rpms/system-config-firewall/F-8 system-config-firewall-1.0.12-masquerade.patch, NONE, 1.1 system-config-firewall-1.0.12-old_config.patch, NONE, 1.1 system-config-firewall-1.0.12-other_ports.patch, NONE, 1.1 system-config-firewall-1.0.12-port_range.patch, NONE, 1.1 system-config-firewall-1.0.12-print_usage.patch, NONE, 1.1 system-config-firewall-1.0.12-set_interface.patch, NONE, 1.1 system-config-firewall-1.0.12-try_scn.patch, NONE, 1.1 system-config-firewall.spec, 1.17, 1.18
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Thu Jan 31 17:09:25 UTC 2008
Author: twoerner
Update of /cvs/pkgs/rpms/system-config-firewall/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20105
Modified Files:
system-config-firewall.spec
Added Files:
system-config-firewall-1.0.12-masquerade.patch
system-config-firewall-1.0.12-old_config.patch
system-config-firewall-1.0.12-other_ports.patch
system-config-firewall-1.0.12-port_range.patch
system-config-firewall-1.0.12-print_usage.patch
system-config-firewall-1.0.12-set_interface.patch
system-config-firewall-1.0.12-try_scn.patch
Log Message:
- fixed masquerading (rhbz#246720)
- fixed display of other ports in tui (rhbz#426817)
- lokkit: do not load current configuration in force mode
- fixed port and port range checks
- do not print full help in case of parse error
- gui: make dependand interfaces insensitive for current configuratton
- ignore tracebacks in of s-c-network code
system-config-firewall-1.0.12-masquerade.patch:
--- NEW FILE system-config-firewall-1.0.12-masquerade.patch ---
diff -up system-config-firewall-1.0.12/src/fw_iptables.py.masquerade system-config-firewall-1.0.12/src/fw_iptables.py
--- system-config-firewall-1.0.12/src/fw_iptables.py.masquerade 2008-01-31 17:18:57.000000000 +0100
+++ system-config-firewall-1.0.12/src/fw_iptables.py 2008-01-31 17:24:14.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <twoerner at redhat.com>
#
@@ -22,7 +22,7 @@ import tempfile
import shutil
import types
-from fw_config import CHAIN_NAME, MARK_OF_THE_MASQ
+from fw_config import CHAIN_NAME, _
from fw_functions import *
##############################################################################
@@ -189,22 +189,16 @@ class iptablesClass:
fd.write("# Manual customization of this file is not recommended.\n")
# mangle table
- if (conf.masq and len(conf.masq) > 0) or len(custom_mangle) > 0:
+ if len(custom_mangle) > 0:
fd.write("*mangle\n")
fd.write(":PREROUTING ACCEPT [0:0]\n")
fd.write(":INPUT ACCEPT [0:0]\n")
fd.write(":FORWARD ACCEPT [0:0]\n")
fd.write(":OUTPUT ACCEPT [0:0]\n")
fd.write(":POSTROUTING ACCEPT [0:0]\n")
- # masuerading devices
- if (conf.masq and len(conf.masq) > 0):
- for dev in conf.masq:
- fd.write("-A PREROUTING -i %s -j MARK --set-mark 0x%X\n" % \
- (dev, MARK_OF_THE_MASQ))
# add custom mangle rules
- if len(custom_mangle) > 0:
- for _filename in custom_mangle:
- catFile(fd, _filename)
+ for _filename in custom_mangle:
+ catFile(fd, _filename)
fd.write("COMMIT\n")
# nat table
@@ -214,9 +208,9 @@ class iptablesClass:
fd.write(":OUTPUT ACCEPT [0:0]\n")
fd.write(":POSTROUTING ACCEPT [0:0]\n")
# masquerade
- if (conf.masq and len(conf.masq) > 0):
- fd.write("-A POSTROUTING -m mark --mark 0x%X "
- "-j MASQUERADE\n" % MARK_OF_THE_MASQ)
+ if conf.masq:
+ for dev in conf.masq:
+ fd.write("-A POSTROUTING -o %s -j MASQUERADE\n" % dev)
# add custom nat rules
if len(custom_nat) > 0:
for _filename in custom_nat:
@@ -269,6 +263,25 @@ class iptablesClass:
fd.write("-A %s -m state --state NEW -m %s -p %s --dport %s "
