Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

SuSEfirewall2-3.6.312.333-7.1 RPM for noarch

From OpenSuSE Ports Leap 42.3 updates for noarch

Name: SuSEfirewall2 Distribution: openSUSE Leap 42.3
Version: 3.6.312.333 Vendor: openSUSE
Release: 7.1 Build date: Mon Nov 6 21:09:42 2017
Group: Productivity/Networking/Security Build host: obs-power8-02
Size: 295792 Source RPM: SuSEfirewall2-3.6.312.333-7.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://en.opensuse.org/SuSEfirewall2
Summary: Stateful Packet Filter Using iptables and netfilter
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.

SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.

Provides

Requires

License

GPL-2.0

Changelog

* Thu Oct 19 2017 matthias.gerstner@suse.com
  - rpcinfo: fixed security issue with too open implicit portmapper rules
    (bnc#1064127, CVE-2017-15638): A source net restriction for _rpc_ services
    was not taken into account for the implicitly added rules for port 111,
    making the portmap service accessible to everyone in the affected zone.
    0003-rpcinfo-improve-implicit-portmapper-rules-logic.patch
* Fri Jul 28 2017 matthias.gerstner@suse.com
  - follow-up bugfix for bnc#946325:
    Removed bogus nfs alias units, added correct nfs-client target in
    SuSEfirewall2.service.
    The nfs alias units are false friends, because they don't fix the startup
    ordering between nfs and SuSEfirewall2.
    The missing nfs-client target could cause nfs mounts for nfs versions < 4.1
    to be unable to receive callbacks from the server, when the nfs client was
    started before the SuSEfirewall2 was started on boot.
    renamed 0002-fix-nfs-server-dependency.patch to
    0002-fix-nfs-dependencies.patch to fix both client and server issues
* Tue Jul 25 2017 matthias.gerstner@suse.com
  - correct boot order between SuSEfirewall2 and nfs-server to fix
    bnc#946325, bsc#963740. Without this fix the NFS server ports might not have
    been correctly opened after boot when both SuSEfirewall2 and nfs-server have
    been enabled in systemd.
    0002-fix-nfs-server-dependency.patch
* Mon Jul 17 2017 matthias.gerstner@suse.com
  - improve/fix consideration of sysctl values in the system (bnc#1044523).
    SuSEfirewall2 will now also check for existing configuration in sysctl.d
    style directories in some default locations. Custom directories can be
    configured via the new configuration variable FW_SYSCTL_PATHS. This is a
    follow-up to (bnc#906136).
    0001-backport-of-sysctl.d-feature-from-master-bnc-1044523.patch
* Thu May 04 2017 matthias.gerstner@suse.com
  Merged some lines from the factory spec file, to actually implement:
  - Install symlink to SuSEfirewall2 with the updated SUSE spelling
    (bsc#938727, FATE#316521)
* Tue Apr 25 2017 matthias.gerstner@suse.com
  Update to new version 3.6.312.333 from SLE12-SP3 branch:
  - implementation of feature FATE#316295: allow incremental update of rpc rules
* Thu Apr 13 2017 matthias.gerstner@suse.com
  Update to new version 3.6.312.330 from SLE12-SP3 branch:
  - Install symlink to SuSEfirewall2 with the updated SUSE spelling
    (bsc#938727, FATE#316521)
  - basic.target and SuSEfirewall2 have a loop, remove it bsc#961258
  - ignore the bootlock when incremental updates for hotplugged or virtual
    devices are coming in during boot. This prevents lockups for example when
    drbd is used with FW_BOOT_FULL_INIT. (bnc#785299)
  - support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046)
  - don't log dropped broadcast IPv6 broadcast/multicast packets by default to
    avoid cluttering the kernel log. (bnc#847193)
  - only apply FW_KERNEL_SECURITY proc settings, if not overriden by the
    administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit
    from some of the kernel security settings, while overwriting others.
  - fixed a race condition in systemd unit files that could cause the
    SuSEfirewall2_init unit to sporadically fail, because /tmp was not
    there/writable yet. (bnc#1014987)
  - cooperate with libvirtd NAT guest networking (bsc#884398)
  - refurbished the documentation in /usr/share/doc. (bnc#884037)
  - allow mdns multicast packets input in unconfigured firewall setups (no zones
    configured) to make zeroconf setups (like avahi) work out of the box for
    typical desktops connecting via DSL/WiFi router scenarios. (bnc#959707)
  - increase security when sourcing external script files by checking file
    ownership and permissions first (to avoid sourcing untrusted files owned by
    non-root or world-writable)
  - don't enable FW_LO_NOTRACK by default any more, because it breaks expected
    behaviour in some scenarios (bnc#916771)
  - fixed 'SuSEfirewall showlog' functionality to be compatible with journalctl
* Fri Aug 15 2014 meissner@suse.com
  - hosting moved to github.com/opensuse/susefirewall2
  - added a sysvinit -> systemd conversion hack (bnc#891669)
* Thu Jul 31 2014 meissner@suse.com
  - SuSEfirewall2, ACCEPT from services is a local variable, otherwise
    "ACCEPT" would be used a service name (bnc#889406 bnc#889555 bnc#887040)
* Wed Jun 11 2014 mt@suse.com
  - Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT
* Tue May 27 2014 meissner@suse.com
  - Allow incoming DHCPv6 replies, currently unlimited.
    bnc#867819,bnc#868031,bnc#783002,bnc#822959
  - typo fix customary -> custom bnc#835677
* Fri Dec 27 2013 meissner@suse.com
  - add perl-Net-DNS requires for "SuSEfirewall2 log" (bnc#856705)
