firewall-applet-0.9.11-4.el8  >  He U]ƛ k0k2_p?dx/WvV契׾-kGv"-12Sx,Qg YBŰSe+{2Ea pgfeޡIV~CCP1ErI؉:qJ F!& (q9#8^*YP_Iή6'  *J/V9 waRB` eg~< fKfue\.k|Lp?zݭO[`a)Iy (BBW>Icƫex턭^)ݠ%ES i6ǎ1UE! M$3_G9yh- )0L RaDL\,n BqSHwk/_}uiD/LH"L]4D^ANvM"dowwN?n4.SfTZ7s`~<p'Ʌ~#['O1q7b3c614e0f0df834b8999d81d19a3a7d6e7a8ac3d0d3bd8c1ab8dd418fae5603a77fe6fcbf69759295eacf05bdfa964ad2e273190302047c435bb500673065023100ab5d111b09287ec22034c06915ac9fa31f380e758421ce7f7d151cd93cf3598a99ce7e8695ca56fc1a5dd1dd58c69e9c023062b4ed5a67d2e13a56223d0a96be9b5e2ba94f02280a8eb9f78075674d956e1adbfab0c37e546da9bd6d8ab0887229870302047c435bb500683066023100e702da54dec4320f3dbe40b23f4913b946409a213bea62548bd214a0dcaafe813112266c349352d7850bad73bc4db623023100a862dea0404e870dc23c23da2438cc9e905d3ab9b88ce6bc595bdf31f7d727ac4dd9a00584ed0491ecead69893caf32d0302047c435bb500673065023100a260c53219d00ea102115092b14b63c36ccffa120d6b3587d71dad12cd07f93fc5c0583274871970f9874d37753a3f1402301e72d79b8f7ab271de39b3ffe5d9401ae55440c05133f9f897f1248dabe33f47c5ae77a4a39e498b05490a65a7c3cbaa0302047c435bb500663064023009ad59ab905c6e263b66e82056b331bab4db1f4f5ffe23e7a553942d45144025f9e2d28f53b695d9bd25808b7aed0d10023054979b20ddfac33a4733841ba5fe8dfae1a46b2e79b26ac62e5e44f01f3e6dcd5e16a319668ba5515165add37b50260f0302047c435bb500683066023100cffd9d65726281c643b30ac1a76e1c423bbc7ffcbdf09508130ba5696e8d44cc6b0997a53ec1868fff82e0ed92ec2a24023100ab1d220b593d235dfc3d2ed967588c408f6c715454630dcc868e16aa81be61bb66b1f99debe965a175624a7bd08809ed0302047c435bb500673065023034514124c44d9a76aa339f16611a0d7e0bf0722a9da46e66fd364c2a7ab2057259a68a6c476a284a4fa230ca38352120023100bd98701a616636ab7157f5ed6ab48d378eb6a55482417db99a54cd6f695f421862ed234d149fad3d8b19ff67553a50ec0302047c435bb5006730650230084515839f3ed43245accde35028e2a108e913caab75af171f0abc580daf1017af070508544af5dde23303b10956078c0231009247d1a23f4d279e70a272ebc65319164c32fa35a9cab328905e3fc174d591a558aa18b7d339c4c5690993d6914ec60b0302047c435bb50067306502301162d115b3cf5b2b1a4942207fb890a0c4e069a5fbccec68dcb151998fbfa659a0946b69d851987cc9638afe42ef73150231008f375d03f4a09e9e220a80ba0329ea3a92fa480844cd948d27eeb8ee8cddaa235e815ceb52d3be8f97a9c1bf2d1789400302047c435bb500663064023067f11548892eefaaaa3ea15d5e5a8655677bb8576c48e85d4d6b08ec1b77c30ab8f850db685c49140f5f784eccd4323202300ef4ecad8168736d79ef9f5f66c3ad65c9e2279730bb7381d28d68e03084c0016fb29c63bc7aae1be13a4f5ac0ed327e0302047c435bb5006730650230603abfc346874381431ff6480026a1b8ce8b6dafc146d0dd7070d28d20e334d243405fa9baa112a9a6ac71bf86f87c15023100c07428ff92170198170e7051aa032d5797fe567e0886ebb30e3b6f15c175c7557720b462b48e19c7f1b4fe1cf868a3fa0302047c435bb500663064023048d7e94d41360c4ceb02d5fe3245e435a85d53a5ea403b474f7974338f6134ab848c7cbc1471fc6e6be3a8afb278e918023006b5bc302c196dbcaf410f2ea36f0fd78b54ec03f21c7ba120e6be1ecfc0b35cfef55185aa47d99a3756f30dba4083130302047c435bb50067306502310090ae111e50b1029219a0e7d82d54eaaec4c18bd9cbbe8952c977e8f398792851e4743fd62973fb08cf96cf7f3f00694b02303e5e2632e7cd9e50153d993529cc5bd11bc4d35d7b1fd6bd5a8571cfd1d126051367b15140f9ef2173a805248142e6490302047c435bb5006730650230681d9dc248f8b69acffa2aff851384fed24a6b0227e61bddbd64221f33bd2b7bc3e2df0db8da831ba1d2eab3a99eb28f023100e5f4d2e4601b0e703f0c11b3a56fd5f7d1e4fa2a3528cadd5a0f6a102915754af9c51e522619e3c67321cc508a3f59770302047c435bb500683066023100a7585af5f369f1c6b5e00c9704d728d2e3835b88e8a9b25fa30ce9858fd7e0a8d3dcf6b672feb5c20fa8ed565dced2020231008292a8ffa9c65996d858e651301e2ebf01f29e1304144aea89c4219fd6b477fc756e6133bba0ab5a8517b5f71089fe700302047c435bb500673065023075c796061e115663155b6bd3ba546325e4c2693648ead06be32cad4671bd4825b45fbe863d397ce0f691f16124b9bbc1023100d2d03306a900bc5bf4e308f213bb3b5d126a3c01fc7c64e90a092acd71c513a00b42bf9a8fdb36e31ade194bc82ce2c70302047c435bb500683066023100d2777e4aa005199c14a9dc0886fa1ccb93bc613adc1edfa69a32fc6d2f32644fb9242007478821c3691ff0b110ff905e023100e3fe00836be9bbc0095e2a0bec4099dc28544633ca0a4ffd61e7accc20fd12a9d33f32ec0fceb7b814c80474ecd84bbe0302047c435bb500673065023100d08605b0336939bcd704a5391599b1b905e1d7669db37fc715222279754fa0ef129a51d1bcb2715693561d75372e7dcf023028214a43f68f8756fe6912506d13f8a87f1868c71e0460139516ef224afe3bb7b37b9328364ceffeab50c9b234d321350302047c435bb50067306502302d5e2f7d430f4a944ebfdfdd191b5d33b60a7634c169e5227275cc6b961a7f3fed90347a91fe562f322e0e85517a633c02310094c038a089850622b593f4a3b5b07c4cc17ed42bc68921b8a622aac05cede672d8fca2762788834df581dc6465420e600302047c435bb500663064023059a2f15022a4bf7e8f61ef809980cd6d4e7563c8cc2737e239d9bd34d353c811f83927f694416be2994297f66db97c4702307c582ef0df77c7bba87decf115f59521380cb4bad588df6ef797ef5f852f8630d68973761664d0cd6cf605cb4473c4ad0302047c435bb50068306602310086fc00700f06e2d3d7b6633847964a520439ff144f77dfc88802de843a10517122d3118b922c69876db1d40cb181146c023100c89b0177e2cbaa9e8c817aee6dc2af17700a3b21bea26f6b2506452efb63cf45c26ebc16b3925433d30c1f8d701750800302047c435bb500663064023050c4abbd08ee6d8c2d821c21af7a17b309b66b2cec0a1005d56d391b975ac0389aa8ec2209c81a1369573052cb6ed773023024d8f37da71752342c14194fce1239f9def46e5bfddcb885dfef463cb2730764e49bd80c3d9b4db9eaec4e1ce74d0df00302047c435bb5006730650231009437df8a787423ed32a33b9c1a80b9fa93be00b7e33d3de3232b7ba2660b20359c321275c61e178f932226266702610602305daa89b44a7dd19c7d2dd90c656f841468d74f715ae3cd52733975dd8ddd1231a24066dc1233b6d4ffb66437167168760302047c435bb500683066023100c6c556e4e6eb4668bcbcc95071c511b03afa9f275e866052f43f5b78054cbda1a3ca08ebf2008ba540ce0a7864ae0db2023100c809494b8840b133981cf1de910d2e8ce62d5be1166e7642e33bd957905e8c0207f00656f871da87036a1231178475b0xe U]"UV<0>zVxR_uμ&W1U}HB~ޡf Md1CX.SiR@ .gK!^[ :?6l\k"OLv1ck#a18JEkbIvf$iV`iQ93?( ;$Nf~|X `$O %6;JzKE& 20JAW6=UΠ S.8:_y tCb :[1)Z\=$B~9qHY&YWhPGA]olDn?YH7vOꄗ#~ JcU$Ǥs}ݯ: +ҝ՛HC^ӕ44=5}|})[,9 ͅzz[3DW3v; 3JÉ6դgxN2%;b~(?>p<+?+d  5 $   8  D * L    ( 8 (9 |:(G"\H"I#X#,Y#0\#@]#^% b&d'e'f'l't(u(tv( w*x+0y+++++Cfirewall-applet0.9.114.el8Firewall panel appletThe firewall panel applet provides a status information of firewalld and also the firewall settings.eNaarch64-01.stream.rdu2.redhat.comCentOSCentOSGPLv2+builder@centos.orgUnspecifiedhttp://www.firewalld.orglinuxnoarchq8_cIm R | A큤큤eNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNaf0d41b5c62ba9a6e5f549c22064777020fbf8e1384d7e8a87aacbd74c56e04e986647be4844f1d243c16d32ff02459186eceb245e7d6837b7523d3aad4961e900cc55d31fa3cac85deb744002c960978622112b67bd8c39f263e252bec4cb590301974fc0ddaa21008d33766211bb44d517617070ae12206d3c10f46ecbae702b2a9fdbfe57c871a44a6a85da3a715a79ec3ba84cd22850d67580aa237c3b2d18536ed118fe42b6a27c94891454fdc709a79d4e34171048154b26c3fb2c9fe4e90721063aaa1198f24c6b6029f5876880f1c1d163e7d4afa35539eeec982b7b54b14fc24123f2ec8f8a2646982e8ddd3d41a4d4cfa7c906e1c8c985ba54f5d14ecf3ba61c8daac7e13a258c9bc490dd6692b0494a7f83b9ef655084146dec155457e8e409aeff38b78226fa78c2a1ddd930148c7775f5e1562a246442e96e689779d374a2e3c98fa4aa035612ad275b8c33bd4ae6416490a0ec96ebf6292f3d2732f3501a2b9262bb1458713f5f5a980655f7ef5d48cde66902643f6134bb478127668dc3a9f06f0031cfc5aa228577d013f383ececa190e19061710329ef20f821451143a9c86f23ea1782c2c3e4fb86afa1fcfc2fae55626272658f7eed0742de1cff244f46065694258388751f164866b9a8faaa6ae2494f2cbc5aceef51364f6b6b7111735da42e53901a621ee0fa4ba3925b96dea1ac30fc508f7ef2b3960bbe277cd5afc02f033f1e286eed41af4cd6c39fe5d002a471594600982d0b1af9a194fca0292ebb1458274d5d874e4ca86aaf437a1a051ef6cf721ea70e54372cf9784bdd3360983be51c4ec0780f811a51ab6e9de4cf4c92c44f3f8122a90f675b0993f23373bc5af1f142f57d295fc3de6de92356267c8ddc786eba385e6b9c7b22d21db4f44072f92bf8b71ed68df0dc8ea48a071e15d6d9298c0cc8ed33bf05078d93da93dda1a5902bc3fe8ae7466ebb267b6fc0890a95cacf343c12rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfirewalld-0.9.11-4.el8.src.rpmfirewall-applet@    /usr/libexec/platform-pythonNetworkManager-libnmdbus-x11firewall-configfirewalldhicolor-icon-themelibnotifypython3-gobjectpython3-qt5-baserpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)0.9.11-4.el80.9.11-4.el83.0.4-14.6.0-14.0-15.2-14.14.3eDeDeDd>@aap@a@a@a@a@`@`@`````7@```_@_)M^^W@^8 @]ʞ]d@]R@]Ik]6]:]@\;(@\4\@\I[[[;@[\[ug@[r@[m~@[l,[CN@[?YZVZI@ZI@Z@Z}@Zz@Zz@ZOhZ6\@YYx@Y:XX+X@X@XOXEVX@X#X=W@W@WzOWs@WrfWL+@W0{Wo@WV@V@VVHVA@UU@UUa@Ua@UUzUzUKSU/@U@U@T@T@TLT=@S@S%@SSR@S@SSSR'R@RR@RxR_@RNRM\@RL RIgQQQ@QyQ@Q@QnQT0QIQ8@Q$Q@P@P@P@P @PpP~PIP3x@P(@P!@OOOc+@OaOU@OTOC@O1@O/MY@M!@M!@ME@Eric Garver - 0.9.11-4Eric Garver - 0.9.11-3Eric Garver - 0.9.11-2Eric Garver - 0.9.11-1Eric Garver - 0.9.3-13Eric Garver - 0.9.3-12Eric Garver - 0.9.3-11Eric Garver - 0.9.3-10Eric Garver - 0.9.3-9Eric Garver - 0.9.3-8Eric Garver - 0.9.3-7Eric Garver - 0.9.3-6Eric Garver - 0.9.3-5Eric Garver - 0.9.3-4Eric Garver - 0.9.3-3Eric Garver - 0.9.3-2Eric Garver - 0.9.3-1Eric Garver - 0.8.2-6Eric Garver - 0.8.2-5Eric Garver - 0.8.2-4Eric Garver - 0.8.2-3Eric Garver - 0.8.2-2Eric Garver - 0.8.2-1Eric Garver - 0.8.0-4Eric Garver - 0.8.0-3Eric Garver - 0.8.0-2Eric Garver - 0.8.0-1Eric Garver - 0.7.0-5Eric Garver - 0.7.0-4Eric Garver - 0.7.0-3Eric Garver - 0.7.0-2Eric Garver - 0.7.0-1Eric Garver - 0.6.3-7Eric Garver - 0.6.3-6Eric Garver - 0.6.3-5Eric Garver - 0.6.3-4Eric Garver - 0.6.3-3Eric Garver - 0.6.3-2Eric Garver - 0.6.3-1Eric Garver - 0.6.1-5Eric Garver - 0.6.1-4Eric Garver - 0.6.1-3Eric Garver - 0.6.1-2Eric Garver - 0.6.1-1Eric Garver - 0.6.0-2Eric Garver - 0.6.0-1Eric Garver - 0.6.0-0.1.alpha1Eric Garver - 0.5.2-3Eric Garver - 0.5.2-2Eric Garver - 0.5.2-1Igor Gnatenko - 0.5.1-2Eric Garver - 0.5.1-1Fedora Release Engineering - 0.4.4.5-6Igor Gnatenko - 0.4.4.5-5Zbigniew Jędrzejewski-Szmek - 0.4.4.5-4Thomas Woerner - 0.4.4.5-3Fedora Release Engineering - 0.4.4.5-2Thomas Woerner - 0.4.4.5-1Thomas Woerner - 0.4.4.4-1Thomas Woerner - 0.4.4.3-2Thomas Woerner - 0.4.4.3-1Fedora Release Engineering - 0.4.4.2-4Stratakis Charalampos - 0.4.4.2-3Thomas Woerner - 0.4.4.2-2Thomas Woerner - 0.4.4.2-1Thomas Woerner - 0.4.4.1-1Thomas Woerner - 0.4.4-1Thomas Woerner - 0.4.3.3-1Fedora Release Engineering - 0.4.3.2-2Thomas Woerner - 0.4.3.2-1Thomas Woerner - 0.4.3.1-2Thomas Woerner - 0.4.3.1-1Thomas Woerner - 0.4.2-1Thomas Woerner - 0.4.1.2-2Thomas Woerner - 0.4.1.2-1Thomas Woerner - 0.4.1-1Jiri Popelka - 0.4.0-4Jiri Popelka - 0.4.0-3Fedora Release Engineering - 0.4.0-2Thomas Woerner - 0.4.0-1Fedora Release Engineering - 0.3.14.2-5Adam Williamson - 0.3.14.2-4Thomas Woerner - 0.3.14.2-3Thomas Woerner - 0.3.14.2-2Thomas Woerner - 0.3.14.2-1Fedora Release Engineering - 0.3.14.1-3Stephen Gallagher 0.3.14.1-2Thomas Woerner - 0.3.14.1-1Thomas Woerner - 0.3.14-1Stephen Gallagher 0.3.13-7Stephen Gallagher 0.3.13-6Stephen Gallagher 0.3.13-5Stephen Gallagher 0.3.13-4Jiri Popelka - 0.3.13-3Thomas Woerner - 0.3.13-2Jiri Popelka - 0.3.13-1Jiri Popelka - 0.3.12-1Jiri Popelka - 0.3.11-3Jiri Popelka - 0.3.11-2Jiri Popelka - 0.3.11-1Thomas Woerner - 0.3.10-5Thomas Woerner - 0.3.10-4Thomas Woerner - 0.3.10-3Fedora Release Engineering - 0.3.10-2Jiri Popelka - 0.3.10-1Jiri Popelka - 0.3.9.3-1Jiri Popelka - 0.3.9.2-1Jiri Popelka - 0.3.9.1-1Jiri Popelka - 0.3.9-1Jiri Popelka - 0.3.8-1Jiri Popelka - 0.3.7-1Jiri Popelka - 0.3.6.2-1Jiri Popelka - 0.3.6.1-1Jiri Popelka - 