"-j ACCEPT\n" % (CHAIN_NAME, proto, proto, dports))
+ # FORWARD
+ if (conf.trust and len(conf.trust) > 0) or \
+ (conf.masq and len(conf.masq) > 0):
+ # allow ICMP
+ fd.write("-A FORWARD -p icmp --icmp-type any -j ACCEPT\n")
+ # accept lo
+ fd.write("-A FORWARD -i lo -j ACCEPT\n")
+ # trusted interfaces
+ if conf.trust:
+ for dev in conf.trust:
+ fd.write("-A FORWARD -i %s -j ACCEPT\n" % dev)
+ # allow to output to masqueraded interfaces (IPv4 only)
+ if conf.masq:
+ for dev in conf.masq:
+ fd.write("-A FORWARD -o %s -j ACCEPT\n" % dev)
+ # accept established and related connections
+ fd.write("-A FORWARD -m state --state ESTABLISHED,RELATED "
+ "-j ACCEPT\n")
+
# add custom filter rules
if len(custom_filter) > 0:
for _filename in custom_filter:
@@ -341,8 +354,6 @@ class ip6tablesClass(iptablesClass):
fd.write("# Manual customization of this file is not recommended.\n")
# mangle table
-# no support for masquerading for netfilterv6 for now
-# if (conf.masq and len(conf.masq) > 0) or len(custom_mangle) > 0:
if len(custom_mangle) > 0:
fd.write("*mangle\n")
fd.write(":PREROUTING ACCEPT [0:0]\n")
@@ -350,16 +361,9 @@ class ip6tablesClass(iptablesClass):
fd.write(":FORWARD ACCEPT [0:0]\n")
fd.write(":OUTPUT ACCEPT [0:0]\n")
fd.write(":POSTROUTING ACCEPT [0:0]\n")
-# no support for masquerading for netfilterv6 for now
-# # masuerading devices
-# if (conf.masq and len(conf.masq) > 0):
-# for dev in conf.masq:
-# fd.write("-A PREROUTING -i %s -j MARK --set-mark 0x%X\n" % \
-# (dev, MARK_OF_THE_MASQ))
# add custom mangle rules
- if len(custom_mangle) > 0:
- for _filename in custom_mangle:
- catFile(fd, _filename)
+ for _filename in custom_mangle:
+ catFile(fd, _filename)
fd.write("COMMIT\n")
# no support for nat for netfilterv6 for now
@@ -370,9 +374,9 @@ class ip6tablesClass(iptablesClass):
# fd.write(":OUTPUT ACCEPT [0:0]\n")
# fd.write(":POSTROUTING ACCEPT [0:0]\n")
# # masquerade
-# if (conf.masq and len(conf.masq) > 0):
-# fd.write("-A POSTROUTING -m mark --mark 0x%X "
-# "-j MASQUERADE\n" % MARK_OF_THE_MASQ)
+# if conf.masq:
+# for dev in conf.masq:
+# fd.write("-A POSTROUTING -o %s -j MASQUERADE\n" % dev)
# # add custom nat rules
# if len(custom_nat) > 0:
# for _filename in custom_nat:
@@ -398,8 +402,6 @@ class ip6tablesClass(iptablesClass):
# allow IPsec traffic (matches Lokkit 0.50 behavior)
if not conf.no_ipsec:
-# fd.write("-A %s -p 50 -j ACCEPT\n" % CHAIN_NAME)
-# fd.write("-A %s -p 51 -j ACCEPT\n" % CHAIN_NAME)
# use ipv6header match
fd.write("-A %s -m ipv6header --header 50 -j ACCEPT\n" % CHAIN_NAME)
fd.write("-A %s -m ipv6header --header 51 -j ACCEPT\n" % CHAIN_NAME)
@@ -418,13 +420,6 @@ class ip6tablesClass(iptablesClass):
fd.write("-A %s -m state --state ESTABLISHED,RELATED -j ACCEPT\n" % \
CHAIN_NAME)
-# use state module - this method is not secure
-# # Allow outgoing connections
-# fd.write("-A %s -p udp -m udp --dport 32768:61000 -j ACCEPT\n" % \
-# CHAIN_NAME)
-# fd.write("-A %s -p tcp -m tcp --dport 32768:61000 -j ACCEPT\n" % \
-# CHAIN_NAME)
-
# open ports for new connections
if conf.ports and len(conf.ports) > 0:
for (ports, proto) in conf.ports:
@@ -435,6 +430,28 @@ class ip6tablesClass(iptablesClass):
fd.write("-A %s -m state --state NEW -m %s -p %s --dport %s "
"-j ACCEPT\n" % (CHAIN_NAME, proto, proto, dports))
+ # FORWARD
+ if conf.trust and len(conf.trust) > 0:
+# no support for nat for netfilterv6 for now
+# if (conf.trust and len(conf.trust) > 0) or \
+# (conf.masq and len(conf.masq) > 0):
+ # allow ICMP
