Skip to content

Latest commit

 

History

History
375 lines (236 loc) · 24.6 KB

CHANGELOG.md

File metadata and controls

375 lines (236 loc) · 24.6 KB

Changelog

All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.

v5.0.0 (2023-11-03)

Full Changelog

Breaking changes:

Implemented enhancements:

Fixed bugs:

Closed issues:

  • [4.5.1] detect and filter overlapped IP's on firewalld_ipset #355
  • Upgrade compatibility to <8.0.0? #333
  • support for policy objects missing #316
  • missing support for bridges/eb-familiy #298
  • Cannot create rich rule with reject type #193

v4.5.1 (2022-08-15)

Full Changelog

v4.5.0 (2022-08-15)

Full Changelog

Implemented enhancements:

  • firewalld modules reloads firewalld excessively #61

Fixed bugs:

  • Trying to add custom service with protocols and not ports, results in an error on first run #306
  • Fixes firewalld_custom_service where only protocols are defined #307 (nmaludy)

Closed issues:

  • Support for Rocky Linux / Alma Linux ? #312
  • Possible parse errors in hiera data input #305
  • [4.3.0] Mising option to disable AllowZoneDrifting #294

Merged pull requests:

v4.4.0 (2020-11-13)

Full Changelog

Implemented enhancements:

  • Add parameter to set 'AllowZoneDrifting' #301 (jcpunk)

Fixed bugs:

  • Regression in version 4.3.0 firewalld_custom_service.rb with port range in hash #292

Merged pull requests:

  • Adjust for puppet-lint #300 (jcpunk)
  • modulesync 3.1.0 & puppet-lint updates #297 (bastelfreak)
  • Update firewalld custom service to translate port ranges with a colon… #293 (csschwe)
  • Allow the use of dots in the name of an ipset #290 (wiebe)

v4.3.0 (2020-04-25)

Full Changelog

The highlight of this release is a new native puppet type firewalld_custom_service that can be used instead of the defined type firewalld::custom_service.

firewalld::custom_service is deprecated and will be removed in a future release. Please migrate to using its replacement.

Implemented enhancements:

Fixed bugs:

  • The firewalld module has loop issues when chaining dependent class resources #275
  • Fix firewalld_custom_service port validation #284 (alexjfisher)

Merged pull requests:

v4.2.4 (2020-03-13)

Full Changelog

Fixed bugs:

v4.2.3 (2020-03-09)

Full Changelog

Fixed bugs:

Closed issues:

  • firewalld::custom_service creates files with invalid names #265
  • The firewalld_version fact is incorrect when firewalld is not running #263

Merged pull requests:

v4.2.2 (2020-02-16)

Full Changelog

Merged pull requests:

v4.2.1 (2020-02-16)

Full Changelog

Implemented enhancements:

Closed issues:

  • Replace %i syntax to support older ruby/jruby #250
  • Firewalld needs to support EL8 #246

Merged pull requests:

  • check for running firewalld in custom_service::reload #253 (domfi)
  • (#250) Replace newer ruby %i syntax with older supported syntax #251 (typerlc)

v4.1.1 (2019-11-01)

Full Changelog

Fixed bugs:

  • Reoccurring firewall-cmd command execution #240

Merged pull requests:

v4.1.0 (2019-10-22)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • README has invalid 'family' => 'ipv6' example for firewalld_ipset options. #231
  • All native firewalld providers are attempting to access the firewall on the compiler #225
  • The native types should all autorequire the firewalld service #224
  • Adding a 'firewalld_direct_purge' resource to the catalog hangs rspec-puppet #205

Merged pull requests:

  • Update README with correct ipset ipv6 example #233 (Phurion)

v4.0.0 (2019-10-14)

Full Changelog

This is the first release since the module was migrated to the Vox Pupuli puppet namespace.

In this release, Puppet 6 is officially supported and support for Puppet 4 has been dropped.

Breaking changes:

Implemented enhancements:

  • Support ruby 1.9 (Puppetserver 5 JRuby 1.7) #207 (alexjfisher)
  • Add validation for rich rule action #174 (jfroche)
  • Replace deprecated validate_ functions in firewalld::custom_service with data types #172 (jfroche)
  • Add new properties to firewalld_ipset type and improve logging of changes #170 (jfroche)
  • Add description and short option for firewalld zone #169 (jfroche)
  • Add firewalld config options #168 (jfroche)

Fixed bugs:

Closed issues:

  • The module has a SERVER-94 loading issue #226
  • Puppet-firewalld uses deprecated stdlib's functions #203
  • Raise maxelem in ipset #201
  • Test against more recent versions of stdlib #191
  • puppet fails with unknown type of string error #185
  • firewalld_rich_rule issue #180
  • Creating Rich Rules with IPSets fails #165
  • multi level hiera only uses top set of rich_rules #161
  • Warning: This method is deprecated from manifests/custom_service.pp #160

Merged pull requests:

3.4.0 (2017-09-21)

  • Feature: Added $log_denied parameter for configuring the logging of dropped packets using the --set-log-denied feature (firewalld 0.4.3.2-8) (voxpupuli#153)

3.3.2 (2017-08-04)

  • Bugfix: Corrected issue with setting default zones on Debian systems running dash instead of bash (voxpupuli#144)
  • Bugfix: Various typos in error messages fixed (voxpupuli#145)
  • Bugfix: Fixed issue with firewalld_zone provider in later versions of firewalld where the command stops returning a zones sources in alphanumeric order causing issues for Puppet to determine if the resource attribute is in sync (voxpupuli#144)
  • Bugfix: Fixed issue where firewalld_zone did not add icmp_block entires on creation, requiring another Puppet run (voxpupuli#139)