0.3.6-1Jiri Popelka - 0.3.5-1Thomas Woerner 0.3.4-1Jiri Popelka Thomas Woerner 0.3.3-2Thomas Woerner 0.3.3-1Jiri Popelka - 0.3.2-2Jiri Popelka - 0.3.2-1Jiri Popelka - 0.3.1-2Thomas Woerner 0.3.1-1Thomas Woerner 0.3.0-1Jiri Popelka - 0.2.12-5Jiri Popelka - 0.2.12-4Fedora Release Engineering - 0.2.12-3Jiri Popelka - 0.2.12-2Thomas Woerner 0.2.12-1Thomas Woerner 0.2.11-2Thomas Woerner 0.2.11-1Thomas Woerner 0.2.10-1Thomas Woerner 0.2.9-1Thomas Woerner 0.2.8-1Jiri Popelka 0.2.7-2Thomas Woerner 0.2.7-1Thomas Woerner 0.2.6-1Thomas Woerner 0.2.5-1Thomas Woerner 0.2.4-1Thomas Woerner 0.2.3-1Thomas Woerner 0.2.2-1Thomas Woerner Thomas Woerner 0.2.1-1Thomas Woerner 0.2.0-2Thomas Woerner 0.2.0-1Thomas Woerner 0.1.3-1Thomas Woerner 0.1.2-1Thomas Woerner 0.1.1-1Thomas Woerner 0.1-1- fix(nftables): always flush main table on start- fix(ipset): fix configuring IP range for ipsets with nftables- fix(ipset): exception on overlap checking empty set- rebase to v0.9.11- change default CleanupModulesOnExit=yes- feat(config): add CleanupModulesOnExit configuration option - change default CleanupModulesOnExit=yes- fix(zone): detect same source/interface in zones- fix(nftables): rich: source address with netmask- fix(nftables): do not log icmp block if inversion- docs(firewall-*cmd): client conntrack helpers must use a policy- fix(ipset): disallow overlapping entries- fix(policy): warn instead of error for overlapping ports- docs(conf): note that IPv6_rpfilter has a performance penalty- fix(nm): reload: only consider NM connections with a real interface- fix(ipset): fix hash:net,net functionality- fix(direct): rule order with multiple address with -s/-d- rebase to v0.9.3 - fixes from upstream branch stable-0.9- feat(service): add galera service- fix(zone): add source with mac address- fix(rich): non-printable characters removed from rich- fix(nftables): packet marks with masks - fix(nftables): icmp types with code == 0 - fix(rich icmptype): verify rule and icmptype families - fix(zone): cache rule_str for rich rules - improvement(service): IPsec: Update description and add TCP port 4500 - feat(service): add collectd service - feat(service): Add rpc-rquotad.service- fix(cli): add ipset type hash:mac is incompatible with the family parameter - fix(cli): add --zone is an invalid option with --direct - fix: update dynamic DCE RPC ports in freeipa-trust service - fix: core: rich: Catch ValueError on non-numeric priority values - fix(rich): icmptypes with one family - fix(direct): rule in a zone chain - plus additional upstream stable fixes- rebase to v0.8.2- doc: direct: add CAVEATS section- restore zone drifting as a feature- fix: CLI: service: also output helpers for service info- rebase to v0.8.0- bump nftables version requirements- backport patches to sort source-based zone dispatch by zone name- backport patch to show service includes in service output - backport patches to fix dbus API break- package rebuild- rebase to v0.7.0- backport additional patches for RFC3964_IPv4 filter feature- backport nftables support for wildcard interfaces - backport RFC3964_IPv4 filter feature- backport fix for lost NM interfaces in default zone during reload- backport recent stable fixes - backport fix for lost NM interfaces during reload - backport rich rule priorities - backport fix for set entries not applied - update translations- backport FlushAllOnReload feature- use py3_shbang_opts for lockdown-whitelist - fix cockpit patch causing test failure- rebase package to v0.6.3 - use py3_shbang_opts for interpreter invocations- python3-firewalld can get by with python3-gobject-base - firewall-config can get by with python3-qt5-base- backports for new failed state if startup fails - backports to use explicit RETURN on user defined ebtables chains - backports to fix nftables AUDIT log support- drop support for ebtables broute table- add more ports to high-availability service- rebase to v0.6.1 - fix patch adding cockpit by default, fixes testsuite- Use correct conflicts version for cockpit-ws - Enable cockpit by default in some zones- rebase to v0.6.0- rebase to v0.6.0-alpha- remove fedora-isms and clean up spec file- remove python2-firewall subpackage- rebase package to v0.5.2- Escape macros in %changelog- rebase package to v0.5.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild- Remove obsolete scriptlets- Python 2 binary package renamed to python2-firewall See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3- Fix spec file for next RHEL versions- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- Rebase to firewalld-0.4.4.5 http://www.firewalld.org/2017/06/firewalld-0-4-4-5-release - Fix build from spec - Fix –remove-service-from-zone option (RHBZ#1438127) - Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules (RHBZ#1429808) - firewall-cmd: Fix –{set,get}-{short,description} for zone (RHBZ#1445238) - firewall.core.ipXtables: Use new wait option for restore commands if available - New services for oVirt: ctdb, ovirt-imageio, ovirt-storageconsole, ovirt-vmconsole and nrpe - Rename extension for policy choices (server and desktop) to .policy.choice (RHBZ#1449754) - D-Bus interfaces: Fix GetAll for interfaces without properties (RHBZ#1452017) - Load NAT helpers with conntrack helpers (RHBZ#1452681) - Translation updates - Additional upstream patches: - Rich-rule source validation (d69b7cb) - IPv6 ICMP type only rich-rule fix (cf50bd0)- Rebase to firewalld-0.4.4.4 http://www.firewalld.org/2017/03/firewalld-0-4-4-4-release - Drop references to fedorahosted.org from spec file and Makefile.am, use archive from github - Fix inconsistent ordering of rules in INPUT_ZONE_SOURCE (issue#166) - Fix ipset overloading from /etc/firewalld/ipsets - Fix permanent rich rules using icmp-type elements (RHBZ#1434594) - firewall-config: Deactivate edit, remove, .. buttons if there are no items - Check if ICMP types are supported by kernel before trying to use them - firewall-config: Show invalid ipset type in the ipset configuration dialog in a special label- Fixed ipset overloading, dropped applied check in get_ipset (issue#206)- Rebase to firewalld-0.4.4.3 http://www.firewalld.org/2017/02/firewalld-0-4-4-3-release - Speed up of large file loading - Support for more ipset types - Speed up of adding or removing entries for ipsets from files - Support icmp-type usage in rich rules - Support for more icmp types - Support for h323 conntrack helper - New services - Code cleanup and several other bug fixes - Translation updates- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- Rebuild for Python 3.6- Dropping firewalld-selinux package again as the required fix made it into selinux-policy packages for F-23+, updated selinux-policy version conflicts- New firewalld-selinux sub package delivering the SELinux policy module for firewalld (RHBZ#1396765) (RHBZ#1394625) (RHBZ#1394578) (RHBZ#1394573) (RHBZ#1394569) - New firewalld release 0.4.4.2: - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem - firewall.core.fw_nm: create NMClient lazily - Do not use hard-coded path for modinfo, use autofoo to detect it - firewall.core.io.ifcfg: Dropped invalid option warning with bad format string - firewall.core.io.ifcfg: Properly handle quoted ifcfg values - firewall.core.fw_zone: Do not reset ZONE with ifdown - Updated translations from zanata - firewall-config: Extra grid at bottom to visualize firewalld settings- firewall-config: Use proper source check in sourceDialog (fixes issue#162) - firewallctl: New support for helpers - Translation updates- Fix dist-check - src/Makefile.am: Install new helper files - config/Makefile.am: Install helpers - Merged translations - Updated translations from zanata - firewalld.spec: Adapt requires for PyQt5 - firewall-applet: Fix fromUTF8 for python2 PyQt5 usage - firewall-applet: Use PyQt5 - firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property - shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes - src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services - doc/xml/seealso.xml: Add firewalld.helper(5) man page - doc/xml/seealso.xml: Add firewalld.ipset(5) man page - Fixed typo in firewalld.ipset(5) man page - Updated firewalld.dbus(5) man page - New firewalld.helper(5) man page - doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page - doc/xml/firewall-cmd.xml: Updated firewall-cmd man page - firewall-offline-cmd: New support for helpers - firewall-cmd: New support for helpers - firewall.command: New check_helper_family, check_module and print_helper_info methods - firewall.core.fw_test: Add helpers also to offline backend - firewall.server.config: New AutomaticHelpers property (rw) - firewall.server.config: Fix an dict size changed error for firewall.conf file changes - firewall.server.config: Make LogDenied property readwrite to be consistent - Some renames of nf_conntrack_helper* functions and structures, helpers is a dict - firewall.core.fw: Properly check helper setting in set_automatic_helpers - firewall.errors: Add missing BUILTIN_HELPER error code - No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER - firewall.server.firewalld: Drop unused queryHelper D-Bus method - New helpers Q.931 and RAS from nf_conntrack_h323 - firewall.core.io.helper: Allow dots in helper names, remove underscore - firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS - firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always - firewall.core.fw_config: new_X methods should also check builtins - firewall.client: Set helper family to "" if None - firewall.client: Add missing module string to FirewallClientHelperSettings.settings - config/firewalld.conf: Add possible values description for AutomaticHelpers - helpers/amanda.xml: Fix typo in helper module - firewall-config: Added support for helper module setting - firewall.client: Added support for helper module setting - firewall.server.config_helper: Added support for helper module setting - firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_ - firewall.core.fw_zone: Use helper module instead of a generated name from helper name - helpers: Added kernel module - firewall.core.io.helper: Add module to helper - firewall-cmd: Removed duplicate --get-ipset-types from help output - firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table - firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table - firewall-config: New support to handle helpers, new dialogs, new helper tab, .. - config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting - firewall.client: New helper management for runtime and permanent configuration - firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property - firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed) - firewall.server.config: New permanent D-Bus helper management - New firewall.server.config_helper to provide the permanent D-Bus interface for helpers - firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers - firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings - firewall.core.fw_config: Add support for permanent helper handling - firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore - firewall.functions: New functions to get and set nf_conntrack_helper kernel setting - firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting - firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12 - New firewall.core.fw_helper providing FirewallHelper backend - New firewall.core.helper with HELPER_MAXNAMELEN definition - config/firewalld.conf: New AutomaticHelpers setting with description - firewall.config.