+ fd.write("-A FORWARD -p ipv6-icmp -j ACCEPT\n")
+ # accept lo
+ fd.write("-A FORWARD -i lo -j ACCEPT\n")
+ # trusted interfaces
+ if conf.trust:
+ for dev in conf.trust:
+ fd.write("-A FORWARD -i %s -j ACCEPT\n" % dev)
+# no support for nat for netfilterv6 for now
+# # allow to output to masqueraded interfaces (IPv4 only)
+# if conf.masq:
+# for dev in conf.masq:
+# fd.write("-A FORWARD -o %s -j ACCEPT\n" % dev)
+ # accept established and related connections
+ fd.write("-A FORWARD -m state --state ESTABLISHED,RELATED "
+ "-j ACCEPT\n")
+
# add custom filter rules
if len(custom_filter) > 0:
for _filename in custom_filter:
diff -up system-config-firewall-1.0.12/src/fw_config.py.masquerade system-config-firewall-1.0.12/src/fw_config.py
--- system-config-firewall-1.0.12/src/fw_config.py.masquerade 2007-12-13 13:32:27.000000000 +0100
+++ system-config-firewall-1.0.12/src/fw_config.py 2008-01-31 17:20:02.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <twoerner at redhat.com>
#
@@ -20,7 +20,7 @@
APP_NAME = 'system-config-firewall'
DATADIR = '/usr/share/' + APP_NAME
GLADE_NAME = APP_NAME + '.glade'
-COPYRIGHT = '(C) 2007 Red Hat, Inc.'
+COPYRIGHT = '(C) 2007,2008 Red Hat, Inc.'
VERSION = '1.0.12'
AUTHORS = [
"Thomas Woerner <twoerner at redhat.com>",
@@ -43,7 +43,6 @@ OLD_SE_CONFIG = '/etc/sysconfig/selinux'
SYSCTL_CONFIG = '/etc/sysctl.conf'
CHAIN_NAME = "RH-Firewall-1-INPUT"
-MARK_OF_THE_MASQ = 0x9
STD_DEVICES = [ "eth", "ppp", "isdn", "ippp", "tun" ]
FIREWALL_TYPES = [ "ipv4", "ipv6" ]
system-config-firewall-1.0.12-old_config.patch:
--- NEW FILE system-config-firewall-1.0.12-old_config.patch ---
diff -up system-config-firewall-1.0.12/src/lokkit.old_config system-config-firewall-1.0.12/src/lokkit
--- system-config-firewall-1.0.12/src/lokkit.old_config 2007-11-05 17:43:22.000000000 +0100
+++ system-config-firewall-1.0.12/src/lokkit 2008-01-31 17:25:48.000000000 +0100
@@ -1,6 +1,6 @@
#!/usr/bin/python
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <twoerner at redhat.com>
#
@@ -38,19 +38,6 @@ if os.geteuid() != 0:
print _("\nERROR - You must be root to run lokkit.");
sys.exit(1)
-### load original configuration ###
-
-# initialize old_config
-old_config = parseArgs([ ])
-
-# parse /etc/sysconfig/system-config-firewall or
-# /etc/sysconfig/system-config-securitylevel
-old_config = read_sysconfig_config(old_config)
-
-# parse selinux config
-selinux_args = fw_selinux.read() or [ ]
-old_config = parseSELinuxArgs(selinux_args, options=old_config)
-
### parse command line arguments ###
config = parseArgs()
@@ -59,9 +46,23 @@ config = parseArgs()
if config.update:
config.force = False
+old_config = None
# force mode: ignore old configuration
# else: use old configuration and command line arguments
if not config.force:
+ ### load original configuration ###
+
+ # initialize old_config
+ old_config = parseArgs([ ])
+
+ # parse /etc/sysconfig/system-config-firewall or
+ # /etc/sysconfig/system-config-securitylevel
+ old_config = read_sysconfig_config(old_config)
+
+ # parse selinux config
+ selinux_args = fw_selinux.read() or [ ]
+ old_config = parseSELinuxArgs(selinux_args, options=old_config)
+
config = parseArgs(options=copyValues(old_config))
if config.update:
@@ -195,13 +196,14 @@ if config.masq and len(config.masq) > 0:
# selinux
se_status = 0
if config.selinux or config.selinuxtype:
- if not config.selinux:
- config.selinux = old_config.selinux
+ if old_config:
+ if not config.selinux:
+ config.selinux = old_config.selinux
+ if not config.selinuxtype:
