Support Recognition of Automatic Helper Assignment Setting
Automatic helper assignment has been disabled in kernel 4.7. firewalld version 0.4.4 is now able to recognize this and to create rules if automatic helper assignment has been turned off to make conntrack helpers work again. If automatic helper assignment is turned on, then firewalld will behave as before.
For more information about the use of netfilter conntrack helper, please have a look at http://www.firewalld.org/2016/10/automatic-helper-assignment
Firewall-applet is now using Qt5
The firewall applet has been ported from Qt4 to Qt5.
Fixes LogDenied for zone reject targets
The logging rules for LogDenied have been placed after the reject rules for zones using the reject targets. The logging rules are now placed before these reject rules to fix logging.
Does not abort transaction on failed ipv6_rpfilter rules
The existing transaction will be executed before trying to add the rules for ipv6_rpfilter and a new transaction will be used to apply the ipv6_rpfiler rules. If this transaction fails, a warning is printed out and the remaining rules are applied with the next transaction.
Enhancements for the command line tools
The command line tools are now more consistent with errors and error codes in sequence options. The NOT_AUTHORIZED error is now also working.
New services
The services cfengine, condor-collector and smtp-submission have been added.
firewall-config: Use proper source check in sourceDialog (issue #162)
firewallctl: Use sys.excepthook to force exception_handler usage always
firewallctl: Support helpers
Several other enhancements and fixes
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2016-c57b0ba2d4
Please login to add feedback.
This update has been submitted for testing by twoerner.
This update has been pushed to testing.
No regressions noted.
works for me
This update has been submitted for stable by bodhi.
works for me
This update has been pushed to stable.
Hold on. Switching to a different (Qt5) UI library (= changing user experience) is against stable updates policy. Also, this drags in additional 19 packages which I didn't have to install before. This is not acceptable without good justification. Saying that "The firewall applet has been ported from Qt4 to Qt5." is not a justification at all.
@rathann Changing user experience? Have you opened the GUI just once? Don't think so.
Sorry, it was wrong of me to give negative karma here. The applet looks a bit different (the icon looks different and the menu is a bit smaller), but functionally the same. However, the issue of adding 19 packages of dependencies in the middle of stable release lifecycle remains.