* Wed Aug 21 2013 lnussel@suse.de
  - adjust service files so manual starts work better (bnc#819499)
* Mon May 06 2013 cfarrell@suse.com
  - license update: GPL-2.0
    Various GPL-2.0 (only) licensed files
* Fri May 03 2013 meissner@suse.com
  - clarify what the default is in FW_MASQ_NETS (bnc#817233)
  - removed the --rttl option in recent matches, as this could also be used by attackers (bnc#800719)
* Tue Jan 29 2013 lnussel@suse.de
  - do not add dependency information about YaST2 Second Stage (bnc#800365)
* Thu Jan 17 2013 lnussel@suse.de
  - fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834)
* Thu Dec 13 2012 lnussel@suse.de
  - move to /usr, remove init scripts
* Wed Dec 12 2012 lnussel@suse.de
  - adjust for starting via systemd service files
  - move lock files to /run
  - just CT instead of NOTRACK (bnc#793459)
* Tue Sep 11 2012 lnussel@suse.de
  - getdevinfo is gone as per commit 0c5ac93 (bnc#777271)
* Fri Jul 13 2012 lnussel@suse.de
  - honor FW_IPv6 setting also in debug mode (bnc#769411)
* Tue Jun 19 2012 lnussel@suse.de
  - fix logging in test mode
* Mon Jun 18 2012 lnussel@suse.de
  - allow icmpv6 in FW_SERVICES_*_*
* Mon Jun 18 2012 lnussel@suse.de
  - allow ICMPv6 Multicast Listener Query (bnc#767392)
* Tue May 29 2012 lnussel@suse.de
  - fix typo spotted by Frederic
* Wed Jan 18 2012 lnussel@suse.de
  - assume all interface names are correct (bnc#739084)
* Wed Dec 14 2011 lnussel@suse.de
  - fix forward masquerading (bnc#736205)
  - compat syntax for negated options no longer works (bnc#660156, bnc#731088)
  - enhance debug mode
* Mon Nov 07 2011 lnussel@suse.de
  - use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438)
* Wed Nov 02 2011 lnussel@suse.de
  - set SYSTEMD_NO_WRAP for status (bnc#727445)
* Fri Oct 14 2011 lnussel@suse.de
  - fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583)
* Tue Oct 04 2011 lnussel@suse.de
  - fix typo (bnc#721845)
  - atomic zone status writing
* Sat Sep 17 2011 jengelh@medozas.de
  - Remove redundant tags/sections from specfile
* Wed Sep 07 2011 lnussel@suse.de
  - sanitize FW_ZONE_DEFAULT (bnc#716013)
  - add warning about iptables-batch to SuSEfirewall2-custom
  - fix warning about /proc/net/ip_tables_names not readable
  - don't install input rules for interfaces in default zone
  - Add hook fw_custom_after_finished
  - update FAQ (bnc#694464)
  - clean up overrides when stopping the firewall (bnc#630961)
  - change default FW_LOG_ACCEPT_CRIT to "no"
  - allow redir without port specification
  - make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997)
  - fix zonein and zoneout parameters
  - fix reverse direction of forwarding rules (bnc#679192)
* Tue Feb 01 2011 lnussel@suse.de
  - introduce rpcusers file to allow statd to run as non-root
    (bnc#668553)
* Wed Jan 19 2011 lnussel@suse.de
  - add zonein and zoneout parameters for FW_FORWARD
  - fix typos
* Mon Jan 10 2011 lnussel@suse.de
  - don't start in runlevel 4 by default (bnc#656520)
  - cut off long zone names (bnc#644527)
  - fix and enhance output of log command (bnc#663262)
* Thu Dec 02 2010 lnussel@suse.de
  - don't unload rules when using systemd
* Tue Nov 16 2010 lnussel@suse.de
  - list some known rpc services as Should-Start
  - don't filter outgoing packets at all
  - fix an example (bnc#641907)
  - fix status check in SuSEfirewall2_init (bnc#628751)
* Mon Aug 16 2010 lnussel@suse.de
  - don't use fillup anymore as it keeps corrupting the config file
    (bnc#340926)
* Tue Jun 29 2010 lnussel@suse.de
  - remove "batch committing..." message
  - read defaults from separate file
  - warn if highports config options are set
  - finally drop 'highports' misfeature
  - remove kernel ipv6 module detection (bnc#617033)
  - silence warning about default zone (bnc#616841)
  - SuSEfirewall2-open: don't add values multiple times
  - Use multiprotocol xt_conntrack
* Mon May 31 2010 lnussel@suse.de
  - only directories in /sys/class/net are real interfaces (bnc#609810)
* Fri Mar 19 2010 lnussel@suse.de
  - add entry about drbd to FAQ
  - update docu
  - implement FW_BOOT_FULL_INIT
* Tue Feb 16 2010 lnussel@suse.de
  - use new versioning scheme after switch of repo to git
  - update and rebuild docu
  - remove really old rc.config conversion code from spec file
* Tue Sep 15 2009 lnussel@suse.de
  - fix spelling error in sysconfig file (bnc#537427)
  - polishing of log drop policy (bnc#538053)
    * drop multicast packets silently
    * separate drop rule for broadcast packets at end of chain
    * only consider NEW udp packets as critical
    * don't log INVALID packets as critical
* Fri Aug 21 2009 lnussel@suse.de
  - implement runtime override of interface zones
  - allow disabling NOTRACK rules on lo (bnc#519526)
* Fri Jul 17 2009 lnussel@suse.de
  - remove chkconfig calls (bnc#522268)
* Thu Jul 09 2009 lnussel@suse.de
  - add note about use as bridging firewall
  - allow to set FW_ZONE_DEFAULT via config file
  - deprecate fw_custom_before_antispoofing and
    fw_custom_after_antispoofing, use fw_custom_after_chain_creation
    instead
* Tue Jun 09 2009 lnussel@suse.de
  - add note that ulog doesn't work with IPv6 (bnc#442756)
  - fix version number in help text
  - allow service files to specify kernel modules and allow related packets
  - silence an error from bash if a service config file is not available (bnc#487870)
  - better wording for BROADCAST in template
  - update firewall hook script (patch by Marius)

