011 12:16:35 +0000 (14:16 +0200)]
allow redir without port specification

7 years agomake FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997)
Ludwig Nussel [Wed, 6 Apr 2011 11:54:56 +0000 (13:54 +0200)]
make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997)

7 years agofix zonein and zoneout parameters
Ludwig Nussel [Thu, 7 Apr 2011 12:16:12 +0000 (14:16 +0200)]
fix zonein and zoneout parameters

7 years agofix reverse direction of forwarding rules (bnc#679192)
Ludwig Nussel [Wed, 6 Apr 2011 07:14:50 +0000 (09:14 +0200)]
fix reverse direction of forwarding rules (bnc#679192)

7 years agoupdate some comments
Ludwig Nussel [Tue, 8 Feb 2011 12:35:44 +0000 (13:35 +0100)]
update some comments

7 years agoupdate copyright openSUSE-11.4
Ludwig Nussel [Tue, 1 Feb 2011 13:16:22 +0000 (14:16 +0100)]
update copyright

7 years agointroduce rpcusers file to allow statd to run as non-root (bnc#668553)
Ludwig Nussel [Tue, 1 Feb 2011 13:07:11 +0000 (14:07 +0100)]
introduce rpcusers file to allow statd to run as non-root (bnc#668553)

7 years agoadd zonein and zoneout parameters for FW_FORWARD
Ludwig Nussel [Wed, 19 Jan 2011 13:39:23 +0000 (14:39 +0100)]
add zonein and zoneout parameters for FW_FORWARD

7 years agofix typos
Togan Muftuoglu [Wed, 19 Jan 2011 13:19:04 +0000 (14:19 +0100)]
fix typos

7 years agodon't start in runlevel 4 by default (bnc#656520)
Ludwig Nussel [Mon, 10 Jan 2011 13:14:08 +0000 (14:14 +0100)]
don't start in runlevel 4 by default (bnc#656520)

7 years agocut off long zone names (bnc#644527)
Ludwig Nussel [Mon, 10 Jan 2011 13:10:01 +0000 (14:10 +0100)]
cut off long zone names (bnc#644527)

7 years agofix and enhance output of log command (bnc#663262)
Ludwig Nussel [Mon, 10 Jan 2011 12:37:15 +0000 (13:37 +0100)]
fix and enhance output of log command (bnc#663262)

7 years agodon't unload rules when using systemd
Ludwig Nussel [Thu, 2 Dec 2010 13:32:47 +0000 (14:32 +0100)]
don't unload rules when using systemd

7 years agolist some known rpc services as Should-Start
Ludwig Nussel [Tue, 16 Nov 2010 15:00:24 +0000 (16:00 +0100)]
list some known rpc services as Should-Start

systemd doesn't support $ALL (bnc#652608)

7 years agodon't filter outgoing packets at all
Ludwig Nussel [Mon, 11 Oct 2010 13:59:35 +0000 (15:59 +0200)]
don't filter outgoing packets at all

7 years agofix example (bnc#641907)
Ludwig Nussel [Mon, 27 Sep 2010 06:41:01 +0000 (08:41 +0200)]
fix example (bnc#641907)

7 years agofix status check in SuSEfirewall2_init (bnc#628751)
Ludwig Nussel [Mon, 9 Aug 2010 07:26:46 +0000 (09:26 +0200)]
fix status check in SuSEfirewall2_init (bnc#628751)

8 years agoinstall to correct dir
Ludwig Nussel [Tue, 29 Jun 2010 13:46:24 +0000 (15:46 +0200)]
install to correct dir

8 years agoremove "batch committing..." message
Ludwig Nussel [Tue, 29 Jun 2010 11:32:23 +0000 (13:32 +0200)]
remove "batch committing..." message

8 years agoread defaults from separate file
Ludwig Nussel [Tue, 29 Jun 2010 09:27:19 +0000 (11:27 +0200)]
read defaults from separate file

8 years agowarn if highports config options are set
Ludwig Nussel [Tue, 29 Jun 2010 09:27:04 +0000 (11:27 +0200)]
warn if highports config options are set

8 years agofinally drop 'highports' misfeature
Ludwig Nussel [Tue, 29 Jun 2010 08:56:24 +0000 (10:56 +0200)]
finally drop 'highports' misfeature