__init__.py.in: New helpers variables - firewalld.spec: Add new helpers directory - config/Makefile.am: Install new helpers - New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp - firewall.core.io.helper: New IO handler for netfilter helpers - firewall.errors: New INVALID_HELPER error code - firewall.core.io.ifcfg: Use .bak for save files - firewall-config: Set internal log_denied setting after changing - firewall.server.config: Copy props before removing items - doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset - firewall.core.fw_zone: Fix LOG rule placement for LogDenied - firewall.command: Use "source-ports" in print_zone_info - firewall.core.logger: Use syslog.openlog() and syslog.closelog() - firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service} - firewall-cmd: Enable --path-{zone,icmptype,service} options again - firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules - firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules - config/Makefile.am: Added cfengine, condor-collector and smtp-submission services - Makefile.am: New dist-check used in the archive target - src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted - config/Makefile.am: New CONFIG_FILES variable to contain the config files - Merge pull request #150 from hspaans/master - Merge pull request #146 from canvon/bugfix/spelling - Merge pull request #145 from jcpunk/condor - Command line tools man pages: New section about sequence options and exit codes - Creating service file for SMTP-Submission. - Creating service file for CFEngine. - Fix typo in documentation: iptables mangle table - Only use sort on lists of main items, but not for item properties - firewall.core.io.io_object: import_config should not change ordering of lists - firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction - firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549) - firewall.command: Fix sequence exit code with at least one succeeded item - Add condor collector service - firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones - firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences- Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO - Update AppData configuration file. - tests/firewalld_rich.py: Use new import structure and FirewallClient classes - tests/firewalld_direct.py: Use new import structure - tests: firewalld_direct: Fix assert to check for True instead of False - tests: firewalld_config: Fix expected value when querying the zone target - tests: firewalld_config: Use real nf_conntrack modules - firewalld.spec: Added comment about make call for %build - firewall-config: Use also width_request and height_request with default size - Updated firewall-config screenshot - firewall-cmd: Fixed typo in help output (RHBZ#1367171) - test-suite: Ignore stderr to get default zone also for missing firewalld.conf - firewall.core.logger: Warnings should be printed to stderr per default - firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails - firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired - firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired - test-suite: Do not fail on ALREADY_ENABLED --add-destination tests - firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings - doc/xml/firewalld.dbus.xml: Removed undefined reference - doc/xml/transform-html.xsl.in: Fixed references in the document - doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para - doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page - firewall: core: fw_nm: Instantiate the NM client only once - firewall/core/io/*.py: Do not traceback on a general sax parsing issue - firewall-offline-cmd: Fix --{add,remove}-entries-from-file - firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file - firewall.core.prog: Do not output stderr, but return it in the error case - firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (RHBZ#1362171) - config/firewall.service.in: use KillMode=mixed - config/firewalld.service.in: use network-pre.target - firewall-config: Add missing gettext.textdomain call to fix translations - Add UDP to transmission-client.xml service - tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings - firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls - firewall.client: Fix NOT_ENABLED errors in icmptype destination calls - firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls - firewall.command: Add the removed FirewallError handling to the action (a17ce50) - firewall.command: Do not use query methods for sequences and also single options - Add missing information about MAC and ipset sources to man pages and help output - firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages - firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr} - firewallctl: Fix traceback if not connected to firewalld - firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked - firewall.command: Convert errors to string for Python3 - firewall.command: Get proper firewall error code from D-BusExceptions - firewall-cmd: Fixed traceback without args - Add missing service files to Makefile.am - shell-completion: Add shell completion support for --{get,set}--{description,short} - Updated RHEL-7 selinux-policy and squid conflict- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- Fix regression with unavailable optional commands - All missing backend messages should be warnings - Individual calls for missing restore commands - Only one authenticate call for add and remove options and also sequences - New service RH-Satellite-6 - Fixed selinux-policy conflict version for RHEL-7- Fixed selinux-policy conflict version for Fedora 24- New firewalld release 0.4.3.1 - firewall.command: Fix python3 DBusException message not interable error - src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing - firewallctl: Do not trace back on list command without further arguments - firewallctl (man1): Added remaining sections zone, service, .. - firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting - firewall.server.config: Allow to set IndividualCalls property in config interface - Fix missing icmp rules for some zones - runProg: Fix issue with running programs - firewall-offline-cmd: Fix issues with missing system-config-firewall - firewall.core.ipXtables: Split up source and dest addresses for transaction - firewall.server.config: Log error in case of loading malformed files in watcher - Install and package the firewallctl man page - New firewallctl utility (RHBZ#1147959) - doc.xml.seealso: Show firewalld.dbus in See Also sections - firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (RHBZ#1339251) - {zone,service,ipset,icmptype}_writer: Do not fail on failed backup - firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd - firewall-cmd: Dropped duplicate setType call in --new-ipset - radius service: Support also tcp ports (RBZ#1219717) - xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources - config.xmlschema.service.xsd: Fix service destination conflicts (RHBZ#1296573) - firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg - firewall.command: Only print summary and description in print_X_info with verbose - firewall.command: print_msg should be able to print empty lines - firewall-config: No processing of runtime passthroughs signals in permanent - Landspace.io fixes and pylint calm downs - firewall.core.io.zone: Add zone_reader and zone_writer to __all__, pylint fixes - firewall-config: Fixed titles of command and context dialogs, also entry lenths - firewall-config: pylint calm downs - firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit - firewall-config: Use self.active_zoens in conf_zone_added_cb - firewall.command: New parse_port, extended parse methods with more checks - firewall.command: Fixed parse_port to use the separator in the split call - firewall.command: New [de]activate_exception_handler, raise error in parse_X - services ha: Allow corosync-qnetd port - firewall-applet: Support for kde5-nm-connection-editor - tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications - firewall-offline-cmd: Use FirewallCommand for simplification and sequence options - tests/firewall-cmd_test.sh: New tests for service and icmptype modifications - firewall-cmd: Fixed set, remove and query destination options for services - firewall.core.io.service: Source ports have not been checked in _check_config - firewall.core.fw_zone: Method check_source_port is not used, removed - firewall.core.base: Added default to ZONE_TARGETS - firewall.client: Allow to remove ipv:address pair for service destinations - tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent - firewall-cmd: Landscape.io fixes, pylint calm downs - firewall-cmd: Use FirewallCommand for simplification and sequence options - firewall.command: New FirewallCommand for command line client simplification - New services: kshell, rsh, ganglia-master, ganglia-client - firewalld: Cleanup of unused imports, do not translate some deamon messages - firewalld: With fd close interation in runProg, it is not needed here anymore - firewall.core.prog: Add fd close iteration to runProg - firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function - firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib - firewall-config: New add/remove ipset entries from file, remove all entries - firewall-applet: Fix tooltip after applet start with connection to firewalld - firewall-config: Select new zone, service or icmptype if the view was empty - firewalld.spec: Added build requires for iptables, ebtables and ipset - Adding nf_conntrack_sip module to the service SIP - firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist - Drop unneeded python shebangs - Translation updates- New module to search for and change ifcfg files for interfaces not under control of NM - firewall_config: Enhanced messages in status bar - firewall-config: New message window as overlay if not connected - firewall-config: Fix sentivity of option, view menus and main paned if not connected - firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup - firewall-[offline]cmd: Show target in zone information - D-Bus: Completed masquerade methods in FirewallClientZoneSettings - Fixed log-denied rules for icmp-blocks - Keep sorting of interfaces, services, icmp-blocks and other settings in zones - Fixed runtime-to-permanent not to save interfaces under control of NM - New icmp-block-inversion flag in the zones - ICMP type filtering in the zones - New services: sip, sips, managesieve - rich rules: Allow destination action (RHBZ#1163428) - firewall-offline-cmd: New option -q/--quiet - firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file - firewall-[offline-]cmd: Fix option for setting the destination address - firewall-config: Fixed resizing behaviour - New transaction model for speed ups in start, restart, stop and other actions - firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults - Fixed memory leak in dbus_introspection_add_properties - Landscape.io fixes, pylint calm downs - New D-Bus getXnames methods to speed up firewall-config and firewall-cmd - ebtables-restore: No support for COMMIT command - Source port support in services, zones and rich rules - firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets - firewall-config: New active bindings side bar for simple binding changes - Reworked NetworkManager module - Proper default zone handling for NM connections - Try to set zone binding with NM if interface is under control of NM - Code cleanup and bug fixes - Include test suite in the release and install in /usr/share/firewalld/tests - New Travis-CI configuration file - Fixed more broken frensh translations - Translation updates- Fixed ebtables-restore does not support the COMMIT command issue- Fixed translations with python3 - Fixed exception for failed NM import, new doc string - Make ipsets visible per default in firewall-config - Install new fw_nm module - Do not fail if log file could not be opened - Fixed broken fr translation- Enhancements of ipset handling - No cleanup of ipsets using timeouts while reloading - Only destroy conflicting ipsets - Only use ipset types supported by the system - Add and remove several ipset entries in one call using a file - Reduce time frame where builtin chains are on policy DROP while reloading - Include descriptions in --info-X calls - Command line interface support to get and alter descriptions of zones, services, ipsets and icmptypes with permanent option - Properly watch changes in combined zones - Fix logging in rich rule forward rules - Transformed direct.passthrough errors into warnings - Rework of import structures - Reduced calls to get ids for port and protocol names (RHBZ#1305434) - Build and installation fixes by Markos Chandras - Provide D-Bus properties in introspection data - Fix for flaws found by landscape.io - Fix for repeated SUGHUP - New NetworkManager module to get and set zones of connections, used in firewall-applet and firewall-config - configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset) - Code cleanups - Bug fixes- Revert one commit to temporary work-around RHBZ#1309754- Make sure tempdir is created even in offline mode. (RHBZ#1305175)- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Version 0.4.0 - Speed ups - ipset support - MAC address support - Log of denied packets - Mark action in rich rules - Enhanced alteration of config files with command line tools - Use of zone chains in direct interface - firewall-applet enhancement - New services: ceph-mon, ceph, docker-registry, imap, pop3, pulseaudio, smtps, snmptrap, snmp, syslog-tls and syslog - Several bug fixes - Code optimizations- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5- bump versions on old config package obsoletes (f21 is on 0.3.14 now)- Require python3-gobject-base for fedora >= 23 and rhel >= 8 (RHBZ#1242076) - Fix rhel defines: No python3 for rhel-7- Fixed 'pid_file' referenced before assignment (RHBZ#1233232)- reunification of the firewalld spec files for all Fedora releases - fix dependencies for -applet and -config: use_python3 is the proper switch not with_python3 (RHBZ#1232493) - firewalld.spec: - fixed requirements for -applet and -config - man pages: - adapted firewall-applet man page to new version - firewall-applet: - Only honour active connections for zone changes - Change QSettings path and file names - firewall-config: - Only honour active connections for zone changes in the “Change Zones of Connections” menu - Translations: - updated translations - marked translations for “Connections” for review- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix issue with missing polkit policy when installing firewalld on Cloud Edition.- firewall-applet - do not use isSystemTrayAvailable check to fix KDE5 startup - dropped gtk applet remain: org.fedoraproject.FirewallApplet.gschema.xml- renamed python2-firewall to python-firewall - fixed requirements for GUI parts with Python3 - dropped upstream merged python3 patch - firewalld: - print real zone names in error messages - iptables 1.4.21 does not accept limits of 1/day, minimum is 2/day now - rate limit fix for rich rules - fix readdition of removed permanent direct settings - adaption of the polkit domains to use PK_ACTION_DIRECT_INFO - fixed two minor Python3 issues in firewall.core.io.direct - fixed use of fallback configuration values - fixed use without firewalld.conf - firewalld main restructureization - IPv6_rpfilter now also available as a property on D-Bus in the config interface - fixed wait option use for ipXtables - added --concurrent support for ebtables - richLanguage: allow masquerading with destination - richLanguage: limit masquerading forward rule to new connections - ipXtables: No dns lookups in available_tables and _detect_wait_option - full ebtables support: start, stop, reload, panic mode, direct chains and rules - fix for reload with direct rules - fix or flaws found by landscape.io - pid file handling fixes in case of pid file removal - fix for client issue in case of a dbus NoReply error - configuration - new services: dropbox-lansync, ptp - new icmptypes: timestamp-request, timestamp-reply - man pages: - firewalld.zones(5): fixed typos - firewalld.conf(5): Fixed wrong reference to firewalld.lockdown-whitelist page - firewall-applet: - new version using Qt4 fixing several issues with the Gtk version - spec file: - enabled Python3 support: new backends python-firewall and python3-firewall - some cleanup - git: - migrated to github - translations: - migrated to zanata - build environment: - no need for autoconf-2.69, 2.68 is sufficient- Use VARIANT_ID instead of VARIANT for making decisions- Switch to using $VARIANT directly from /etc/os-release- Fix bugs with posttrans - Remove nonexistent fedora-cloud.conf symlink- Remove per-edition config files - Decide on default configuration based on /etc/os-release- use python3 bindings on fedora >=23- enable python2 and python3 bindings for fedora >= 20 and rhel >= 7 - use python3 bindings on fedora >= 22 and rhel >= 8 for firewalld, firewall-config and firewall-applet- firewalld: - ipXtables: use -w or -w2 if supported (RHBZ#1161745, RHBZ#1151067) - DROP INVALID packets (RHBZ#1169837) - don't use ipv6header for protocol matching. (RHBZ#1065565) - removeAllPassthroughs(): remove passthroughs in reverse order (RHBZ#1167100) - fix config.service.removeDestination() (RHBZ#1164584) - firewall-config: - portProtoDialog: other protocol excludes port number/range - better fix for updating zoneStore also in update_active_zones() - fix typo in menu - configuration: - new services: tinc, vdsm, mosh, iscsi-target, rsyncd - ship and install XML Schema files. (#8) - man pages: - firewalld.dbus, firewalld.direct, firewalld, firewall-cmd - spec file: - filesystem subpackage - make dirs&files in /usr/lib/ world-readable (RHBZ#915988)- firewalld: - new runtimeToPermanent and tracked passsthrough support - make permanent D-Bus interfaces more fine grained like the runtime versions (RHBZ#1127706) - richLanguage: allow using destination with forward-port - Rich_Rule.check(): action can't be used with icmp-block/forward-port/masquerade - fixed Python specific D-Bus exception (RHBZ#1132441) - firewall-cmd: - new --runtime-to-permanent to create permanent from runtime configuration - use new D-Bus methods for permanent changes - show target REJECT instead of %REJECT% (RHBZ#1058794) - --direct: make fail messages consistent (RHBZ#1141835) - firewall-config: - richRuleDialog - OK button tooltip indicates problem - use new D-Bus methods for permanent changes - show target REJECT instead of %REJECT% (RHBZ#1058794) - update "Change Zones of Connections" menu on default zone change (RHBZ#11120212) - fixed rename of zones, services and icmptypes to not create new entry (RBHZ#1131064) - configuration: - new service for Squid HTTP proxy server - new service for Kerberos admin server - new services for syslog and syslog-tls - new services for SNMP and SNMP traps - add Keywords to .desktop to improve software searchability - docs: - updated translations - firewalld.richlanguage: improvements suggested by Rufe Glick - firewalld.dbus: various improvements - firewalld.zone: better description of Limit tag - mention new homepage everywhere- Quiet systemctl if cups-browsed.service is not installed- add few Requires to spec (RHBZ#1133167)- firewalld: - improve error messages - check built-in chains in direct chain handling functions (RHBZ#1120619) - dbus_to_python() check whether input is of expected type (RHBZ#1122018) - handle negative timeout values (RHBZ#1124476) - warn when Command/Uid/Use/Context already in lockdown whitelist (RHBZ#1126405) - make --lockdown-{on,off} work again (RHBZ#1111573) - firewall-cmd: - --timeout now accepts time units (RHBZ#994044) - firewall-config: - show active (not default) zones in bold (RHBZ#993655) - configuration: - remove ipp-client service from all zones (RHBZ#1105639). - fallbacks for missing values in firewalld.conf - create missing dirs under /etc if needed - add -Es to python command in lockdown-whitelist.xml (RHBZ#1099065) - docs: - 'direct' methods concern only chains/rules added via 'direct' (RHBZ#1120619) - --remove-[interface/source] don't need a zone to be specified (RHBZ#1125851) - various fixes in firewalld.zone(5), firewalld.dbus(5), firewalld.direct(5) - others: - rpm macros for easier packaging of e.g. services- Fixed wrong default zone names for server and workstation (RHBZ#1120296)- renamed fedora specific zones to FedoraServer and FedoraWorkstation for zone name limitations (length and allowed chars)- New support for Fedora per-product configuration settings for Fedora.next https://fedoraproject.org/wiki/Per-Product_Configuration_Packaging_Draft - Added Fedora server zone (RHBZ#1110711) - Added Fedora workstation zone(RHBZ#1113775)- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- new services: freeipa-*, puppermaster, amanda-k5, synergy, xmpp-*, tor, privoxy, sane - do not use at_console in D-Bus policies (RHBZ#1094745) - apply all rich rules for non-default targets - AppData file (RHBZ#1094754) - separate Polkit actions for desktop & server (RHBZ#1091068) - sanitize missing ip6t_rpfilter (RHBZ#1074427) - firewall/core/io/*: few improvements (RHBZ#1065738) - no load failed error for absent direct.xml file - new DBUS_INTERFACE.getZoneSettings to get all run-time zone settings - fixed creation and deletion of zones, services and icmptypes over D-Bus signals - FirewallClientZoneSettings: Set proper default target - if Python2 then encode strings from sax parser (RHBZ#1059104, RHBZ#1058853) - firewall-cmd: - don't colour output of query commands (RHBZ#1097841) - use "default" instead of {chain}_{zone} (RHBZ#1075675) - New --get-target and --set-target - Create and remove permanent zones, services and icmptypes - firewall-config: - Adding services and icmptypes resulted in duplicates in UI - Use left button menu of -applet in Option menu - firewall-offline-cmd: same functionality as 'firewall-cmd --permanent' - firewall-applet: ZoneConnectionEditor was missing the Default Zone entry - bash-completion: getting zones/services/icmps is different with/without --permanent - firewalld.zone(5): removed superfluous slash (RHBZ#1091575) - updated translations- Fixed persistent port forwarding (RHBZ#1056154) - Stop default zone rules being applied to all zones (RHBZ#1057875) - Enforce trust, block and drop zones in the filter table only (RHBZ#1055190) - Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505) - Fix writing of rule.audit in zone_writer()- fix regression introduced in 0.3.9 (RHBZ#1053932)- fix regressions introduced in 0.3.9 (RHBZ#1054068, RHBZ#1054120)- translation updates - New IPv6_rpfilter setting to enable source address validation (RHBZ#847707) - Do not mix original and customized zones in case of target changes, apply only used zones - firewall-cmd: fix --*_lockdown_whitelist_uid to work with uid 0 - Don't show main window maximized. (RHBZ#1046811) - Use rmmod instead of 'modprobe -r' (RHBZ#1031102) - Deprecate 'enabled' attribute of 'masquerade' element - firewall-config: new zone was added twice to the list - firewalld.dbus(5) - Enable python shebang fix again - firewall/client: handle_exceptions: Use loop in decorator - firewall-offline-cmd: Do not mask firewalld service with disabled option - firewall-config: richRuleDialogActionRejectType Entry -> ComboBox - Rich_Rule: fix parsing of reject element (RHBZ#1027373) - Show combined zones in permanent configuration (RHBZ#1002016) - firewall-cmd(1): document exit code 2 and colored output (RHBZ#1028507) - firewall-config: fix RHBZ#1028853- fix memory leaks - New option --debug-gc - Python3 compatibility - Better non-ascii support - several firewall-config & firewall-applet fixes - New --remove-rules commands for firewall-cmd and removeRules methods for D-Bus - Fixed FirewallDirect.get_rules to return proper list - Fixed LastUpdatedOrderedDict.keys() - Enable rich rule usage in trusted zone (RHBZ#994144) - New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and INVALID_UID- Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376) - bash-completion: --permanent --direct options - firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087) - firewall-cmd: use client's exception_handler instead of catching exceptions ourselves - FirewallClientZoneSettings: fix {add|remove|query}RichRule() - Extend amanda-client service with 10080/tcp (RHBZ#1016867) - Simplify Rich_Rule()_lexer() by using functions.splitArgs() - Fix encoding problems in exception handling (RHBZ#1015941)- firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958) - firewall-cmd: fix variable name (RHBZ#1015011)- remove superfluous po files from archive- firewalld.richlanguage.xml: correct log levels (RHBZ#993740) - firewall-config: Make sure that all zone settings are updated properly on firewalld restart - Rich_Limit: Allow long representation for duration (RHBZ#994103 - firewall-config: Show "Changes applied." after changes (RHBZ#993643) - Use own connection dialog to change zones for NM connections - Rename service cluster-suite to high-availability (RHBZ#885257) - Permanent direct support for firewall-config and firewall-cmd - Try to avoid file descriptor leaking (RHBZ#951900) - New functions to split and join args properly (honoring quotes) - firewall-cmd(1): 2 simple examples - Better IPv6 NAT checking. - Ship firewalld.direct(5).- Only use one PK action for configuration (RHBZ#994729) - firewall-cmd: indicate non-zero exit code with red color - rich-rule: enable to have log without prefix & log_level & limit - log-level warn/err -> warning/error (RHBZ#1009436) - Use policy DROP while reloading, do not reset policy in restart twice - Add _direct chains to all table and chain combinations - documentation improvements - New firewalld.direct(5) man page docbook source - tests/firewall-cmd_test.sh: make rich language tests work - Rich_Rule._import_from_string(): improve error messages (RHBZ#994150) - direct.passthrough wasn't always matching out_signature (RHBZ#967800) - firewall-config: twist ICMP Type IP address family logic. - firewall-config: port-forwarding/masquerading dialog (RHBZ#993658) - firewall-offline-cmd: New --remove-service= option (BZ#969106) - firewall-config: Options->Lockdown was not changing permanent. - firewall-config: edit line on doubleclick (RHBZ#993572) - firewall-config: System Default Zone -> Default Zone (RHBZ#993811) - New direct D-Bus interface, persistent direct rule handling, enabled passthough - src/firewall-cmd: Fixed help output to use more visual parameters - src/firewall-cmd: New usage output, no redirection to man page anymore - src/firewall/core/rich.py: Fixed forwad port destinations - src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask - doc/xml/firewalld.zone.xml: Added more information about masquerade use - Prefix to log message is optional (RHBZ#998079) - firewall-cmd: fix --permanent --change-interface (RHBZ#997974) - Sort zones/interfaces/service/icmptypes on output. - wbem-https service (RHBZ#996668) - applet&config: add support for KDE NetworkManager connection editor - firewall/core/fw_config.py: New method update_lockdown_whitelist - Added missing file watcher for lockdown whitelist in config D-Bus interface - firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct - Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376)- several rich rule check enhancements and fixes - firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505) - firewall-cmd(1): improve description of direct options (RHBZ#970509) - several firewall-applet enhancements and fixes - New README - several doc and man page fixes - Service definitions for PCP daemons (RHBZ#972262) - bash-completion: add lockdown and rich language options - firewall-cmd: add --permanent --list-all[-zones] - firewall-cmd: new -q/--quiet option - firewall-cmd: warn when default zone not active (RHBZ#971843) - firewall-cmd: check priority in --add-rule (RHBZ#914955) - add dhcpv6 (for server) service (RHBZ#917866) - firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source - firewall-cmd: print result (yes/no) of all --query-* commands - move permanent-getZoneOf{Interface|Source} from firewall-cmd to server - Check Interfaces/sources when updating permanent zone settings. - FirewallDConfig: getZoneOfInterface/Source can actually return more zones - Fixed toaddr check in forward port to only allow single address, no range - firewall-cmd: various output improvements - fw_zone: use check_single_address from firewall.functions - getZoneOfInterface/Source does not need to throw exception - firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask - firewall.core.io.service: Properly check port/proto and destination address - Install applet desktop file into /etc/xdg/autostart - Fixed option problem with rich rule destinations (RHBZ#979804) - Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790) - Updated firewall-offline-cmd - Use priority in add, remove, query and list of direct rules (RHBZ#979509) - New documentation (man pages are created from docbook sources) - firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods - direct: pass priority also to client.py and firewall-cmd - applet: New blink and blink-count settings - firewall.functions: New function ppid_of_pid - applet: Check for gnome3 and fix it, use new settings, new size-changed cb - firewall-offline-cmd: Fix use of systemctl in chroot - firewall-config: use string.ascii_letters instead of string.letters - dbus_to_python(): handle non-ascii chars in dbus.String. - Modernize old syntax constructions. - dict.keys() in Python 3 returns a "view" instead of list - Use gettext.install() to install _() in builtins namespace. - Allow non-ascii chars in 'short' and 'description' - README: More information for "Working With The Source Repository" - Build environment fixes - firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base - firewall-applet: New setting show-inactive - Don't stop on reload when lockdown already enabled (RHBZ#987403) - firewall-cmd: --lockdown-on/off did not touch firewalld.conf - FirewallApplet.gschema.xml: Dropped unused sender-info setting - doc/firewall-applet.xml: Added information about gsettings - several debug and log message fixes - Add chain for sources so they can be checked before interfaces (RHBZ#903222) - Add dhcp and proxy-dhcp services (RHBZ#986947) - io/Zone(): don't error on deprecated family attr of source elem - Limit length of zone file name (to 12 chars) due to Netfilter internals. - It was not possible to overload a zone with defined source(s). - DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone} - New runtime getSettings for services and icmptypes, fixed policies callbacks - functions: New functions checkUser, checkUid and checkCommand - src/firewall/client: Fixed lockdown-whitelist-updated signal handling - firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule - Rich rule service: Only add modules for accept action - firewall/core/rich: Several fixes and enhanced checks - Fixed reload of direct rules - firewall/client: New functions to set and get the exception handler - firewall-config: New and enhanced UI to handle lockdown and rich rules - zone's immutable attribute is redundant - Do not allow to set settings in config for immutable zones. - Ignore deprecated 'immutable' attribute in zone files. - Eviscerate 'immutable' completely. - FirewallDirect.query_rule(): fix it - permanent direct: activate firewall.core.io.direct:Direct reader - core/io/*: simplify getting of character data - FirewallDirect.set_config(): allow reloading- Remove migrating to a systemd unit file from a SysV initscript - Remove pointless "ExclusiveOS" tag- Fixed rich rule check for use in D-Bus- new service files - relicensed logger.py under GPLv2+ - firewall-config: sometimes we don't want to use client's exception handler - When removing Service/IcmpType remove it from zones too (RHBZ#958401) - firewall-config: work-around masquerade_check_cb() being called more times - Zone(IO): add interfaces/sources to D-Bus signature - Added missing UNKNOWN_SOURCE error code - fw_zone.check_source: Raise INVALID_FAMILY if family is invalid - New changeZoneOfInterface method, marked changeZone as deprecated - Fixed firewall-cmd man page entry for --panic-on - firewall-applet: Fixed possible problems of unescaped strings used for markup - New support to