+ config.selinuxtype = old_config.selinuxtype
if not config.selinux:
config.selinux = DEFAULT_SELINUX_MODE
if not config.selinuxtype:
- config.selinuxtype = old_config.selinuxtype
- if not config.selinuxtype:
config.selinuxtype = DEFAULT_SELINUX_TYPE
if config.selinux != old_config.selinux or \
system-config-firewall-1.0.12-other_ports.patch:
--- NEW FILE system-config-firewall-1.0.12-other_ports.patch ---
diff -up system-config-firewall-1.0.12/src/fw_tui.py.other_ports system-config-firewall-1.0.12/src/fw_tui.py
--- system-config-firewall-1.0.12/src/fw_tui.py.other_ports 2008-01-31 17:37:15.000000000 +0100
+++ system-config-firewall-1.0.12/src/fw_tui.py 2008-01-31 17:38:55.000000000 +0100
@@ -34,10 +34,10 @@ class ui:
other_ports = [ ]
for entry in _other_ports:
if len(entry[0]) > 1:
- other_ports.append("%s-%s/%s" % (entry[0][0], entry[0][1],
+ other_ports.append("%s-%s:%s" % (entry[0][0], entry[0][1],
entry[1]))
else:
- other_ports.append("%s/%s" % (entry[0][0], entry[1]))
+ other_ports.append("%s:%s" % (entry[0][0], entry[1]))
custom_rules = [ ]
if config.custom_rules:
system-config-firewall-1.0.12-port_range.patch:
--- NEW FILE system-config-firewall-1.0.12-port_range.patch ---
diff -up system-config-firewall-1.0.12/src/fw_functions.py.port_range system-config-firewall-1.0.12/src/fw_functions.py
--- system-config-firewall-1.0.12/src/fw_functions.py.port_range 2007-08-17 17:24:58.000000000 +0200
+++ system-config-firewall-1.0.12/src/fw_functions.py 2008-01-31 17:20:42.000000000 +0100
@@ -17,28 +17,32 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import socket
+import socket, types
def getPortID(port):
- try:
- id = int(port)
- except:
+ if isinstance(port, types.IntType):
+ id = port
+ else:
+ if port:
+ port = port.strip()
try:
- id = socket.getservbyname(port)
+ id = int(port)
except:
- return -1
+ try:
+ id = socket.getservbyname(port)
+ except:
+ return -1
if id > 65535:
return -1
return id
def getPortRange(ports):
- try:
- id = int(ports)
- except:
- pass
- else:
- return (id,)
-
+ if isinstance(ports, types.IntType):
+ id = getPortID(ports)
+ if id >= 0:
+ return (id,)
+ return -1
+
splits = ports.split("-")
matched = [ ]
for i in xrange(len(splits), 0, -1):
@@ -47,10 +51,12 @@ def getPortRange(ports):
if len(port2) > 0:
id2 = getPortID(port2)
if id1 >= 0 and id2 >= 0:
- if id1 <= id2:
+ if id1 < id2:
matched.append((id1, id2))
- else:
+ elif id1 > id2:
matched.append((id2, id1))
+ else:
+ matched.append((id1, ))
else:
if id1 >= 0:
matched.append((id1,))
system-config-firewall-1.0.12-print_usage.patch:
--- NEW FILE system-config-firewall-1.0.12-print_usage.patch ---
diff -up system-config-firewall-1.0.12/src/fw_parser.py.print_usage system-config-firewall-1.0.12/src/fw_parser.py
--- system-config-firewall-1.0.12/src/fw_parser.py.print_usage 2007-12-13 13:32:27.000000000 +0100
+++ system-config-firewall-1.0.12/src/fw_parser.py 2008-01-31 17:24:38.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <twoerner at redhat.com>
#
@@ -18,7 +18,8 @@
#
from copy import copy
-from optparse import Option, OptionValueError, OptionParser, Values
+from optparse import Option, OptionValueError, OptionParser, Values, \
+ BadOptionError
import socket
from fw_config import FIREWALL_TYPES, FIREWALL_TABLES
from fw_functions import getPortID, getPortRange, getServiceName
@@ -173,11 +174,15 @@ class _OptionParser(OptionParser):
encoding = self._get_encoding(file)
str = str.encode(encoding, "replace")
file.write(str)
