Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: SuSEfirewall2 | Distribution: SUSE Linux Enterprise 15 SP3 |
Version: 3.6.378 | Vendor: openSUSE |
Release: bp153.1.68 | Build date: Tue May 18 10:29:28 2021 |
Group: Productivity/Networking/Security | Build host: goat07 |
Size: 305778 | Source RPM: SuSEfirewall2-3.6.378-bp153.1.68.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: http://en.opensuse.org/SuSEfirewall2 | |
Summary: Stateful Packet Filter Using iptables and netfilter |
SuSEfirewall2 implements a packet filter that protects hosts and routers by limiting which services or networks are accessible on the host or via the router. SuSEfirewall2 uses the iptables/netfilter packet filtering infrastructure to create a flexible rule set for a stateful firewall.
GPL-2.0
* Tue Jan 16 2018 matthias.gerstner@suse.com - Fixed a regression in setting up the final LOG/DROP/REJECT rules for IPv6 (bnc#1075251) - Set RPC related rules also for IPv6 (bnc#1074933) * Tue Nov 28 2017 matthias.gerstner@suse.com - logging: correctly set the PID of the logging process * Tue Nov 28 2017 matthias.gerstner@suse.com - main script: remove duplicate rules in the rpc rules area (bnc#1069760) - main script: support --trace messages * Thu Nov 23 2017 rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Wed Oct 18 2017 matthias.gerstner@suse.com - rpcinfo: recognize execution errors of the perl script and terminate accordingly - rpcinfo: fixed security issue with too open implicit portmapper rules (bnc#1064127): A source net restriction for _rpc_ services was not taken into account for the implicitly added rules for port 111, making the portmap service accessible to everyone in the affected zone. * Fri Jul 28 2017 matthias.gerstner@suse.com - Removed bogus nfs alias units, added correct nfs-client target in SuSEfirewall2.service (bnc#946325). The nfs alias units are false friends, because they don't fix the startup ordering between nfs and SuSEfirewall2. The missing nfs-client target could cause nfs mounts for nfs versions < 4.1 to be unable to receive callbacks from the server, when the nfs client was started before the SuSEfirewall2 was started on boot. * Wed Jul 12 2017 matthias.gerstner@suse.com - sysctl settings: make list of sysctl.d directories configurable via FW_SYSCTL_PATHS (bnc#1044523) * Thu Jul 06 2017 matthias.gerstner@suse.com - clarified warning message about FW_ROUTE being enabled but ip_forwarding not configured - sysctl.d: avoid error messages if no /etc/sysctl.d/*.conf files are existing (bnc#1044523) * Wed Jun 28 2017 matthias.gerstner@suse.com - Only consider *.conf files to ignore backup files and similar (bnc#1044523) * Tue Jun 20 2017 matthias.gerstner@suse.com - Also check /etc/sysctl.d for custom sysctl overrides (bnc#1044523) - improved documentation of FW_SERVICES_DROP_... to mention "all" protocols * Mon Apr 24 2017 matthias.gerstner@suse.com - implementation of feature FATE#316295: allow incremental update of rpc rules: By calling "/usr/sbin/SuSEfirewall2 update-rpc [-s service]" you can now cause SuSEfirewall to update its rpc related firewall rules to reflect the current portmapper state in the system, without affecting the rest of the firewall rule set. This can for example be put in systemd unit files as ExecStartPost directives, to always keep port mapping rules up to date, for certain rpc services. Note that you still need to configure the rpc rules in /etc/sysconfig/SuSEfirewall2 to make this work. See configuration variables: FW_SERVICES_DROP_{EXT,INT,DMZ} FW_SERVICES_ACCEPT_{EXT,INT,DMZ} FW_SERVICES_{EXT,INT,DMZ}_RPC - conntrack helpers: explicitly load kernel module to make sure conntrack helper rules can be applied and to avoid errors messages if kernel module is not loaded * Tue Apr 18 2017 matthias.gerstner@suse.com Update to new git release 3.6.351: - ship ftp-client service file for allowing active ftp client connections easily. Also fix use of connection tracker helper on kernel >= 4.7 for ftp. (boo#1034341) * Mon Mar 20 2017 mgerstner@suse.de Update to new git release 3.6.346: - harmonized the logic of setting IPv4/IPv6 forwarding when FW_ROUTE is set to "yes". Previously only IPv4 forwarding was exclusively set by SuSEfirewall2, while IPv6 forwarding could only be set via "yast2 firewall". With this update you should always configure IPv4/IPv6 forwarding with yast. SuSEfirewall2 will still provide backwards compatibility to temporarily enable IPv4/IPv6 forwarding if not already enabled system wide. Also forwarding can now be configured separately for IPv4/IPv6 if only one of both is required. See FW_ROUTE documentation. (bnc#572202) - ignore the bootlock when incremental updates for hotplugged or virtual devices are coming in during boot. This