proxmox-mirrors/proxmox-firewall
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-firewall synced 2025-10-04 06:58:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0a60fbd309
proxmox-firewall/debian/changelog
Thomas Lamprecht 0a60fbd309 bump version to 0.7.1 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-04-08 15:54:22 +02:00

123 lines
4.1 KiB
Plaintext
Raw Blame History

proxmox-firewall (0.7.1) bookworm; urgency=medium
* guest: do not try to create map entries if there are no devices that have
the firewall enabled
-- Proxmox Support Team <support@proxmox.com> Tue, 08 Apr 2025 15:54:01 +0200
proxmox-firewall (0.7.0) bookworm; urgency=medium
* security groups: skip in forward chain when interface is specified.
* apply `nf_conntrack_allow_invalid` to all chains on the guest table.
* apply `nf_conntrack_allow_invalid` option to host table on all chains that
check for ct state.
* partially fix #6176: correctly honor default value for enable-firewall
setting from guest config.
* firewall macros: fix macros using ICMP protocol.
* fix #6108: firewall macros: Add missing ICMPv6 statements
-- Proxmox Support Team <support@proxmox.com> Mon, 07 Apr 2025 15:08:21 +0200
proxmox-firewall (0.6.0) bookworm; urgency=medium
* ipsets: autogenerate ipsets for vnets and ipam
* sdn: add support for loading vnet-level firewall config
* sdn: create forward firewall rules
* firewall: apply `nt_conntrack_allow_invalid` option to guest table
* config: fallback to legacy path when reading PVE IPAM state
-- Proxmox Support Team <support@proxmox.com> Tue, 19 Nov 2024 16:46:26 +0100
proxmox-firewall (0.5.0) bookworm; urgency=medium
* rules: allow vital ICMP(v6) types irregardless of any other rules, which
is particularly for ICMPv6 related ones. This follows RFC 4890.
* service: flush firewall rules on force disable to avoid a race condition
where the nftables rule-set never gets flushed and persists after
disabling.
* update to newer proxmox-sys and proxmox-schema dependencies
* conntrack: arp: move handling to guest chains in order to avoid affecting
bridged host interfaces.
* guest: match arp packets via 'meta' filter type to ensure that valid ARP
packets encapsulated in VLAN frames get through, as with the 'ether' type
ARP traffic inside VLANs always gets dropped.
-- Proxmox Support Team <support@proxmox.com> Mon, 22 Jul 2024 18:05:36 +0200
proxmox-firewall (0.4.2) bookworm; urgency=medium
* rules: use proper ICMPv6 admin-prohibited type for rejecting IPv6 traffic,
host-prohibited only exist for IPv4
* guest out: fix handling ARP traffic with a default block/reject policy
* guest out: fix handling connection tracking with a default block/reject
policy
-- Proxmox Support Team <support@proxmox.com> Tue, 21 May 2024 15:43:51 +0200
proxmox-firewall (0.4.1) bookworm; urgency=medium
* check for file flag in /run signaling that this service is disabled and
skip config parsing completely in that case to avoid logging errors even
if the user cannot be affected by them
-- Proxmox Support Team <support@proxmox.com> Fri, 26 Apr 2024 17:22:01 +0200
proxmox-firewall (0.4.0) bookworm; urgency=medium
* config: macros: add SPICE-proxy macro
* config: nftables: add support for icmp-type any
* firewall: improve error handling of daemon
-- Proxmox Support Team <support@proxmox.com> Thu, 25 Apr 2024 19:29:47 +0200
proxmox-firewall (0.3.1) bookworm; urgency=medium
* fix #5410: config: fix naming scheme for aliases in firewall config, allow
underscores as long as it's not the first character.
-- Proxmox Support Team <support@proxmox.com> Wed, 24 Apr 2024 19:40:16 +0200
proxmox-firewall (0.3.0) bookworm; urgency=medium
* firewall: improve handling REJECT rules
-- Proxmox Support Team <support@proxmox.com> Tue, 23 Apr 2024 18:33:38 +0200
proxmox-firewall (0.2.1) bookworm; urgency=medium
* firewall: properly cleanup tables when firewall is inactive
-- Proxmox Support Team <support@proxmox.com> Tue, 23 Apr 2024 13:20:12 +0200
proxmox-firewall (0.2.0) bookworm; urgency=medium
* firewall: wait for nft process to avoid left-over zombie processes
* firewall: change systemd unit file to type simple and drop PID file, not
relevant here
-- Proxmox Support Team <support@proxmox.com> Fri, 19 Apr 2024 19:42:26 +0200
proxmox-firewall (0.1.0) bookworm; urgency=medium
* Initial release.
-- Proxmox Support Team <support@proxmox.com> Thu, 18 Apr 2024 21:07:32 +0200
Reference in New Issue View Git Blame Copy Permalink