Files

/etc/sysconfig/SuSEfirewall2
/etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE
/etc/sysconfig/network/if-up.d/SuSEfirewall2
/etc/sysconfig/network/scripts/SuSEfirewall2
/etc/sysconfig/network/scripts/firewall
/etc/sysconfig/scripts/SuSEfirewall2-batch
/etc/sysconfig/scripts/SuSEfirewall2-custom
/etc/sysconfig/scripts/SuSEfirewall2-oldbroadcast
/etc/sysconfig/scripts/SuSEfirewall2-open
/etc/sysconfig/scripts/SuSEfirewall2-qdisc
/etc/sysconfig/scripts/SuSEfirewall2-rpcinfo
/etc/sysconfig/scripts/SuSEfirewall2-showlog
/sbin/SUSEfirewall2
/sbin/SuSEfirewall2
/sbin/rcSuSEfirewall2
/usr/lib/systemd/system/SuSEfirewall2.service
/usr/lib/systemd/system/SuSEfirewall2_init.service
/usr/sbin/SUSEfirewall2
/usr/sbin/SuSEfirewall2
/usr/sbin/rcSuSEfirewall2
/usr/share/SuSEfirewall2
/usr/share/SuSEfirewall2/defaults
/usr/share/SuSEfirewall2/defaults/50-default.cfg
/usr/share/SuSEfirewall2/rpcusers
/usr/share/doc/packages/SuSEfirewall2
/usr/share/doc/packages/SuSEfirewall2/EXAMPLES
/usr/share/doc/packages/SuSEfirewall2/EXAMPLES.html
/usr/share/doc/packages/SuSEfirewall2/FAQ
/usr/share/doc/packages/SuSEfirewall2/FAQ.html
/usr/share/doc/packages/SuSEfirewall2/LICENCE
/usr/share/doc/packages/SuSEfirewall2/README
/usr/share/doc/packages/SuSEfirewall2/README.html
/usr/share/doc/packages/SuSEfirewall2/SuSEfirewall2.sysconfig
/usr/share/doc/packages/SuSEfirewall2/susebooks.css
/usr/share/susehelp
/usr/share/susehelp/meta
/usr/share/susehelp/meta/Manuals
/usr/share/susehelp/meta/Manuals/Productivity
/usr/share/susehelp/meta/Manuals/Productivity/SuSEfirewall2.desktop
/var/adm/fillup-templates/sysconfig.SuSEfirewall2


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jan 10 08:09:53 2020