All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v5.0.0 (2023-11-03)
Breaking changes:
- modulesync 7.0.0 and modernization #347 (jcpunk)
- Drop Puppet 6 support #339 (bastelfreak)
- Add support for icmp-block-inversion #330 (jcpunk)
Implemented enhancements:
- Support ICMP block inversion in zones #270
- Add the parameter protocols to the firewalld_zone resource type #357 (jcpunk)
- add missing documentation #353 (sircubbi)
- Run rubocop linter #350 (jcpunk)
- Add Puppet 8 support #343 (bastelfreak)
- puppetlabs/stdlib: Allow 9.x #342 (bastelfreak)
- Add individual_calls parameter to set IndividualCalls #337 (Griphon)
- Add support SLES 15 #334 (marek130)
- Add methods instances and prefetch for firewalld_service #332 (marek130)
- Add support for policy objects #324 (qha)
- Set default_zone and log_denied when firewalld is offline #317 (jameslikeslinux)
- enable eb-family for all relevant firewalld-types #299 (sircubbi)
- Support specifying priority on rich rules #296 (ananace)
Fixed bugs:
- Try to fixup failing ICMP tests #356 (jcpunk)
- Fixup ICMP tests and set defaults #352 (jcpunk)
- Fix rich rule with typed action #329 (bmagistro)
Closed issues:
- [4.5.1] detect and filter overlapped IP's on firewalld_ipset #355
- Upgrade compatibility to <8.0.0? #333
- support for policy objects missing #316
- missing support for bridges/eb-familiy #298
- Cannot create rich rule with reject type #193
v4.5.1 (2022-08-15)
v4.5.0 (2022-08-15)
Implemented enhancements:
- firewalld modules reloads firewalld excessively #61
Fixed bugs:
- Trying to add custom service with protocols and not ports, results in an error on first run #306
- Fixes firewalld_custom_service where only protocols are defined #307 (nmaludy)
Closed issues:
- Support for Rocky Linux / Alma Linux ? #312
- Possible parse errors in hiera data input #305
- [4.3.0] Mising option to disable AllowZoneDrifting #294
Merged pull requests:
v4.4.0 (2020-11-13)
Implemented enhancements:
Fixed bugs:
- Regression in version 4.3.0 firewalld_custom_service.rb with port range in hash #292
Merged pull requests:
- Adjust for puppet-lint #300 (jcpunk)
- modulesync 3.1.0 & puppet-lint updates #297 (bastelfreak)
- Update firewalld custom service to translate port ranges with a colon… #293 (csschwe)
- Allow the use of dots in the name of an ipset #290 (wiebe)
v4.3.0 (2020-04-25)
The highlight of this release is a new native puppet type firewalld_custom_service that can be used instead of the defined type firewalld::custom_service.
firewalld::custom_service is deprecated and will be removed in a future release. Please migrate to using its replacement.
Implemented enhancements:
- Parse arguments to passthrough provider with spaces correctly #278 (cmusik)
- Native firewalld custom service #277 (trevor-vaughan)
- Add icmp-type support to rich rules #271 (ananace)
Fixed bugs:
- The firewalld module has loop issues when chaining dependent class resources #275
- Fix
firewalld_custom_serviceportvalidation #284 (alexjfisher)
Merged pull requests:
v4.2.4 (2020-03-13)
Fixed bugs:
- Update EPP syntax for earlier versions of Puppet 5 #272 (trevor-vaughan)
v4.2.3 (2020-03-09)
Fixed bugs:
- Service filename bugfix #266 (trevor-vaughan)
Closed issues:
- firewalld::custom_service creates files with invalid names #265
- The firewalld_version fact is incorrect when firewalld is not running #263
Merged pull requests:
- Convert
firewalld_zonedocs to puppet-strings #268 (alexjfisher) - Convert
firewalld_servicedocs to puppet-strings #267 (alexjfisher) - Fix the firewalld_version fact #264 (trevor-vaughan)
v4.2.2 (2020-02-16)
Merged pull requests:
- Fix travis secret #261 (alexjfisher)
v4.2.1 (2020-02-16)
Implemented enhancements:
- Add firewalld_version fact #255 (trevor-vaughan)
- Add
firewall_backendoption #252 (florianfa) - Add support for EL8 #247 (trevor-vaughan)
- Add default ensure to present #177 (jfroche)
- Use an ip range instead of looping #176 (jovandeginste)
Closed issues:
Merged pull requests:
- check for running firewalld in custom_service::reload #253 (domfi)