8 years agoMerge branch 'master' of git://dev.medozas.de/suse-firewall
Ludwig Nussel [Tue, 29 Jun 2010 08:43:50 +0000 (10:43 +0200)]
Merge branch 'master' of git://dev.medozas.de/suse-firewall

Conflicts:
SuSEfirewall2

8 years agoremove kernel ipv6 module detection (bnc#617033)
Ludwig Nussel [Mon, 28 Jun 2010 15:06:20 +0000 (17:06 +0200)]
remove kernel ipv6 module detection (bnc#617033)

8 years agosilence warning about default zone (bnc#616841)
Ludwig Nussel [Mon, 28 Jun 2010 13:59:17 +0000 (15:59 +0200)]
silence warning about default zone (bnc#616841)

8 years agoSuSEfirewall2-open: don't add values multiple times
Ludwig Nussel [Tue, 15 Jun 2010 11:20:36 +0000 (13:20 +0200)]
SuSEfirewall2-open: don't add values multiple times

8 years agoUse multiprotocol xt_conntrack
Jan Engelhardt [Mon, 31 May 2010 14:31:15 +0000 (16:31 +0200)]
Use multiprotocol xt_conntrack

8 years agoonly directories in /sys/class/net are real interfaces openSUSE-11.3
Ludwig Nussel [Mon, 31 May 2010 07:59:46 +0000 (09:59 +0200)]
only directories in /sys/class/net are real interfaces

/sys/class/net may contain a file "bonding_masters" which is not a real
interface (bnc#609810)

8 years agoupdate docu
Ludwig Nussel [Fri, 19 Mar 2010 14:14:46 +0000 (15:14 +0100)]
update docu

8 years agoclean up FAQ
Ludwig Nussel [Fri, 19 Mar 2010 14:05:43 +0000 (15:05 +0100)]
clean up FAQ

8 years agoscript for changelog entries
Ludwig Nussel [Fri, 19 Mar 2010 13:32:17 +0000 (14:32 +0100)]
script for changelog entries

8 years agoadd entry about drbd to FAQ
Ludwig Nussel [Fri, 19 Mar 2010 13:29:55 +0000 (14:29 +0100)]
add entry about drbd to FAQ

8 years agoimplement FW_BOOT_FULL_INIT
Ludwig Nussel [Fri, 19 Mar 2010 12:54:14 +0000 (13:54 +0100)]
implement FW_BOOT_FULL_INIT

8 years agoadd script to publish docu
Ludwig Nussel [Tue, 16 Feb 2010 16:38:51 +0000 (17:38 +0100)]
add script to publish docu

8 years agoremove more useless numbers
Ludwig Nussel [Tue, 16 Feb 2010 16:28:53 +0000 (17:28 +0100)]
remove more useless numbers

8 years agoinstall doc files
Ludwig Nussel [Tue, 16 Feb 2010 15:15:19 +0000 (16:15 +0100)]
install doc files

8 years agoupdate docu comments
Ludwig Nussel [Tue, 16 Feb 2010 13:38:02 +0000 (14:38 +0100)]
update docu comments

8 years agobe explicit about what kind of port is meant
Ludwig Nussel [Tue, 16 Feb 2010 12:41:29 +0000 (13:41 +0100)]
be explicit about what kind of port is meant

8 years agorebuild docu
Ludwig Nussel [Wed, 28 Oct 2009 15:42:33 +0000 (16:42 +0100)]
rebuild docu

8 years agonew script to create snapshots switch-to-git
Ludwig Nussel [Wed, 28 Oct 2009 15:41:59 +0000 (16:41 +0100)]
new script to create snapshots

8 years agofurther polishing of log drop policy
Ludwig Nussel [Tue, 15 Sep 2009 14:25:03 +0000 (14:25 +0000)]
further polishing of log drop policy

- separate drop rule for broadcast packets at end of chain
- only consider NEW udp packets as critical
- don't log INVALID packets as critical

