FEDORA-2016-c57b0ba2d4 created by twoerner 3 years ago for Fedora 24
stable

Support Recognition of Automatic Helper Assignment Setting

Automatic helper assignment has been disabled in kernel 4.7. firewalld version 0.4.4 is now able to recognize this and to create rules if automatic helper assignment has been turned off to make conntrack helpers work again. If automatic helper assignment is turned on, then firewalld will behave as before.

For more information about the use of netfilter conntrack helper, please have a look at http://www.firewalld.org/2016/10/automatic-helper-assignment

Firewall-applet is now using Qt5

The firewall applet has been ported from Qt4 to Qt5.

Fixes LogDenied for zone reject targets

The logging rules for LogDenied have been placed after the reject rules for zones using the reject targets. The logging rules are now placed before these reject rules to fix logging.

Does not abort transaction on failed ipv6_rpfilter rules

The existing transaction will be executed before trying to add the rules for ipv6_rpfilter and a new transaction will be used to apply the ipv6_rpfiler rules. If this transaction fails, a warning is printed out and the remaining rules are applied with the next transaction.

Enhancements for the command line tools

The command line tools are now more consistent with errors and error codes in sequence options. The NOT_AUTHORIZED error is now also working.

New services

The services cfengine, condor-collector and smtp-submission have been added.

firewall-config: Use proper source check in sourceDialog (issue #162)

firewallctl: Use sys.excepthook to force exception_handler usage always

firewallctl: Support helpers

Several other enhancements and fixes

How to install

sudo dnf upgrade --advisory=FEDORA-2016-c57b0ba2d4

This update has been submitted for testing by twoerner.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon dhgutteridge commented & provided feedback 3 years ago
karma

No regressions noted.

User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me

This update has been submitted for stable by bodhi.

3 years ago
User Icon thofmann commented & provided feedback 3 years ago
karma

works for me

This update has been pushed to stable.

3 years ago
User Icon rathann commented & provided feedback 3 years ago
karma

Hold on. Switching to a different (Qt5) UI library (= changing user experience) is against stable updates policy. Also, this drags in additional 19 packages which I didn't have to install before. This is not acceptable without good justification. Saying that "The firewall applet has been ported from Qt4 to Qt5." is not a justification at all.

User Icon samoht0 commented & provided feedback 3 years ago
karma

@rathann Changing user experience? Have you opened the GUI just once? Don't think so.

User Icon rathann commented & provided feedback 3 years ago

Sorry, it was wrong of me to give negative karma here. The applet looks a bit different (the icon looks different and the menu is a bit smaller), but functionally the same. However, the issue of adding 19 packages of dependencies in the middle of stable release lifecycle remains.


Please login to add feedback.

Metadata
Type
enhancement
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1297235 samba browsing blocked even with the samba-client service enabled, works with connection/interface in 'trusted' zone
0
0
BZ#1380168 Firewalld cause any ftp client to get "host unknown" when go in passive mode connecting with ip address
0
0
BZ#1390961 firewalld does not allow connections to VPN PPTP server
0
0

Automated Test Results