prevents lockups for example when drbd is used with FB_BOOT_FULL_INIT. (bnc#785299) - fixed a race condition in systemd unit files that could cause the SuSEfirewall2_init unit to sporadically fail, because /tmp was not there/writable yet. (bnc#1014987) - support new kernels >= 4.7 that run with net.netfilter.nf_conntrack_helper = 0 by default. Currently only netbios/samba is fully covered. (bnc#986527) - allow mdns multicast packets input in unconfigured firewall setups (no zones configured) to make zeroconf setups (like avahi) work out of the box for typical desktops connecting via DSL/WiFi router scenarios. (bnc#959707) - refurbished the documentation in /usr/share/doc. (bnc#884037) - updated GPL license texts with the current address from FSF - support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046) - don't log dropped broadcast IPv6 broadcast/multicast packets by default to avoid cluttering the kernel log. (bnc#847193) - recognize a running libvirtd instance and cause it to recreate its custom firewall rules on SuSEfirewall2 reload, to not break VM networking. (bnc#884398) - only apply FW_KERNEL_SECURITY proc settings, if not overriden by the administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit from some of the kernel security settings, while overwriting others. - don't enable FW_LO_NOTRACK by default any more, because it breaks expected behaviour in some scenarios (bnc#916771) - increase security when sourcing external script files by checking file ownership and permissions first (to avoid sourcing untrusted files owned by non-root or world-writable) - fixed "/usr/sbin/SUSEfirewall log" pretty logfile parsing functionality when running under systemd with journald. * Tue Mar 07 2017 mgerstner@suse.de - Install symlink to SuSEfirewall2 with the updated SUSE spelling (bsc#938727, FATE#316521) - Added rpmlintrc file to suppress some bogus warnings during building * Fri Feb 10 2017 kukuk@suse.de - Remove unused PreReq for insserv and fillup * Wed Feb 10 2016 meissner@suse.com : - add nfs-server.service too as dependency, remove default.target again as it makes trouble (bsc#963740) - basic.target and SuSEfirewall2 have a loop, remove it bsc#961258 * Tue Feb 09 2016 meissner@suse.com - change dependencies of SUSEfirewall2_init, so it gets run after systemd version update brought new dependencies somehow (bsc#963969) * Thu Jan 28 2016 meissner@suse.com - add default.target, so SuSEfirewall2 final will be started after all other services. This is relevant for rpc services like the NFS rpc process group, where ports are opened dynamically. bsc#963740 * Mon Jan 18 2016 meissner@suse.com - Merge pull request #5 from hwoarang/firewalld-conflict - SuSEfirewall2{,_init}.service: Conflict with firewalld service * Fri Jan 15 2016 meissner@suse.com - basic.service -> basic.target (bsc#961258) * Wed Jun 24 2015 meissner@suse.com - reduce amount of setprocinfo set values, adjusted to existence and also current kernel defaults. - missing IPv6 commands to enable broadcast (e.g.: avahi over ipv6) (bsc#935716)
/etc/sysconfig/SuSEfirewall2 /etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE /etc/sysconfig/SuSEfirewall2.d/services/ftp-client /etc/sysconfig/network/if-up.d/SuSEfirewall2 /etc/sysconfig/network/scripts/SuSEfirewall2 /etc/sysconfig/network/scripts/firewall /etc/sysconfig/scripts/SuSEfirewall2-batch /etc/sysconfig/scripts/SuSEfirewall2-custom /etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast /etc/sysconfig/scripts/SuSEfirewall2-open /etc/sysconfig/scripts/SuSEfirewall2-qdisc /etc/sysconfig/scripts/SuSEfirewall2-rpcinfo /etc/sysconfig/scripts/SuSEfirewall2-showlog /sbin/SUSEfirewall2 /sbin/SuSEfirewall2 /sbin/rcSuSEfirewall2 /usr/lib/systemd/system/SuSEfirewall2.service /usr/lib/systemd/system/SuSEfirewall2_init.service /usr/sbin/SUSEfirewall2 /usr/sbin/SuSEfirewall2 /usr/sbin/rcSuSEfirewall2 /usr/share/SuSEfirewall2 /usr/share/SuSEfirewall2/defaults /usr/share/SuSEfirewall2/defaults/50-default.cfg /usr/share/SuSEfirewall2/rpcusers /usr/share/doc/packages/SuSEfirewall2 /usr/share/doc/packages/SuSEfirewall2/EXAMPLES /usr/share/doc/packages/SuSEfirewall2/EXAMPLES.html /usr/share/doc/packages/SuSEfirewall2/FAQ /usr/share/doc/packages/SuSEfirewall2/FAQ.html /usr/share/doc/packages/SuSEfirewall2/LICENCE /usr/share/doc/packages/SuSEfirewall2/README /usr/share/doc/packages/SuSEfirewall2/README.html /usr/share/doc/packages/SuSEfirewall2/SuSEfirewall2.sysconfig /usr/share/doc/packages/SuSEfirewall2/susebooks.css /usr/share/fillup-templates/sysconfig.SuSEfirewall2 /usr/share/susehelp /usr/share/susehelp/meta /usr/share/susehelp/meta/Manuals /usr/share/susehelp/meta/Manuals/Productivity /usr/share/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 13:49:26 2024