bind zones to source addresses and ranges (D-BUS, cmd, applet - Cleanup of unused variables in FirewallD.start - New firewall/fw_types.py with LastUpdatedOrderedDict - direct.chains, direct.rules: Using LastUpdatedOrderedDict - Support splitted zone files - New reader and writer for stored direct chains and rules - LockdownWhitelist: fix write(), add get_commands/uids/users/contexts() - fix service_writer() and icmptype_writer() to put newline at end of file - firewall-cmd: fix --list-sources - No need to specify whether source address family is IPv4 or IPv6 - add getZoneOfSource() to D-Bus interface - Add tests and bash-completion for the new "source" operations - Convert all input args in D-Bus methods - setDefaultZone() was calling accessCheck() *after* the action - New uniqify() function to remove duplicates from list whilst preserving order - Zone.combine() merge also services and ports - config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518) - firewall-applet: more fixes to make the address sources family agnostic - Better defaults for lockdown white list - Use auth_admin_keep for allow_any and allow_inactive also - New D-Bus API for lockdown policies - Use IPv4, IPv6 and BRIDGE for FirewallD properties - Use rich rule action as audit type - Prototype of string-only D-Bus interface for rich language - Fixed wrongly merged source family check in firewall/core/io/zone.py - handle_cmr: report errors, cleanup modules in error case only, mark handling - Use audit type from rule action, fixed rule output - Fixed lockdown whitelist D-Bus handling method names - New rich rule handling in runtime D-Bus interface - Added interface, source and rich rule handling (runtime and permanent) - Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown - Write changes in setLockdownWhitelist - Fixed typo in policies log message in method calls - firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling - Don't check access in query/getLockdownWhitelist*() - firewall-cmd: Also output masquerade flag in --list-all - firewall-cmd: argparse is able to convert argument to desired type itself - firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist - Makefile.am: add missing files - firewall-cmd_test.sh: tests for rich rules - Added lockdown, source, interface and rich rule docs to firewall-cmd - Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098) - Use in metavar for firewall-cmd parser- removed unintentional en_US.po from tarball- Fix signal handling for SIGTERM - Additional service files (RHBZ#914859) - Updated po files - s/persistent/permanent/ (Trac Ticket #7) - Better behaviour when running without valid DISPLAY (RHBZ#955414) - client.handle_exceptions(): do not loop forever - Set Zone.defaults in zone_reader (RHBZ#951747) - client: do not pass the dbus exception name to handler - IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741) - firewall-cmd: do not use deprecated BaseException.message - client.py: fix handle_exceptions() (RHBZ#951314) - firewall-config: check zone/service/icmptype name (RHBZ#947820) - Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257) - firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230) - FirewallError.get_code(): check for unknown error- Make permanenent changes work with Python 2.7.4 (RHBZ#951741)- Use explicit file lists for make dist - New rich rule validation check code - New global check_port and check_address functions - Allow source white and black listing with the rich rule - Fix error handling in case of unsupported family in rich rule - Enable ip_forwarding in masquerade and forward-port - New functions to read and write simple files using filename and content - Add --enable-sysconfig to install Fedora-specific sysconfig config file. - Add chains for security table (RHBZ#927015) - firewalld.spec: no need to specify --with-systemd-unitdir - firewalld.service: remove syslog.target and dbus.target - firewalld.service: replace hard-coded paths - Move bash-completion to new location. - Revert "Added configure for new build env" - Revert "Added Makefile.in files" - Revert "Added po/Makefile.in.in" - Revert "Added po/LINGUAS" - Revert "Added aclocal.m4" - Amend zone XML Schema- Added rich language support - Added lockdown feature - Allow to bind interfaces and sources to zones permanently - Enabled IPv6 NAT support masquerading and port/packet forwarding for IPv6 only with rich language - Handle polkit errors in client class and firewall-config - Added priority description for --direct --add-rule in firewall-cmd man page - Add XML Schemas for zones/services/icmptypes XMLs - Don't keep file descriptors open when forking - Introduce --nopid option for firewalld - New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782) - Update cluster-suite service (RHBZ#885257) - firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912) - Fix interaction problem of changed event of gtk combobox with polkit-kde by processing all remaining events (RHBZ#915892) - Stop default zone rules being applied to all zones (RHBZ#912782) - Firewall.start(): don't call set_default_zone() - Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages - firewalld-cmd: make --state verbose (RHBZ#886484) - improve firewalld --help (RHBZ#910492) - firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834) - Continue loading zone in case of wrong service/port etc. (RHBZ#909466) - Check also services and icmptypes in Zone() (RHBZ#909466) - Increase the maximum length of the port forwarding fields from 5 to 11 in firewall-config - firewall-cmd: add usage to fail message - firewall-cmd: redefine usage to point to man page - firewall-cmd: fix visible problems with arg. parsing - Use argparse module for parsing command line options and arguments - firewall-cmd.1: better clarify where to find ACTIONs - firewall-cmd Bash completion - firewall-cmd.1: comment --zone= usage and move some options - Use zone's target only in %s_ZONES chains - default zone in firewalld.conf was set to public with every restart (#902845) - man page cleanup - code cleanup- Another fix for RHBZ#912782- Stop default zone rules being applied to all zones (RHBZ#912782)- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild- Default zone in firewalld.conf was reseted with every restart (RHBZ#902845) - Add icon cache related scriptlets for firewall-config (RHBZ#902680) - Fix typo in firewall-config (RHBZ#895812) - Fix few mistakes in firewall-cmd(1) man page- firewall-cmd: use -V instead of -v for version info (RHBZ#886477) - firewall-cmd: don't check reload()'s return value (RHBZ#886461) - actually install firewalld.zones.5 - firewall-config: treat exceptions when adding new zone/service/icmp (RHBZ#886602) - firewalld.spec: Fixed requirements of firewall-config to use gtk2 and pygobject3 - Fail gracefully when running in non X environment.(RHBZ#886551) - offline-cmd: fail gracefully when no s-c-f config - fix duplicated iptables rules (RHBZ#886515) - detect errors and duplicates in config file (RHBZ#886581) - firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive - firewalld.spec: fixed requirements, require pygobject3-base - frewall-applet: Unused code cleanup - firewall-applet: several usability fixes and enhancements (RHBZ#886531) (RHBZ#886534) - firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558) - Moved fallback zone and minimal_mark to firewall.config.__init__ - Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again (RHBZ#886432) - Make default zone default for all unset connections/interfaces (RHBZ#888288) (RHBZ#882736) - firewall-config: Use Gtk.MessageType.WARNING for warning dialog - firewall-config: Handle unknown services and icmptypes in persistent mode - firewall-config: Do not load settings more than once - firewall-config: UI cleanup and fixes (RHBZ#888242) - firewall-cmd: created alias --change-zone for --change-interface - firewall-cmd man page updates (RHBZ#806511) - Merged branch 'build-cleanups' - dropped call to autogen.sh in build stage, not needed anymore due to 'build-cleanups' merge- require pygobject3-base instead of pygobject3 (no cairo needed) (RHBZ#874378) - fixed dependencies of firewall-config to use gtk3 with pygobject3-base and not pygtk2- Fixed more _xmlplus (PyXML) incompatibilities to python xml - Several man page updates - Fixed error in addForwardPort, removeForwardPort and queryForwardPort - firewall-cmd: use already existing queryForwardPort() - Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394) - firewall-config: Do not force to show labels in the main toolbar - firewall-config: Dropped "Change default zone" from toolbar - firewall-config: Added menu entry to change zones of connections - firewall-applet: Zones can be changed now using nm-connection-editor (rhbz#876661) - translation updates: cs, hu, ja- tests/firewalld_config.py: tests for config.service and config.icmptype - FirewallClientConfigServiceSettings(): destinations are dict not list - service/zone/icmptype: do not write deprecated name attribute - New service ntp - firewall-config: Fixed name of about dialog - configure.in: Fixed getting of error codes - Added coding to all pyhton files - Fixed copyright years - Beautified file headers - Force use of pygobject3 in python-slip (RHBZ#874378) - Log: firewall.server.config_icmptype, firewall.server.config_service and firewall.server.config_zone: Prepend full path - Allow ":" in interface names for interface aliases - Add name argument to Updated and Renamed signal - Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments - firewall-config.glade file cleanup - firewall-config: loadDefaults() can throw exception - Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services and icmp types - New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035) - firewall-cmd: Fix typo in help output, allow default zone usage for permanenent options - Translation updates: cs, fr, ja, pt_BR and zh_CN- firewall-config: some UI usability changes - firewall-cmd: New option --list-all-zones, output of --list-all changed, more option combination checks - firewall-applet: Replaced NMClient by direct DBUS calls to fix python core dumps in case of connection activates/deactivates - Use fallback 'C' locale if current locale isn't supported (RHBZ#860278) - Add interfaces to zones again after reload - firewall-cmd: use FirewallClient().connected value - firewall-cmd: --remove-interface was not working due to a typo - Do not use restorecon for new and backup files - Fixed use of properties REJECT and DROP - firewalld_test.py: check interfaces after reload - Translation updates - Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by anaconda for firewall configuration (e.g. kickstart) - Fix python shebang to use -Es at installation time for bin_SCRIPTS and sbin_SCRIPTS and at all times in gtk3_chooserbutton.py - tests/firewalld_config.py: update test_zones() test case - Config interface: improve renaming of zones/services/icmp_types - Move emiting of Added signals closer to