The new firewalld version 0.3.4 is available at
https://fedorahosted.org/released/firewalld/
Major changes: - Provides enhanced firewall-config with lockdown and rich rule support - New man pages (created from docbook sources) - A first version of permanent direct rules (/etc/firewalld/direct.xml, but without command line and firewall-config support) - firewall-applet is now better working with gnome3 - Better python3 support - Bug fixes and enhancements - New services
Changelog for version 0.3.4:
- firewall-cmd: print result (yes/no) of all --query-* commands - move permanent-getZoneOf{Interface|Source} from firewall-cmd to server - Check Interfaces/sources when updating permanent zone settings. - FirewallDConfig: getZoneOfInterface/Source can actually return more zones - Fixed toaddr check in forward port to only allow single address, no range - firewall-cmd: various output improvements - fw_zone: use check_single_address from firewall.functions - getZoneOfInterface/Source does not need to throw exception - firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask - firewall.core.io.service: Properly check port/proto and destination address - Install applet desktop file into /etc/xdg/autostart - Fixed option problem with rich rule destinations (RHBZ#979804) - Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790) - Updated firewall-offline-cmd - Use priority in add, remove, query and list of direct rules (RHBZ#979509) - New documentation (man pages are created from docbook sources) - firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods - direct: pass priority also to client.py and firewall-cmd - applet: New blink and blink-count settings - firewall.functions: New function ppid_of_pid - applet: Check for gnome3 and fix it, use new settings, new size-changed cb - firewall-offline-cmd: Fix use of systemctl in chroot - firewall-config: use string.ascii_letters instead of string.letters - dbus_to_python(): handle non-ascii chars in dbus.String. - Modernize old syntax constructions. - dict.keys() in Python 3 returns a "view" instead of list - Use gettext.install() to install _() in builtins namespace. - Allow non-ascii chars in 'short' and 'description' - README: More information for "Working With The Source Repository" - Build environment fixes - firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base - firewall-applet: New setting show-inactive - Don't stop on reload when lockdown already enabled (RHBZ#987403) - firewall-cmd: --lockdown-on/off did not touch firewalld.conf - FirewallApplet.gschema.xml: Dropped unused sender-info setting - doc/firewall-applet.xml: Added information about gsettings - several debug and log message fixes - Add chain for sources so they can be checked before interfaces (RHBZ#903222) - Add dhcp and proxy-dhcp services (RHBZ#986947) - io/Zone(): don't error on deprecated family attr of source elem - Limit length of zone file name (to 12 chars) due to Netfilter internals. - It was not possible to overload a zone with defined source(s). - DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone} - New runtime get<X>Settings for services and icmptypes, fixed policies callbacks - functions: New functions checkUser, checkUid and checkCommand - src/firewall/client: Fixed lockdown-whitelist-updated signal handling - firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule - Rich rule service: Only add modules for accept action - firewall/core/rich: Several fixes and enhanced checks - Fixed reload of direct rules - firewall/client: New functions to set and get the exception handler - firewall-config: New and enhanced UI to handle lockdown and rich rules - zone's immutable attribute is redundant - Do not allow to set settings in config for immutable zones. - Ignore deprecated 'immutable' attribute in zone files. - Eviscerate 'immutable' completely. - FirewallDirect.query_rule(): fix it - permanent direct: activate firewall.core.io.direct:Direct reader - core/io/*: simplify getting of character data - FirewallDirect.set_config(): allow reloading
firewalld-users@lists.fedorahosted.org