+ def print_usage(self, file=None):
+ pass
+ def _match_long_opt(self, opt):
+ if self._long_opt.has_key(opt):
+ return opt
+ raise BadOptionError(opt)
def _gen_parser():
parser = _OptionParser(add_help_option=False, option_class=_Option)
- # always print full usage message
- parser.print_usage = parser.print_help
return parser
def parseSysconfigArgs(args, options=None):
system-config-firewall-1.0.12-set_interface.patch:
--- NEW FILE system-config-firewall-1.0.12-set_interface.patch ---
diff -up system-config-firewall-1.0.12/src/fw_gui.py.set_interface system-config-firewall-1.0.12/src/fw_gui.py
--- system-config-firewall-1.0.12/src/fw_gui.py.set_interface 2007-12-10 18:38:41.000000000 +0100
+++ system-config-firewall-1.0.12/src/fw_gui.py 2008-01-31 17:22:52.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2002, 2003, 2004, 2007 Red Hat, Inc.
+# Copyright (C) 2002, 2003, 2004, 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <twoerner at redhat.com>
# Chris Lumens <clumens at redhat.com>
@@ -700,17 +700,19 @@ class ui:
return None
- def _setInterfaces(self, store, iter, list):
+ def _setInterfaces(self, store, iter, list, enabled, save, sensitive):
while iter:
dev = store.get_value(iter, 1)
if dev in list:
list.remove(dev)
- store.set_value(iter, 0, True)
- store.set_value(iter, 3, True)
- self.setModified()
+ path = store.get_path(iter)
+ self.view_toggle_cb(None, path, store, enabled, save, sensitive)
+ self.view_sensitive_children_cb(None, path, store, enabled,
+ save, sensitive)
iter2 = store.iter_nth_child(iter, 0)
if iter2:
- self._setInterfaces(store, iter2, list)
+ self._setInterfaces(store, iter2, list, enabled, save,
+ sensitive)
iter = store.iter_next(iter)
def _addDevice(self, store, device, description, enabled):
@@ -769,7 +771,8 @@ class ui:
devices.extend(config.trust)
# configure trusted interfaces
self._setInterfaces(self.interfaceStore,
- self.interfaceStore.get_iter_first(), devices)
+ self.interfaceStore.get_iter_first(), devices,
+ 0, 3, 4)
# add remaining devices
for device in devices:
self._addDevice(self.interfaceStore, device,
@@ -783,7 +786,8 @@ class ui:
masq.extend(config.masq)
# configure masquerading interfaces
self._setInterfaces(self.masqueradeStore,
- self.masqueradeStore.get_iter_first(), masq)
+ self.masqueradeStore.get_iter_first(), masq,
+ 0, 3, 4)
# add remaining devices
for device in masq:
self._addDevice(self.masqueradeStore, device,
system-config-firewall-1.0.12-try_scn.patch:
--- NEW FILE system-config-firewall-1.0.12-try_scn.patch ---
diff -up system-config-firewall-1.0.12/src/fw_gui.py.try_scn system-config-firewall-1.0.12/src/fw_gui.py
--- system-config-firewall-1.0.12/src/fw_gui.py.try_scn 2008-01-31 17:35:58.000000000 +0100
+++ system-config-firewall-1.0.12/src/fw_gui.py 2008-01-31 17:36:30.000000000 +0100
@@ -1152,7 +1152,10 @@ class ui:
self._addDevice(self.masqueradeStore, devplus, desc, False)
devices = { }
- devlist = NCDeviceList.getDeviceList()
+ try:
+ devlist = NCDeviceList.getDeviceList()
+ except:
+ devlist = [ ]
for device in devlist:
if device.Alias and device.Alias != "":
# ignore device aliases: not usable for iptables
diff -up system-config-firewall-1.0.12/src/fw_tui.py.try_scn system-config-firewall-1.0.12/src/fw_tui.py
--- system-config-firewall-1.0.12/src/fw_tui.py.try_scn 2007-10-01 15:37:27.000000000 +0200
+++ system-config-firewall-1.0.12/src/fw_tui.py 2008-01-31 17:35:58.000000000 +0100
@@ -1,5 +1,5 @@
#
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007, 2008 Red Hat, Inc.
