Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2018-03-26 12:17:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-firewall" Mon Mar 26 12:17:11 2018 rev:64 rq:590680 version:4.0.21 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2018-03-14 19:34:21.887160878 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes 2018-03-26 12:17:17.188239564 +0200 @@ -1,0 +2,17 @@ +Fri Mar 23 11:38:40 UTC 2018 - knut.anderssen@suse.com + +- AutoYaST SuSEFirewall2 Importer: Removed FW_LOG_ACCEPT_CRIT tag + from the list of supported options as firewalld only log dropped + packages and for accepted ones rich rules should be used instead + (bsc#1086655) +- 4.0.21 + +------------------------------------------------------------------- +Wed Mar 21 23:42:21 UTC 2018 - knut.anderssen@suse.com + +- More fixes to the firewall AY schema (bsc#1013047) + - Added zone 'sources' element to the AutoYaST schema file. + - Permitted the use of 'listentry' element in list entries. +- 4.0.20 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.0.19.tar.bz2 New: ---- yast2-firewall-4.0.21.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.q4ypbm/_old 2018-03-26 12:17:18.220202561 +0200 +++ /var/tmp/diff_new_pack.q4ypbm/_new 2018-03-26 12:17:18.228202274 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.0.19 +Version: 4.0.21 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-firewall-4.0.19.tar.bz2 -> yast2-firewall-4.0.21.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.19/package/yast2-firewall.changes new/yast2-firewall-4.0.21/package/yast2-firewall.changes --- old/yast2-firewall-4.0.19/package/yast2-firewall.changes 2018-03-13 09:46:03.000000000 +0100 +++ new/yast2-firewall-4.0.21/package/yast2-firewall.changes 2018-03-23 13:57:49.000000000 +0100 @@ -1,4 +1,21 @@ ------------------------------------------------------------------- +Fri Mar 23 11:38:40 UTC 2018 - knut.anderssen@suse.com + +- AutoYaST SuSEFirewall2 Importer: Removed FW_LOG_ACCEPT_CRIT tag + from the list of supported options as firewalld only log dropped + packages and for accepted ones rich rules should be used instead + (bsc#1086655) +- 4.0.21 + +------------------------------------------------------------------- +Wed Mar 21 23:42:21 UTC 2018 - knut.anderssen@suse.com + +- More fixes to the firewall AY schema (bsc#1013047) + - Added zone 'sources' element to the AutoYaST schema file. + - Permitted the use of 'listentry' element in list entries. +- 4.0.20 + +------------------------------------------------------------------- Tue Mar 13 07:24:55 UTC 2018 - knut.anderssen@suse.com - Some fixes to the firewall AY schema (bsc#1013047) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.19/package/yast2-firewall.spec new/yast2-firewall-4.0.21/package/yast2-firewall.spec --- old/yast2-firewall-4.0.19/package/yast2-firewall.spec 2018-03-13 09:46:03.000000000 +0100 +++ new/yast2-firewall-4.0.21/package/yast2-firewall.spec 2018-03-23 13:57:49.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.0.19 +Version: 4.0.21 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.19/src/autoyast-rnc/firewall.rnc new/yast2-firewall-4.0.21/src/autoyast-rnc/firewall.rnc --- old/yast2-firewall-4.0.19/src/autoyast-rnc/firewall.rnc 2018-03-13 09:46:03.000000000 +0100 +++ new/yast2-firewall-4.0.21/src/autoyast-rnc/firewall.rnc 2018-03-23 13:57:49.000000000 +0100 @@ -124,41 +124,45 @@ zones = element zones { LIST, - zone* - } - -zone = - element zone { - zone_name & - fwd_interfaces? & - fwd_services? & - fwd_ports? & - fwd_protocols? & - masquerade? + element (zone | listentry) { + zone_name & + fwd_interfaces? & + fwd_services? & + fwd_ports? & + fwd_protocols? & + fwd_sources? & + masquerade? + }* } fwd_services = element services { LIST, - element service {text}* + element (service | listentry) {text}* } fwd_interfaces = element interfaces { LIST, - element interface {text}* + element (interface | listentry) {text}* } fwd_ports = element ports { LIST, - element port {text}* + element (port | listentry) {text}* } fwd_protocols = element protocols { LIST, - element protocol {text}* + element (protocol | listentry) {text}* + } + +fwd_sources = + element sources { + LIST, + element (source | listentry) {text}* } zone_name = element name { text } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.19/src/lib/y2firewall/importer_strategies/suse_firewall.rb new/yast2-firewall-4.0.21/src/lib/y2firewall/importer_strategies/suse_firewall.rb --- old/yast2-firewall-4.0.19/src/lib/y2firewall/importer_strategies/suse_firewall.rb 2018-03-13 09:46:03.000000000 +0100 +++ new/yast2-firewall-4.0.21/src/lib/y2firewall/importer_strategies/suse_firewall.rb 2018-03-23 13:57:49.000000000 +0100 @@ -72,7 +72,6 @@ "FW_SERVICES_DMZ_IP", "FW_SERVICES_EXT_IP", "FW_SERVICES_INT_IP", - "FW_LOG_ACCEPT_CRIT", "FW_LOG_DROP_CRIT", "FW_LOG_DROP_ALL", "FW_MASQUERADE", @@ -318,17 +317,10 @@ # # @return [String] all, unicast or off depending on the log config def log_denied_packets - accept_crit = profile.fetch("FW_LOG_ACCEPT_CRIT", "no") == "yes" - drop_all = profile.fetch("FW_LOG_DROP_ALL", "no") == "yes" - drop_crit = profile.fetch("FW_LOG_DROP_CRIT", "no") == "yes" - - if drop_all - "all" - elsif accept_crit || drop_crit - "unicast" - else - "off" - end + return "all" if profile.fetch("FW_LOG_DROP_ALL", "no") == "yes" + return "unicast" if profile.fetch("FW_LOG_DROP_CRIT", "no") == "yes" + + "off" end # Convenience method which return an instance of Y2Firewall::Firewalld