source. - FirewallClient(): config:ServiceAdded signal was wrongly mapped - Add argument 'name' to Removed signal - firewall-config: Add callbacks for config:[service|icmp]-[added|removed] - firewall-config: catch INVALID_X error when removing zone/service/icmp_type - firewall-config: remove unused code - Revert "Neutralize _xmlplus instead of conforming it" - firewall-applet: some UI usability changes - firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings- Do not apply old settings to zones after reload - FirewallClient: Added callback structure for firewalld signals - New firewall-config with full zone, service and icmptype support - Added Shields Up/Down configuration dialog to firewall-applet - Name attribute of main tag deprecated for zones, services and icmptypes, will be ignored if present - Fixed wrong references in firewalld man page - Unregister DBus interfaces after sending out the Removed signal - Use proper DBus signature in addIcmpType, addService and addZone - New builtin property for config interfaces - New test case for Config interface - spec: use new systemd-rpm macros (rhbz#850110) - More config file verifications - Lots of smaller fixes and enhancements- use new systemd-rpm macros (rhbz#850110)- Update of firewall-config - Some bug fixes- New D-BUS interface for persistent configuration - Aded support for persistent zone configuration in firewall-cmd - New Shields Up feature in firewall-applet - New requirements for python-decorator and pygobject3 - New firewall-config sub-package - New firewall-convert-scfw-config config script- Fixed traceback in firewall-cmd for failed or canceled authorization, return proper error codes, new error codes NOT_RUNNING and NOT_AUTHORIZED - Enhanced firewalld service file (RHBZ#806868) and (RHBZ#811240) - Fixed duplicates in zone after reload, enabled timed settings after reload - Removed conntrack --ctstate INVALID check from default ruleset, because it results in ICMP problems (RHBZ#806017). - Update interfaces in default zone after reload (rhbz#804814) - New man pages for firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5) and firewalld.zone(5), updated firewall-cmd man page (RHBZ#811257) - Fixed firewall-cmd help output - Fixed missing icon for firewall-applet (RHBZ#808759) - Added root user check for firewalld (RHBZ#767654) - Fixed requirements of firewall-applet sub package (RHBZ#808746) - Update interfaces in default zone after changing of default zone (RHBZ#804814) - Start firewalld before NetworkManager (RHBZ#811240) - Add Type=dbus and BusName to service file (RHBZ#811240)- fixed firewalld.conf save exception if no temporary file can be written to /etc/firewalld/- firewall-cmd: several changes and fixes - code cleanup - fixed icmp protocol used for ipv6 (rhbz#801182) - added and fixed some comments - properly restore zone settings, timeout is always set, check for 0 - some FirewallError exceptions were actually not raised - do not REJECT in each zone - removeInterface() don't require zone - new tests in firewall-test script - dbus_to_python() was ignoring certain values - added functions for the direct interface: chains, rules, passthrough - fixed inconsistent data after reload - some fixes for the direct interface: priority positions are bound to ipv, table and chain - added support for direct interface in firewall-cmd: - added isImmutable(zone) to zone D-Bus interface - renamed policy file - enhancements for error messages, enables output for direct.passthrough - added allow_any to firewald policies, using at leas auth_admin for policies - replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by COMMAND_FAILED, resorted error codes - new firewalld configuration setting CleanupOnExit - enabled polkit again, found a fix for property problem with slip.dbus.service - added dhcpv6-client to 'public' (the default) and to 'internal' zones. - fixed missing settings form zone config files in "firewall-cmd --list=all --zone=" call - added list functions for services and icmptypes, added --list=services and --list=icmptypes to firewall-cmd- enabled dhcpv6-client service for zones home and work - new dhcpv6-client service - firewall-cmd: query mode returns reversed values - new zone.changeZone(zone, interface) - moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded by files in /etc/firewalld (no overload of immutable zones block, drop, trusted) - reset MinimalMark in firewalld.cnf to default value - fixed service destination (addresses not used) - fix xmlplus to be compatible with the python xml sax parser and python 3 by adding __contains__ to xml.sax.xmlreader.AttributesImpl - use icon and glib related post, postun and posttrans scriptes for firewall - firewall-cmd: fix typo in state - firewall-cmd: fix usage() - firewall-cmd: fix interface action description in usage() - client.py: fix definition of queryInterface() - client.py: fix typo in getInterfaces() - firewalld.service: do not fork - firewall-cmd: fix bug in --list=port and --port action help message - firewall-cmd: fix bug in --list=service- moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded by files in /etc/firewalld (no overload of immutable zones block, drop, trusted)- added missing firewall.dbus_utils- added glib2-devel to build requires, needed for gsettings.m4 - added --with-system-unitdir arg to fix installaiton of system file - added glib-compile-schemas calls for postun and posttrans - added EXTRA_DIST file lists- version 0.2.0 with new FirewallD1 D-BUS interface - supports zones with a default zone - new direct interface as a replacement of the partial virt interface with additional passthrough functionality - dropped custom rules, use direct interface instead - dropped trusted interface funcionality, use trusted zone instead - using zone, service and icmptype configuration files - not using any system-config-firewall parts anymore- new version 0.1.3 - restore all firewall features for reload: panic and virt rules and chains - string fixes for firewall-cmd man page (by Jiri Popelka) - fixed firewall-cmd port list (by Jiri Popelka) - added firewall dbus client connect check to firewall-cmd (by Jiri Popelka) - translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta, uk, zh_CN- fixed package according to package review (rhbz#665395): - non executable scripts: dropped shebang - using newer GPL license file - made /etc/dbus-1/system.d/FirewallD.conf config(noreplace) - added requires(post) and (pre) for chkconfig- new version 0.1.1 - fixed source path in POTFILES* - added missing firewall_config.py.in - added misssing space for spec_ver line - using firewall_config.VARLOGFILE - added date to logging output - also log fatal and error logs to stderr and firewall_config.VARLOGFILE - make log message for active_firewalld fatal- initial package (proof of concept implementation) 0.9.11-4.el8 firewallapplet.conffirewall-applet.desktopfirewall-appletfirewall-applet-error.pngfirewall-applet-panic.pngfirewall-applet.pngfirewall-applet-error.pngfirewall-applet-panic.pngfirewall-applet.pngfirewall-applet-error.pngfirewall-applet-panic.pngfirewall-applet.pngfirewall-applet-error.pngfirewall-applet-panic.pngfirewall-applet.pngfirewall-applet-error.pngfirewall-applet-panic.pngfirewall-applet.pngfirewall-applet-error.svgfirewall-applet-panic.svgfirewall-applet.svgfirewall-applet.1.gz/etc//etc/firewall//etc/xdg/autostart//usr/bin//usr/share/icons/hicolor/16x16/apps//usr/share/icons/hicolor/22x22/apps//usr/share/icons/hicolor/24x24/apps//usr/share/icons/hicolor/32x32/apps//usr/share/icons/hicolor/48x48/apps//usr/share/icons/hicolor/scalable/apps//usr/share/man/man1/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2noarch-redhat-linux-gnu directoryASCII textUTF-8 Unicode textPython script, ASCII text executablePNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedPNG image data, 22 x 22, 8-bit/color RGBA, non-interlacedPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedSVG Scalable Vector Graphics imagetroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)Rutf-849e686b5a0f8f5c9012bf0f43b43d211e73abdf26d9151fef33ce3007c4953e8?@7zXZ !#,㙋]] b2u jӫ`(y/g9jH{1\n~qZf:m꺶ȪL;0zm!5B>1B<Єw w^trnݵq{.¶| S.b47aUF`Kk"'tX2h<I!r: ِ<yΦN#`2o),_!I$$J /F@Wݟ-hs9H]rIPc*`A{(!%kci1DEN3鍞2MxX޾`_' #=1rֱzW19_UI:w۶qجHʼnϽk!cxPK6Jl#\YF'C$8=o},)qLT#EXX _Q̿rTJYm依Y6/J4>r¢!+ i%sѯ'B%U76# -hߦ|1k wZN8vv  Mmy~U~V -U`2˙veCvØfO>熲 r@eR;PWw-$Q.$Y{tFG|yÌQ9ͮ#}ف]׋Z*1WI)/%%R`̮Sù65Dt;h ^ O$,%G;%5_s_,W7xH\u { q U\+ p~£8ilOk8ZXA5YwEhѸ@y֕IˢYsHe7v'Ԩ%>j7M( /r#(;ܹfmoA:G=p3+8t OBJHҷbL W{ݡhu;dGLu[Vx6NY!Zy$05b e?`04;`!1"ެ.UAoX.>C WfD6pmΈ\bCPTѺeKz2 0mwZS92{uf::0"V]#Ar^LRvܟWY?o/P#BM!,.}f-0xݮɻKdM +.JxȂfƏSwjmH!Ǥ9m/9!NqhlC"2p]a pڒ.ÐxY(&k+PN ^9^iݣXA34Hq,y%A pf0Q Z̪V_)Ýr [XfÅpkŽjBs&\m1 0r*MI-o. .&}@nF8o>G;UQpΝko}wd>'OWYJVcN/%=|T=,}3CObəF3VMCP |1S#~1`X`KmsZJn!") xZi۪4tM2\s<goKP2jD;$Lydiy8NPwGyO.saMLqkACjT:T'(H04A5Z27WR+%ۋI1(@jH5+F"eGdXtu69Ϡnرoɋ8orH O&g` a9g~Ƙ(HŠ.FA5BFvQT瘁N~)~5}nxt"c8qBE~"滰# D_Nϛ=';sM GGx }g݀421wKoNOw'r.LRjoFGh,_Z_etR"MSn> 7guBau ^;bW%߿b!ӫrOE@l)guwXLC_+Hɫ^+CS\%1,3獺  (7 `՞1J(P^Aڷۗ]@*^jdo7j%*%}V`+?t}[pyf IohW*Ns4]#5تM*Uԭzx+_%f&"^*n^vOV0MdY .҈"mC9h$ou}ud)`Vo푑 ߌbǬ-0& "~݄V_8hV#(Sx]R 3DF Tl*IE@VЭ*l8'9(UDһ MmAtofV ?AA8%󶝨PX<>P}q$5j\-VjE'$lPu 7iUlf/ڙhM*5~R4tf)ڢ3=EQD nń/̣y -:& t&}SG"VҖ)!;p$$Xo5KC EZ{74_}\F%\<a>ʷV˸xLސ}r8 $iڜuRLW)c?*@&َaQǹ쀠&6G\K{Ti.wnx+GJ7L0³?DH{H3|rHL͔e뮁zYxS݀ ij1Kѹ=/Kļ[%Z 1{b/xAlϛ~K`LSvU=a¿Wҳ/;,&8#jonoϥb!̛Źvlp[DK]ܐ1-? s6PpA&X3>ПK>|re:yXj ЖY['mԸåYpywnOa%sU?6Sav{jC!^|>hzf7;8IKݢIpC[ѶХĜ({Sh񈉹{uCa&HeʦpafmZGH48&1ӫd23ʦN#TcWj^ 7khO̮>@i/ثsεKZN`~<$I4LtYti9-HR F3Dh&AwRQpyЁ'GdF >sIc4OR/7 {@rWi{rԱˉjg7~'r7K+)۞{ b\ (vCM:gjZN*oy(=oH'hrg|dKl!' C6+srw!'? MZJA.q 3ވkbp }@Y]nje">}-dd`*fZ*,| b /-WOgZXP9}4k$D̾#'hdU\vު9Z>׉g_;*V'uWjt^0I'T^W3>Y7ʲ6ȶ⃚N}4:XR=OSd8ju~I܁c k kP9Lr_v59[,;ٔJeSEAS2J)u 9Ay\72vB๱87|cDyH?ѱ1'T!@6| ӅP ]$ f+j'7vwYIBŃr19MnG)vDۙ*5PvXr3Lzo(cO)p>$ӒCkhL;K~}L@EsUY&?γEZAbAMl&I,(yD1@fž']?Q TN#Q:oypWOqd/qiGQ=- +E;WcCWُW'ʕU,N&(|?jp:nDBuC1+L9o~G{ʐY!wYt n3,8f)1jY: xV-_hhkG8u8LeK;y EH6 /50"H48iw ee _ _mG^Sŏ̷+FG5,$z]yLv.nib X4)Z#h=-k2+P`U]FxԼ_N5شQ̘?ZN!#Sz]#;vz*c7sBZ(@3kR_ٴ0xiph(W#"J':U .eNބ33/ВƒC`qq޷g@7u:-uNc20X8u.]yotL3˵ UM4׿ \dybLgaoreAXώFj&b@2d*7=:X>/DπF\P l$ɤM#4a^ U@|}R4| Z/FӡJ {',KH,φ/4gL +}mF* +>Y>P!ɺ4VnDQ jNA6h r"Lb-oCpzO/E%꫌/giZWP͏:[B mZ+Ay ߓ!Yᄔ]-Ffe14):7:LqC a] ם J+c݁&J 9͛]2g"ˑ^i˱h;5φ4~]bӌN&f 8ZDcOl/g_#o;kJ+kylpD-dliY3$xWIVkMӲ&ZQbrT;yqok?" m"C8wCmb&ۅ FiG%(0& }jhtXZX8z<wB'~Ic(0?djvy4ٹDh,;2DMb.SN>Zrg .{O,`q7_XtM@Ax܈u-ٟ7.wpRSk)Ll]}' DC;M7OXhaj$P COe.WX"+b=*Û z¤#JYPVC׃X"W--hr7-pυo2͆&,IBM{qCxn/s^(u 58R|6uB%h MJKQTSe͝s\Fn_$%8YBH~oX;#郞z97 hp*{h۱uZ۞% 0P*B”ĨztU96T4P6H{+`gV \MRZøV:) w! G $9gM걀_LvC2e󬯏F!|Q%ΙQA&$ E1D`+5vjYzF*R5(b6!|ޜj <=Dl0 i-'Htk1H&nM99ͪ=7'E'& Z9ϝ1R^n~*͡w݉e"N/Ec|@-US|(? h FCEгRƕ"lgr0Rx3`0gjXo@ʣ܆gfƽE|(-gןNe m PW˃ jkT,2]aghi]T,\Tܰ|_OIÐFvB(eF8d:i$~A˿%e}30Y:Pl:yM,8ldszX,y{&i:(Ф#KELC׼%?` +R FlG#~#sI?b9W"mdR ֟ PWm0RLVkŁ-n^L.Wf 1lAC"9q IC: ~]o|' f4KL_vo)u@_7uF+0WÎ֋҈E9T[/g`*#$2'1d}``R)qsdñavKXՠ?yBaEOAKy{s!s;":*tyD$G՟ XPwqRu7lyՔfZ TRa('BGL&wG'p=Id7\5Cg8m'9/);(k-WFt@n# _cwg…σrh2S!"4\yA@@vol $4 O+<U~-hzs[rjȿh*_'|2ˁ+\kR>ݶ75=u]sG ұZYlv(G.xZ̙g%=]G{(3Y)U`)jZz:]bl $;iE$]i#b!?m2'!xxC$\$~vfA~Wtgk-2Ɩ%a⣸O3~;Qlf̦%첞d):ɖ@lzdK("pEwX 웩O<H-3̊5}e)^zmlLUBQEO¡уvm;zWʷD;0r>q5>NѺlѺ?