- (#250) Replace newer ruby %i syntax with older supported syntax #251 (typerlc)
v4.1.1 (2019-11-01)
Fixed bugs:
- Reoccurring firewall-cmd command execution #240
Merged pull requests:
v4.1.0 (2019-10-22)
Implemented enhancements:
- Make native types
autorequirethefirewalldservice #234 (trevor-vaughan)
Fixed bugs:
- Fix firewall commands being run on compiler #232 (trevor-vaughan)
Closed issues:
- README has invalid
'family' => 'ipv6'example forfirewalld_ipsetoptions. #231 - All native firewalld providers are attempting to access the firewall on the compiler #225
- The native types should all autorequire the firewalld service #224
- Adding a 'firewalld_direct_purge' resource to the catalog hangs rspec-puppet #205
Merged pull requests:
v4.0.0 (2019-10-14)
This is the first release since the module was migrated to the Vox Pupuli puppet namespace.
In this release, Puppet 6 is officially supported and support for Puppet 4 has been dropped.
Breaking changes:
- Drop puppet 4 support and allow puppet 6 #209 (alexjfisher)
Implemented enhancements:
- Support ruby 1.9 (Puppetserver 5 JRuby 1.7) #207 (alexjfisher)
- Add validation for rich rule action #174 (jfroche)
- Replace deprecated
validate_functions infirewalld::custom_servicewith data types #172 (jfroche) - Add new properties to
firewalld_ipsettype and improve logging of changes #170 (jfroche) - Add description and short option for firewalld zone #169 (jfroche)
- Add firewalld config options #168 (jfroche)
Fixed bugs:
- Bugfix/setting service ensure to stopped causes failure #197 (jschoewe)
- Allow hypens in
firewalld_ipsetnames #173 (jfroche) - Fix ordering when checking insync #166 (markeganfuller)
Closed issues:
- The module has a SERVER-94 loading issue #226
- Puppet-firewalld uses deprecated stdlib's functions #203
- Raise maxelem in ipset #201
- Test against more recent versions of stdlib #191
- puppet fails with unknown type of string error #185
- firewalld_rich_rule issue #180
- Creating Rich Rules with IPSets fails #165
- multi level hiera only uses top set of rich_rules #161
- Warning: This method is deprecated from manifests/custom_service.pp #160
Merged pull requests:
- Remove use of
PuppetXcode #227 (alexjfisher) - Test against latest stdlib #206 (alexjfisher)
- Allow
puppetlabs-stdlib6 #192 (djschaap) - Update README.md custom_service example #189 (eRaid6)
- Removed puppet < 4.3 support #184 (crayfishx)
- Pin old rspec-puppet #179 (jfroche)
- In a service definition, the port is optional #171 (jfroche)
- Add defaults for services and ports #167 (michaelweiser)
3.4.0 (2017-09-21)
- Feature: Added
$log_deniedparameter for configuring the logging of dropped packets using the--set-log-deniedfeature (firewalld 0.4.3.2-8) (#153)
- Bugfix: Corrected issue with setting default zones on Debian systems running dash instead of bash (#144)
- Bugfix: Various typos in error messages fixed (#145)
- Bugfix: Fixed issue with
firewalld_zoneprovider in later versions of firewalld where the command stops returning a zones sources in alphanumeric order causing issues for Puppet to determine if the resource attribute is in sync (#144) - Bugfix: Fixed issue where
firewalld_zonedid not addicmp_blockentires on creation, requiring another Puppet run (#139)
- Bugfix: Dependency fix for adding a default zone in the same puppet run as creating the zone. This solves the issue of firewalld failing to set the default zone because firewalld hasn't reloaded yet and it can't see the zone as active. (#135)
- Feature: added the
firewalld_ipsettype to manage IPsets (#108) - Feature: added
masqueradeattribute tofirewalld_zoneto manage masquerading on zones (#129) - Feature: added
ipsetoption to rich rules source option - Various documentation bugfixes
- Bugfix: Fix for when custom_service ports are defined as integers, (#122)
- Documentation fixes
- Feature: allow for port ranges to be defined with
custom_servicedeclarations (#107) - Feature: added
default_zoneto the firewalld base class to allow for a default zone to be defined (#118) - Bugfix: Fix to