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@226 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agofix spelling error in sysconfig file (bnc#537427)
Ludwig Nussel [Tue, 15 Sep 2009 13:32:04 +0000 (13:32 +0000)]
fix spelling error in sysconfig file (bnc#537427)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@225 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agodrop multicast packets silently (bnc#538053)
Ludwig Nussel [Tue, 15 Sep 2009 13:31:58 +0000 (13:31 +0000)]
drop multicast packets silently (bnc#538053)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@224 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agoremove some debug messages
Ludwig Nussel [Mon, 27 Jul 2009 11:45:41 +0000 (11:45 +0000)]
remove some debug messages

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@223 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agoallow disabling NOTRACK rules on lo (bnc#519526)
Ludwig Nussel [Mon, 27 Jul 2009 11:45:35 +0000 (11:45 +0000)]
allow disabling NOTRACK rules on lo (bnc#519526)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@222 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agoallow to override interface zones
Ludwig Nussel [Mon, 27 Jul 2009 11:29:40 +0000 (11:29 +0000)]
allow to override interface zones

also report interfaces in /var/run

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@221 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoremove chkconfig calls (bnc#522268)
Ludwig Nussel [Fri, 17 Jul 2009 09:59:41 +0000 (09:59 +0000)]
remove chkconfig calls (bnc#522268)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@220 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agouse ln -sf
Ludwig Nussel [Thu, 9 Jul 2009 13:48:31 +0000 (13:48 +0000)]
use ln -sf

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@219 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agodeprecate fw_custom_before_antispoofing and fw_custom_after_antispoofing, use fw_cust...
Ludwig Nussel [Thu, 9 Jul 2009 13:48:26 +0000 (13:48 +0000)]
deprecate fw_custom_before_antispoofing and fw_custom_after_antispoofing, use fw_custom_after_chain_creation instead

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@218 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoallow to set FW_ZONE_DEFAULT via config file
Ludwig Nussel [Thu, 9 Jul 2009 13:48:21 +0000 (13:48 +0000)]
allow to set FW_ZONE_DEFAULT via config file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@217 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd not about use as bridging firewall
Ludwig Nussel [Thu, 9 Jul 2009 13:48:17 +0000 (13:48 +0000)]
add not about use as bridging firewall

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@216 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd comments to fix vim syntax hilighting resync
Ludwig Nussel [Thu, 9 Jul 2009 13:48:12 +0000 (13:48 +0000)]
add comments to fix vim syntax hilighting resync

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@215 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoupdate firewall hook script (patch by Marius)
Ludwig Nussel [Tue, 9 Jun 2009 14:15:32 +0000 (14:15 +0000)]
update firewall hook script (patch by Marius)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@214 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agobetter wording for BROADCAST in template
Ludwig Nussel [Tue, 9 Jun 2009 14:15:26 +0000 (14:15 +0000)]
better wording for BROADCAST in template

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@213 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agosilence an error from bash if a service config file is not available (bnc#487870)
Ludwig Nussel [Wed, 25 Mar 2009 12:12:39 +0000 (12:12 +0000)]
silence an error from bash if a service config file is not available (bnc#487870)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@212 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoallow service files to specify kernel modules and allow related packets
Ludwig Nussel [Fri, 23 Jan 2009 09:37:12 +0000 (09:37 +0000)]
allow service files to specify kernel modules and allow related packets

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@211 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agofix version number in help text
Ludwig Nussel [Mon, 12 Jan 2009 08:17:13 +0000 (08:17 +0000)]
fix version number in help text

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@210 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd note that ulog doesn't work with IPv6 (bnc#442756)
Ludwig Nussel [Mon, 10 Nov 2008 13:17:49 +0000 (13:17 +0000)]
add note that ulog doesn't work with IPv6 (bnc#442756)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@209 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agopoint to correct path for service files (bnc#425187)
Ludwig Nussel [Thu, 6 Nov 2008 12:16:18 +0000 (12:16 +0000)]
point to correct path for service files (bnc#425187)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@208 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agocheck whether IPv6 support is available when stopping the firewall (bnc#442118)
Ludwig Nussel [Thu, 6 Nov 2008 10:00:52 +0000 (10:00 +0000)]
check whether IPv6 support is available when stopping the firewall (bnc#442118)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@207 b36d0de6-17df-0310-aa5c-c2ebc275e154