# Authors:
# Thomas Woerner <twoerner at redhat.com>
#
@@ -112,12 +112,15 @@ class ui:
devices = [ ]
for dev in STD_DEVICES:
devices.append(dev+"+")
- for dev in NCDeviceList.getDeviceList():
- if dev.Alias and dev.Alias != "":
- # ignore device aliases: not usable for iptables
- continue
- if not dev.Device in devices:
- devices.append(dev.Device)
+ try:
+ for dev in NCDeviceList.getDeviceList():
+ if dev.Alias and dev.Alias != "":
+ # ignore device aliases: not usable for iptables
+ continue
+ if not dev.Device in devices:
+ devices.append(dev.Device)
+ except:
+ pass
devices.sort()
matched = [ ]
for dev in devices:
@@ -210,7 +213,6 @@ class ui:
# other ports
ports = self.other_ports.value()
- print ports
if ports and ports != "":
for entry in ports.split(" "):
val = entry.strip().split(":")
Index: system-config-firewall.spec
===================================================================
RCS file: /cvs/pkgs/rpms/system-config-firewall/F-8/system-config-firewall.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- system-config-firewall.spec 17 Dec 2007 18:32:49 -0000 1.17
+++ system-config-firewall.spec 31 Jan 2008 17:08:47 -0000 1.18
@@ -1,7 +1,7 @@
Summary: A graphical interface for basic firewall setup
Name: system-config-firewall
Version: 1.0.12
-Release: 3.1%{?dist}
+Release: 4%{?dist}
URL: http://fedora.redhat.com/projects/config-tools/
License: GPLv2+
ExclusiveOS: Linux
@@ -11,6 +11,13 @@
Source0: %{name}-%{version}.tar.bz2
Patch0: system-config-firewall-1.0.12-icon.patch
Patch1: system-config-firewall-1.0.12-0600.patch
+Patch2: system-config-firewall-1.0.12-masquerade.patch
+Patch3: system-config-firewall-1.0.12-old_config.patch
+Patch4: system-config-firewall-1.0.12-port_range.patch
+Patch5: system-config-firewall-1.0.12-print_usage.patch
+Patch6: system-config-firewall-1.0.12-set_interface.patch
+Patch7: system-config-firewall-1.0.12-try_scn.patch
+Patch8: system-config-firewall-1.0.12-other_ports.patch
BuildRequires: desktop-file-utils
BuildRequires: gettext
BuildRequires: intltool
@@ -49,6 +56,13 @@
%setup -q
%patch0 -p1 -b .icon
%patch1 -p1 -b .0600
+%patch2 -p1 -b .masquerade
+%patch3 -p1 -b .old_config
+%patch4 -p1 -b .port_range
+%patch5 -p1 -b .print_usage
+%patch6 -p1 -b .set_interface
+%patch7 -p1 -b .try_scn
+%patch8 -p1 -b .other_ports
%install
rm -rf %{buildroot}
@@ -123,6 +137,15 @@
%ghost %config(missingok,noreplace) /etc/sysconfig/system-config-securitylevel
%changelog
+* Thu Jan 31 2008 Thomas Woerner <twoerner at redhat.com> 1.0.12-4
+- fixed masquerading (rhbz#246720)
+- fixed display of other ports in tui (rhbz#426817)
+- lokkit: do not load current configuration in force mode
+- fixed port and port range checks
+- do not print full help in case of parse error
+- gui: make dependand interfaces insensitive for current configuratton
+- ignore tracebacks in of s-c-network code
+
* Mon Dec 17 2007 Thomas Woerner <twoerner at redhat.com> 1.0.12-3.1
- do not use copymode
More information about the fedora-extras-commits
mailing list