firewalld_rich_ruletypes when firewalld is in a down state (#112) - Bugfix: Better service availability checking when purging rules (#101)
- Bugfix: Handle later versions of firewalld where the target is returned as
REJECTinstead of%%REJECT%%- this is a backwards compatible fix (#111) - Numerous documentation typo fixes
- Bugfix: Change how types and providers reference other providers by referencing the
Puppet::TypeAPI rather than trying to load them withrequire. This addresses some intermitent problems with Puppets autoloading and registering of types that caused exceptions in Puppet 4.5.0+ in some circumstances, depending on the ordering of the manifest evaluation. See #93 and https://tickets.puppetlabs.com/browse/PUP-6922 - Documentation fixes (#100)
- Bugfix: This release addresses an issue configuring firewalld on a system where the package is not yet installed. The logic used to determine the state of the firewall is run before the package provider can install the package causing catalog application to fail. Fixed #96
- Bugfix: #94. puppet types generate failed with the following error
Error: /etc/puppetlabs/code/environments/production/modules/firewalld/lib/puppet/type/firewalld_direct_chain.rb: title patterns that use procs are not supported.
Since procs are not actually needed in this title pattern they have been removed to stop this error.
- Bugfix: #90 -
firewalld_servicefails to remove services in offline mode. see #90 - Internal: Provider tests for the state of firewalld on initiation to decide which command to use (
firewall-cmdorfirewall-offline-cmd) rather than relying on catching an exception inexecute_firewall()
- Bugfix:
--get-icmptypesrunning against--zonewhen it is a global option. #86
- Bugfix (CRITICAL) : Purging not respecting --noop mode. #84
- Bugfix : firewalld_direct_zones with single quotes in the arguments causes a misconfigured XML file. #83
- Bugfix: use relative file location for requiring
lib/puppet/type/firewalld_direct_*, #80
- Bugfix: use relative file location for requiring
lib/puppet/provider/firewalld, this addresses #78
- Feature: firewalld::custom_service now accepts a
filenameparameter, defaults to the value ofshortfor backwards compatibility. Note that this change will be short lived and replaced by a name pattern in 4.0.0. See issue #75 - Multiple fixes to purging of firewalld resources, if enabled, running configuration will always be purged by a firewall restart if there are any resources found to be purgable. This addresses #26
- Bugfix: 2 Puppet runs required to create a custom service and attach to a zone, fixed. See #27
- Bugfix: Added resource chains (as in 2.x) to set relationships between service, resources and the exec to reload firewall, this fixes an issue where resources declared in Puppet (eg: from the profile) do not automatically get their dependencies set. See #38
- Bugfix release
- Fixed issue #68, direct_rules and passthroughs badly configured
- Puppet forge metadata changes, no functional changes.
- BREAK: Puppet manifests now written for the new parser, must use Puppet 4 or 3.x + Future parser
- custom_services now configurable in hiera
- BREAK: #58 Reloads by default now use --reload, not --complete-reload (separate resource provided for that)
- Bugfix #64 : invert => true for source and destinations on rich rules fixed.
- New types and providers for direct chains, rules and passthroughs
- Provider will attempt to call firewall-offline-cmd if an exception is raised suggesting the service is down (see #46)
- Overhaul of internals for the providers
- Many more tests added
- #43 firewall-config package is not installed by default, can be enabled with the install_gui param
- #33 Protocol element now managed by firewalld_rich_rile
- #13 ELEMENTS constant changed to a method to stop ruby warnings
- Fix: #25 - purge_ports for firewalld_zone now works as expected
- BREAK: port parameter for firewalld_port now only accepts a port, not a hash as previously documented.
* This Changelog was automatically generated by github_changelog_generator