3.3.1 (2017-04-26)

  • Bugfix: Dependency fix for adding a default zone in the same puppet run as creating the zone. This solves the issue of firewalld failing to set the default zone because firewalld hasn't reloaded yet and it can't see the zone as active. (voxpupuli#135)

3.3.0 (2017-03-30)

  • Feature: added the firewalld_ipset type to manage IPsets (voxpupuli#108)
  • Feature: added masquerade attribute to firewalld_zone to manage masquerading on zones (voxpupuli#129)
  • Feature: added ipset option to rich rules source option
  • Various documentation bugfixes

3.2.1 (2017-03-05)

  • Bugfix: Fix for when custom_service ports are defined as integers, (voxpupuli#122)
  • Documentation fixes

3.2.0 (2017-02-28)

  • Feature: allow for port ranges to be defined with custom_service declarations (voxpupuli#107)
  • Feature: added default_zone to the firewalld base class to allow for a default zone to be defined (voxpupuli#118)
  • Bugfix: Fix to firewalld_rich_rule types when firewalld is in a down state (voxpupuli#112)
  • Bugfix: Better service availability checking when purging rules (voxpupuli#101)
  • Bugfix: Handle later versions of firewalld where the target is returned as REJECT instead of %%REJECT%% - this is a backwards compatible fix (voxpupuli#111)
  • Numerous documentation typo fixes

3.1.8 (2016-11-17)

  • Bugfix: Change how types and providers reference other providers by referencing the Puppet::Type API rather than trying to load them with require. This addresses some intermitent problems with Puppets autoloading and registering of types that caused exceptions in Puppet 4.5.0+ in some circumstances, depending on the ordering of the manifest evaluation. See voxpupuli#93 and https://tickets.puppetlabs.com/browse/PUP-6922
  • Documentation fixes (#100)

3.1.7 (2016-11-09)

  • Bugfix: This release addresses an issue configuring firewalld on a system where the package is not yet installed. The logic used to determine the state of the firewall is run before the package provider can install the package causing catalog application to fail. Fixed voxpupuli#96

3.1.6 (2016-11-01)

  • Bugfix: #94. puppet types generate failed with the following error
Error: /etc/puppetlabs/code/environments/production/modules/firewalld/lib/puppet/type/firewalld_direct_chain.rb: title patterns that use procs are not supported.

Since procs are not actually needed in this title pattern they have been removed to stop this error.

3.1.5 (2016-10-12)

  • Bugfix: #90 - firewalld_service fails to remove services in offline mode. see voxpupuli#90
  • Internal: Provider tests for the state of firewalld on initiation to decide which command to use (firewall-cmd or firewall-offline-cmd) rather than relying on catching an exception in execute_firewall()

3.1.4 (2016-08-24)

  • Bugfix: --get-icmptypes running against --zone when it is a global option. voxpupuli#86

3.1.3 (2016-08-23)

  • Bugfix (CRITICAL) : Purging not respecting --noop mode. voxpupuli#84
  • Bugfix : firewalld_direct_zones with single quotes in the arguments causes a misconfigured XML file. voxpupuli#83

3.1.2 (2016-08-17)

  • Bugfix: use relative file location for requiring lib/puppet/type/firewalld_direct_*, voxpupuli#80

3.1.1 (2016-08-16)

  • Bugfix: use relative file location for requiring lib/puppet/provider/firewalld, this addresses voxpupuli#78

3.1.0 (2016-08-15)

  • Feature: firewalld::custom_service now accepts a filename parameter, defaults to the value of short for backwards compatibility. Note that this change will be short lived and replaced by a name pattern in 4.0.0. See issue voxpupuli#75
  • Multiple fixes to purging of firewalld resources, if enabled, running configuration will always be purged by a firewall restart if there are any resources found to be purgable. This addresses voxpupuli#26
  • Bugfix: 2 Puppet runs required to create a custom service and attach to a zone, fixed. See voxpupuli#27
  • Bugfix: Added resource chains (as in 2.x) to set relationships between service, resources and the exec to reload firewall, this fixes an issue where resources declared in Puppet (eg: from the profile) do not automatically get their dependencies set. See voxpupuli#38

3.0.2 (2016-08-12)

  • Bugfix release
  • Fixed issue #68, direct_rules and passthroughs badly configured

3.0.1 (2016-08-09)

  • Puppet forge metadata changes, no functional changes.

3.0.0 (2016-08-09)

  • BREAK: Puppet manifests now written for the new parser, must use Puppet 4 or 3.x + Future parser
  • custom_services now configurable in hiera
  • BREAK: #58 Reloads by default now use --reload, not --complete-reload (separate resource provided for that)
  • Bugfix #64 : invert => true for source and destinations on rich rules fixed.
  • New types and providers for direct chains, rules and passthroughs
  • Provider will attempt to call firewall-offline-cmd if an exception is raised suggesting the service is down (see #46)
  • Overhaul of internals for the providers
  • Many more tests added

2.2.0 (2016-04-04)

  • #43 firewall-config package is not installed by default, can be enabled with the install_gui param
  • #33 Protocol element now managed by firewalld_rich_rile
  • #13 ELEMENTS constant changed to a method to stop ruby warnings

2.0.0 (2015-11-18)

  • Fix: #25 - purge_ports for firewalld_zone now works as expected
  • BREAK: port parameter for firewalld_port now only accepts a port, not a hash as previously documented.

* This Changelog was automatically generated by github_changelog_generator