^}pO݌ "V:'Dpe4h| Z@ru Bģk1l>]M.\ <"l cgyԎ"< ~:ED5ۀ@Tqو뺍OJrl=YxjR270wkR{LfP$۝s'Wlp3$q7՗a`/IPRy-pDݬ m_ao-H*9*">dG.FAyxj~#*P*kѨr ]yo[^fntXK򱸿`zNYV'yCU%2( V\i:BSV_+V3ViU%vQlJ,k$F aIi-`aDK,xΝx9yVoo#嗸Ն0d E̷@l"VEzVZi@4R!?Nw{ǡN+![ iV`@ξfu~]o$ǖ9YCG״ lܚ>ut~ =Gq{oGBj60% $E 6 )9s'")sSŲ[oTL} _DݰŦ ACZɢ t Ŧ_}-'q|&NBԵ&ph8g:*21oۮad$U>Q|qWroq>~@+̩Ie|`oT|˹t}#A ڰ,Y=^DP wo7 6MW ]7N(GEo;OBI tm4iN $ u򉂃1[Bf/W ޥn OpR Va=ݡp6Nd٤{U)$ϖn-kvXwJ*ڇn7&2jxPZ3ČQG+-n}g="H,n ǸOco?3;g@ЮMr46#vHY"N%v.CD-@<FYQEgGͬ8O&0C]oKx@m94uP8e!*f| /aX!9tHGF6Eq[S(ѡ=QZ`p'tEgDm;IrdA۱sN?ϢeNR?JG"%t>8=Ɩ%Z9iZ˼kO/} (U m EMph X.~&n)zm}AAI@agm2R#v]n0 χQx}E\ݡJ/>~BLz}srTHy90{hfvjwSsx,୦7caFc)@^ 9{SCR؆ZKpwOgJZ}$ jSg2Ua3 œ8E(t^VC?( +Ի:u0qhJ`&DLGXEQM~>vKbyT%'̓ éq(=`mW P[zaÂrDEZ%տnΪ,fŲں6\zu((~CfebBgS#ĞY3-&>GN=A'@epMW+q2б$}GFpX, Zj()8@򨗱_ Š"ISڀ>YKmN289~7-# K 5XZ-,s^x5 a-2ĖcXʠ %<tQp|m3^>Ɂ=~l[sOmQ}"4DrI8PAŤ% XIhdRxfUj_?(+qLlRv黔3FvNѽeҺ8[9=Y_1WsJP@Qe%fw@j8|aֽ]hS ,VvFDo JZ -}z:mJd&Bޱw+|7La'c6@Z-59s瀅7zzu.!H9 P&Mu5\n40hIw6݈;<WaîDIδ1Yf \nA!9ϮNu Remߙ]P1N،B$DȯZ ϟ8J͸Qmz:No I7♙@7,[PՁ{Zz9T+$H~e8nԒzyP rGEGNQhٷPO-{kFWp#QZg><- 5 Ur!/'QD ׆. pM$wDAqN]ŜkIk讯"\tĝ91:1_ [Ia늿.?I @>Y%hש\0JCcs 6T@TSܝ%@NQѣ~u* /qpɎ/VkqX%傝E;zťu;}4q˩V~ת@VuKE=ql³wϗz9c4DlPAo j3)AN('d=ާIs;k.{ucNk˄+`DxwARyt{dSmxfOdsm*Hf\eqy0>\Y!,jU1 ۢ`J'|Ҏ{ c +/=sU*܆Of_>ɨ҆3!_5{@g^Cqm׆N'ϹN/9XeZIِ+~@ JwD=nfBYaAP&kVCf'HeCfJN:vL*40xʫ* Z/'4'ZzFN¯"2ס?Vƈ;7A^ ? DpbS+G{k)!𲭀>FLìI? @J:Gگ:;MPUд>CCmS^I񶈼д3H8(ݡ︶I3o*t^GitTŤ@=+?=sbg%2FþgC$tli]9'P4X1MWN?\K1q?}T::[KP&$6>)۫oX6Bs~Y?_BN莣<q-$ReWƣHvgY"; ۖهO0]V4ZOLRC,Zsr71{q%}=&D=MmjqRu &mE'ex `!E?Q4ϩTnÏsCuL\A"0bEwV5bQwG%ϣ q~1o'kY4M32lC+z_Yj\>߂]wn/\}+,г>Pnd Ǣ_jrn)?-͎ʎ^2p=/+N4F"(wI%,Q&`(_Kݝ_!3S޷/._;X-fV'TJE<5h%L|83tz9)0N䥜%B^x!H;@SHTMPib}؎N6A o1-ӔO1z'լ@(jhEmu}mq?He#\vS}1:.hlxƵ"Tm1zT7znį2 ͘^Ӆv7ۍ'K;=Z~UaϺ1uAmߧMXi>#g ގF|Y$! j@ȎJ RAIZ]$x+r]Y.*<={4Vp̣6S\/,1Dl(J=7ebTܮ҄g !-E{vF-7;eC\s s^QEcN`%}сhe]nS]|<vJ a#7S }.!u- Ns?Fã^© E}̖`B쒫lb{+^yEZ_ ;T- $-\j ~?fơlޡ3s2_&4r7XܡY/v)wlJO8٥]7n> $ncK'e҉IQ$|Q{JF*QgRox+2\ݯ+a5םPIxu~FJSyI_7KB?r5O ͌)3CtN)@l 63'$kٞy՝A]Jp>5-B̗]d )fa4M h<ᥕ/m$Q 1jXEPg[,LMƜO\*#_*獎{R܄k=_TxBϔ-6yT8bNi`,%vi(5*.t~Oo[\8Vӓw5݀,`oZ4@j%<3,"rtA<<IDT%&['/RXl.>{grNx!i닳iԫ5ikr1_H0?m݇+aϨ{ PBph$6 뒫[oXl()%14i@(TmuCGdw S}@FYa}Qpn@ζ]E#)3UyG,4Ta1ԧ1˽4~ixy*KxuY3wC`*nBS ʨEm%KoX O^C_7}$hӈq u[_ɓ Ak}gZ_ޖ՝3LP0g [s7:7Sci&u-8YW+FxN̰2HWYm2H@z]3\Q[ւ!v*r "6/WR cToH[;oC*Zh4nR$2s\!5Yl@x]EA= 屝 hNKIr1ELci)%z7}~Bs ϐo +egLjc!ȲKyBA/XMÜS[O *r"ȯ 9͐ hk ( uTQf~3מa>X2D4k7߆_JXC:n-[5wrQma?u dx_Q2\>+Eu`!` -򽩬&gYB++8]dX)2"P|wo ,4ia8s%x 0P"iLd4o(@x;7:[@}(~q{ hݫK51-XmI;42?#(=>^ b惐 ֡vRTUZWN_ʙ~vQ$>WS9NnPmct#iarq?L;hQ Wb%MP[M E 4ns>~bK~:(zq7`=$x[t&Ʉᰐ:0"*4QP~=Pw y:S)pS}eBXFOk.A6-3XɀLaBFz>TT#|i7?*/-/9* ]s'Y(;apwF\Uq7ftaeNYo.aܽ&y0fG k{(" C8BNPjgF.UEqY0UNs${bBf~2=BXϟwҊVMy{1f׋-_Ce.;1e/K)[9=;L^k5\&G9InE%v]T" qڕDStiA]Xxm\llZ;g/rZw' qŀ}*]v7 } 0}.)"8ʘ-潩Öeg0ȧ 2 וLa4vQÀ'd'@9=RǞn*bC#/Dn!)ص@Ssc`Q"83D%9ÞG\C$絓 n+u@aI4% &XMadLaN=$LN{l=#iIY2[޻} JAՀX#sMm5 a/XaRkds IGt~RWL٬xo2*zD_jaʬTz3RP#p,k(y5x4BYB5b7ߙ4iҀK 8D&C׭e艷*5$H=-Qq}$vd-%^8}bJSG"'\aio(Q}kx M-1"}O6D9}S?ҺA'ݘaIEfu!TՆ,F.jxZ\ˊyCi);S nW#N~4 lL_Ҧ$`^I}IY7$Xgwٟ9fE&s0DąSB! uO;Yfs s֗b/S-E`;0'rIP=yL0)c^uT M7ǀj񝢐Db (w9kߪyUx(NbZz&7b"ޓ h& Zumތgy?lԍ.&ݏm :Q'!mmIwd|] 17=ϕ=cxfPG}P@ I`ýM׳{:e\iG>搃P 5͂'S"^K ='Vks3[A#9òҼ)EW3۳7^t'sB|Ybq2M^65^Ӄ!$5OEl$St'7".+ZZYobuO)gs 3r Dmr $s!C?܋? @T?'"jq m{@rTܯځU\cs(WUtˬ(kR[K+ l|Z+2)SHaXE2<Y ӴBbΗ1.¹-VVÎ݋y4'%V6zJզC %aOLtsfnnQonWNGYTB0O~f5:](aڪ*~*w|}goCȵYNgp/ if\&[ʟ^zߏmbPatqlҜ+} AUfM*p#ULTs JʜhAа/L\%' @>jBwt6zH"3iD~/<ם*17SMNvKf%:zʉA+4ՙyT^9~B+yvkD[jJ @}QLqbįcV]qFM0X#_Mk&ftK҂|+eiKp̚U/& T$6BDTCDea{"mCm+p7Vo˱{!rz;/*w a-57j#)o'`mF0Y汃9?|\׿c͈U-߸ِղCK9bov @5S/$|QUS&cT'q"4ó<s[c$=~Ɏ_~ 3T:UoE=喝u%cj3cW35AG*nՙ"+7-8N zZV欷16F|O8ϲ_C.J0Hinu~R!^hMsΏJH?؁VT >NJlՊG܅zv Bje(SHxźTX=,7 {}E7QV(P>hA.d%DzRyM},FA{6rO!谱؞FrfO p+>1[P흰*1f̯O|< {;ǻKCuhsSBNH J43RhRNμFp9:^C_X$ΊMc >hSi RN>1磉0)wIqt+n8Y:\tGbv.(8O-JKPվT͈|1G[>yM']CGdcVپE{lA$F|+(m#W_#6[h6'B?Y¼ʕ>2O79 aJYUmK37uA6|n}%Uߚ%nlU}1#7/Z+Q d+$(؊~DXϺ;c2 hMĿ'b]ưK+x!Ɉs֑Hn5!6,B->fkOϏ*؜xw}m0E]o,S$huwUI٣QŸQbc27eXc-3 @}( 0=y/Xq?zx,qe/aƅ~fNC1c if=3ٲG^4_>#˷<|OɸNd~xWlG,ٙfFJ$SR4+{퍝r%WI.l)h7w,@#mg{! 듂E~ǽ*+ :%W/m!22Z b(Y]筙6V5 V JYye%d`h!o%E0;)-;n] E$|8U).X #'+t3.vFq0,DZ UE{j^Ã"R>YT o(ig Tۛ }ؿ)4ve) :1 /CH׷glkdᴏj%xt('5ywc븰c'R͡CyͭFŸ9uZ*;Fv A݂ury_,/"x1)MI0T{e+UdJ:U5tׯN B6 kGfdPV bmߦ9DAO) I):m*]1ƞuIM!eU(S Y L|7 xa70& .zu.8XX{9_ek$5_d `zl"Rg-|~ԇ8{?Tؐ,8-<0ǜ!&&-^/RN:"5՜BXZG4GZɍTӠ;xn-SݞI[p0EmE3@'`/1X '@ l* сŨAt_y P,(6BlaKpiHZzG׶TJ<.:ߐ)򾆓^9e$?_ O0"\uĺu@C`ETj,}WM8'ńc~z 63X Hd#& =8 ڪ" qxt^L\ƵD܈zh2ɡ #ȗ{1YyJ?jdO=rLگPA@:(|a`1SUMp8"f/s%edԻp{[_jA$%#r~"AEK$ ArJt?v+4Yg,:}24ިzk(/~SfgӋ'POHZ*˔R[eq[$XqwiE01zQ(nس淁ÜwioҨ㲽nKlтgɷeu?"uk+>MY'X_7{{%QD bٸppۘ e@.dŴ E=镑}i?1]ꀍ:[iөMqɩk=2At6֑ݲ_O"TYP~~>sQ*`(  Y&'23K ܤ-\YDoȦj4-渝ќ %8Vu7i!6B,Qtǥ, ~cnW qؓq7 ͍NvV>uj,ڢ\k1Y/[JtMmQG8~nAܮL VǂדLOEb ,͋9oılIIJA =,z,$c 5@L} Q>,1ya^4Ǔf y ESwV☚C*:@̵&*u_mvEޓt䙘ti+IBK `@1`!-MK[k\_{T_\< c %$N>R|NT+*)Xi<9HZoDvB7cfhƅIapdwtw*1{;-It"o}YxA/3PD=fӣ2ܘ#zq*7 ^ }SH?5eA :0`t"[l}*]?]d6 W?5$$s<ͼUZ 7s׃.{rBh {A@#" a;t|`&mwiPbV1=`ǵj1*,xP  [-"M } 4O$eh!)UqecƼ u a)}jpP8ɷZ4&h{O% zCr]T;'1Aktm2)eSo˼bPedM$?!sd} Et6rY޺ uRߵSX~4Qͱ2@֭爓u'[ R -UA; 9`7ѵPfPb]$W AV0L3S;' I8՜Ke$&fI[} yϏCuۡAV!e!jAgu ARB}Ii .]j.*/F#vnhN=V -LixE+&-ICH;)[<gO<8fO0,kAԾhF4Y h'?v*zle(r*j.\vETW.kϯN#6hWR1Sz@Dw :eG巿_NH~}y{OVKEu-lUaj೜6룾uyMQ0Yk!PR Oz #9կ Cf\[*zGCzuL^[<1ܿɓ~EJᷝU>B"|JP7{J|dP?n^T8Ø"D@lz;jPc H'ZԞB(RNrp{L}hAxI 3^^KWW*v ˮZ)y+uPY2ܫg!iVHɌ֏N$QOTp\p4:HB Po' 77AosBy>+wJFZlcϣxT*.6M 73$T^ѺLFu-3:ausZ "'XTOZ7Weɝf)p^ a\i`` q__V& >߿l.28]=Jc~HgVmf? ]өꙄ#hb*f+{OI)?/~c# q"gk8%Lm@:fsc\׃cۻok{0|x}}b1ߊ5WC2*D;ư9H.Aqs=͘ң(V Impn 8Ϫɲ3I-J hhVs5+)ؒ2/MjP3bJ*=KFs+䜡/FS2IDǒ^5~j֯}<B`' @M@ KR< mzO5z5 +w x2w&yb: tonָ"Y|D}XsUxYIɪZ܇@hG:j[lE,*6PnY@+\ь9](PIpNoV-z55{bp@)]iAY]ױ 8 Y 6y[hkߏ|5Ӄr5?QzQN:Qgw֋qC_R ނ(ݎlV)-@RT_@"'m}FtafJ&h4 K].wɴ ]Y? Tؿ^X\A|+οzQ!nVXǖMg n9i#9 >vI'ui0Y&nMZ)\}:c$+`a9-KQ? n!?95i!ߖ!c1ud7hgLNfblMݛO=Jv]1o=R^:cFfiL4u)! PG5s^_ve^T S(OwXf^خXߖ귟td9+zEJsvqa^~ݲo!1p)2Ϣ,~lFzdΒp?eB-|eʳev~-N$Ko АA%-h0=ɁXs|Wխ`E!i59'{Xb V"^9D}׍SXq~;B^׆VYJK{^n`3~8!BŞrFWe#lb-16s±D,RƉ%$.|V6Nρ'2Qr]?>>~4P7 D~~qKTF~A x!Fe[k^xssx\+QNHs_:}Pgd.HKSKSD K y_a#῾YӹwĄb Sb@LT\m4c̐,p vAAj|9ɠ_Xm,m?6+VDiUٶ|Ǝ7]J IJdc &¥QE80oj Gm<6Wp-V<[%5#?&tV|b=X|E!ŵ]K"D;P|{2:mVyIL$3uynS0rjd^avJ{f6^1S(çx!/1K¯>()Z/FB=c1f+3Ys$Gڶx%)$R|:`@ ˷+W+ c#NVkؤvƽ>fl ww\Wa=sT~g 89VEg3g|\?˘Hz]e0x(;F#ҭlnI> #xK5:|8;AHOI 8/yS1s4tto\ cc+.b&bd~Ms tP0 8&Dj]dgI #} "18HAJ74TtfIDxVO? 2(pCZ^vVH,J0O?SyK^C;*'\#7&NlgcE^Uank=rK!32Qq~m1;=.DE^{3ZT866{$Ҹjrҽ QaP;%׃tY*ׄ rrp<ƋIcƂ;h&=J;uXkPij,UYb&uaߣwYBLD㺀Jkk=a 1ˑHc1t{kYNKH| Z].E Czg'Otw6˨aYT)]7XK$4ZVf6,s6ǃA-u\>#F=s-7&z&;zP5~fyA铻f y|M} vty)~@?Gvx}@.hne/\rb$Pi&B-);جz7}}X;@~[sԻDBܖ0tvf+9oؼF39t=Ia8!bU~i(FjG!mL pf.>ݍ .p J\|; UԫH_}v̥euZC32Wz#Kۤ\k6btXVgp&y ]37RvTNgM(h912]!Kn Ϗdi4H5G؂:}"Y?}tO7C1V2C8pԵȗ"K'Q<% 6)&fUܙWa\^de'ΞKޛqENJfz3UDY] *ol8n^(]cS&dãs`FSu^6ZaԂs53~CW)$h2Rcb Q[oStπ_gE,"x$|VZap$ xVpbiL~ j|;Vl. GGmNՕ%\?T~z,@2hSk@yItM#8^>#ftPw."nc )0$c$ 9/:#{J'*h'#j :tOGH_<K}YRHadY/D6(phh> |Iq I_!X&.KōbKfD,a:)pX¢D}]o7r m}[O@}DNP{p#L@shmbZugǘ5|&r|@R!XSo0$6`n3睢AJˊMK>qI+8 qUT2Uf}JuzrD\OK<;>?`H&,*M9g%9j.LRSL\Fh^REgb;*CIa:?@ Ӄ 6h\i8*O V%3ĝ P, !qA[y;ܕ*<{8~OP`t5V (:%wdQa͂ka;rZO# _ȣ9? By 1 1ETC.Ò My,=_xbn-D^4 Ee9, $%a+}rah4sBB*Mv&Crsԓ=z~vAK;YAwhޙ(xI#z;Y)fR{k|7<"N$bUyu;->KF9mS:+5MrZ-Յx6rMqO#*,4"bMsWx[yuYfl}>G3t˩GWx?y~GRMo/??kiN5ur 3W:m6=>ækV&R2I^%>L^n 793Squ~N'7oJ* <о8bC)|Vaųy`܊n h"vH-U :|(yVIL\!VvYc&X4 %A8NnڳQp*҅. Y-$[BUo)'/ZMhYnY>M{QQk<1OQ0;uPx &h{$Q?_{QY5I:2f' H|,fHk U ̕‡SjS:4@(i{O aŇFt4]nȽu ֽP"\Ѹ ~S*DؔeE'Ӥ[MQ}JZP*AB@Dd6~2yP'˙ #,m88 CoCU!|3.YP0PO .+SbSau+htc2d/P9TagI~҉w)GJl4{rw B4JڈGӲ~U8<)yKIdΟ-SDB*vT+jP۸m ;-2n\GlJ?u4 $Snz|ǹV>s,8T^-3GfK'0<Ƣ%}9?ى3D؁8=WQ u~Ǵ5jև+{1a$=fZ01L면9@Sʮ( aVYCoBHJH+,2:`Eg bT|"7|.tuXe슋TܕHWf۪!W̶+0beq`/qcqYz;'v\\,wfK~͎/sK o?-kX4ɄѾ^|G޾ !0yQwt^MYX [1*4(Ǯj%3IP-ǿ@+-JG+7p&p7VT\0lBTKDt vc%`t`bmn⬚(o9;p''%ZS-[*$HғpJ\+G`g ^߁vC[/iXˡ!̴>5Vu`EH)ә yaH".-x|+_ ,Y0[HLӆd +cc’vxX*hBZ[L 0pCT,'Lp=_aLbR Kd1 QPCkۭš1էx<0m8R5TMɲvӝB%E4BdeD/ []aje*@x-ι* )gLɔsPk65ŚرBnZuZ,9T˩4O 6qLwg˭wy:J2[?_L|/@phLw;af: 1_t\2vMyW߯n~T7#^5ZXqR}sSoE7%|@ z#FMD@CРCްe7 o! Aê{@SXF)0gx² XV5T%->Opefe6z~Ip-(QY#W.)" 3PN(fCý>koxc o|-!v7j4 Ega͉Gne>'eKRvP jT,!GA"qd 5C~ f4$)޻0ez͙ti%(.1""FsH` hMV@/~X 4b%det;h2-=C<}:k<)Ji;hS3q6 ;YFhCZ:HA b7)f΂Gq*Eh7 _jOm6lKp\ACȕ/{~tӨ8!_bh|(=bntEPq(厌*RYTv:;Qk3Ԯۗ4IqΤ5TaOs(aJ*fJ*| /7;%V'lĵnЁx3WKDN  }y+V$%`3)&u(3m9V>4_XlJm7_ٓ; E}tg%sLҶhm/y/ϣ,\{3W3^lT.TG x w]8Dc]NZբžnR"8>Hf!&]^;λtQ fN w̱X\Jӧ34nI&IJN.yk4#Hߎ^ bު)'LWŽWVb.D)q^8G](B)M|!ry͖ucKz,s-36aa ^?-O@=(yZひNE1JnPgF*ͯU5k`- t[5Ľ7D=馞V9i%5,e:2rt|| ܽ/R aJ5UCM4]ޓ>]$b67 U84 [pUc7WN%!nX%Wm߫gen _.t[)T T|6fylSVV}mq9 [ ]Q1.`iT81[K+G&Q_RL!ؘld2 4S fKT7C/5:T`nI/GcziI!*!zn$LKz J}1iEӭ 1:2׻}=RpZOrkU3)7iPB_Dn 9A2v#ϵ3VÊBrIŠ/xքL b^#_\yyA6)FiT NA%3:cOf2ASqFZP3Ax#yQZ(`" ņ³3=JzY-G_b޻`̫nx@b)]\4"q׼K_na(W,IKǏi{$&aӃI:20[R\E~MJ/mqrkMfOԏH1A,/bSQ: ?[2 x,sw exSwbSRָfrR Gu֟M*̳Wy0CU7 @ (2dGޖ33h ÙnQewSYs:2ZeM T 7%0&j +n 7++Yͽ3x {7Dzbɚ7Ӳ}&`䞔V:Wl]Ѱ$o""+͛a'$.Z2 o )tCM_HvճJw_oICj0`ŔFkֶ p^doj/]rJcnV%5㟢ffTDX_Mk5D}\oւh  k[ {p+gۖTAi/FSHa0wګdl}w-v!ZкE d )_!3*8O_ &JvQobHc<_K !v _½+Հ#̋5B$ CB ǐPBIGpM-_V[?-F0-Dcʞ"U|,^mEwxA9O{ka8-% a0'K/No:|- P %At)IK. l=wSB@LbQ RI1`(s{ufL⋩\ptHnt+5Tu-XI uİC|fiFjq(6 zWgfE$bU;q!d& xMD,b k88a3a]Bke%@?`u]Dpi;i L+"YEv@ceLUKCW(kF@JC 3d!OڦP h9 7 93vm0I\Cv/s]'>L ʼuqG؋4bDl'y Ž6EP6IDDI]A ~565{ˈQqa9inAav ;i:@4ҕ4&UdpncMPܯ1nKVE4555ԣӓထ+Djtȵy3̣# PrJ #pt-ۏͥ5aiX=½ U,:@:O|,0Ƀj!Myk{NPyQQYϬXK7P8/U^^]O{ZHT,B+we2l |d67cB MgY`olE2;q{2\>'u'oS= y! =?Ee1@I'w\s%dqmPC]^baBi h 49Ԏ%Q/6+0]G&&|K!ݣM.:jB\Jķn>W(nA-؏P;zȇg6x:pI qȝ̖,3p q.Bl>< G7HpS^^\aߏ z@8V,k۪sK=$Gh֊M(<Zs#o-m|E{[H-h0VgyC/~,Z>Z_4"R\(?]إs qmZm ά8){SSTݍx]>};PhĎy~8GTz;t}VOԝnn-\WV8)ݘqJ!\j5K ^Hʢa!.m0<(a+]j ,EjJQEmS`sS; r7!SO[^Ձdv7ށ!i$e%s A.^N +].6QP;a2' nj'B޺>Sqry 9ub%Eb,241Sk!B@ieD1JV>\/Jvٳ< V4xLk_0ΧM,Хcr |GebV@N$o+1g>UjFryqWfC׆=ޱ^ÜxvE SDO)1XD3J*5"W&*`ͨ՚|~C7eB/QN[u@q`nA}q9QFکmUQ]|$6#B_y,u5 ؑ9dsQ0np@R&B! (WjAfjk}y4fky`DP6'b_2矧퀍%!N7ybߖ\J CXj2Ce, L):X9=ș/;X皿c=m+y2ƣk3gipj̒_JU7\iV!/ux.5b%c 02Qf V)ݤ(.tnoD֟HV ol&6W^ g=4yVClnH[{φ[t{(E(J"5]8Nz5Dpg Q ڬ% 6S6mtq;GxOq'P t͈qί|日.UY+~pmƇK>=9i-%-K{ߋxpios kY,3/:3Q\SFq43/Gܳ+@~t"̙ڑ4cH:LrVƘ@S0㴹Lb9tq";BHd8X2"!dRjf+b5rH&ZxŊY̪g@Xhk>A'>OHK\lG+L[cw]޾r Q3|i* 5:*ZЧ 2#"y$]j~Gc#vr`Eqt:Kz %exs>Io@JYahkQ2vocS%jO>^jI 4Zzp2a>aJV~B.zKC'ۃlҕG7Lۆգ^[?deku*~OROl q<.ome&'@K~JrVs``T:&({s9C:ǭafIj֙/FYǍT19[°]A=׿\hGfV{qT"-wMҀ¨)Sl}X.+5Ƨ": AɹFFA|:D7|cZ1⮹\c5x>HV|2tthBΕ'ky<#Ǘ٪wƻ}rw9Ծt,U鎲)Z&=1'5Q2h*[W3Q~@Ѡ,D]D_x}F풘d\qNtٳ4\${ih2/%b ?և'X,q+#5RtFjҋY4'XYu4d LRNO/C”`N|;hۇE]Xɭgʵ#N.گ*i8[y{8c~ۅ? x^= _ad/cWܒރˤ).0,$F"ta[%QR:4Բ4Q;i3w7{F|L~]_Zn&gD\@cߧ DhFrŇݭЦpX n`^<{Q(5Z(C+Cw\Ii^Maf-}vO 9Unu(CHPz^ * eGxtk<aJԚhYkP/&;mX`XY1<[b ЬL"YyL_.cjsX1:Bz׭v XPD^Hb]ԆS1>?(o4yg{3f0tz $8FgO}W瀗yCd%C͡#³{I, sS_= z~j5 b=V/ki8Ni=4,jLD}٤^L<5?Cm`Mr̨$י|Ʒ+k`Ѳ!%]Ṣp6aRxCf˱2 | Toϻ, I?瑡  gzuRΨ gݨ\^<;W<\[Y=,`stN%z gc(`f=9+A*t >蠬Jq*fS(Op.H4&ɄmUw&6<CM.k0MQ@8ڒ6>LWb*BORq^)LL/ƳJػBSЉpCCz>1@ rRFda=AN &4L%-Bu:0¦>&bqlEz=3Dgo8'fm 5mf]Q[q|Ȁ|7~Y<۰X"u1B LIeE*.@9rl7"iUB9H먓*= 3; Uoɏ, pa|80~2W(n]U]tT;D[u2#}sFvlq{m1#Ika՚Y skĶ{6FkM3u IsUp'{2xE잮Z=1hF@~ h8{qwPa?nJ9 l쫇FE◠6զ)FS['2Aɱ8`e'[w@Jԝmt T{df`;]}-9#U8!>_;:cZ3/.|40CM%~%^;Z3gV@OjSXZJP~?#2$G8SWā#<`I% OmNl=`ѯ[Ae嫄AYLvw"ؖmW}Ep3*b;㭃e6ȍ|z'9"(K7+V(e#(` ,eYQ3؅\gKa[6LO!˕?-z`+1Lbe-ÕH&.+t1%)q_ݮ[^HZ*`p92+rOk5@Z[  m"rd8noIT; mryqDmNA8?Q/ r7HK upZ|v p]R"usKVx9Iя gGtNT@NOhdnqJPfXl !jh(q]}ڊ2D?}"F?V"jC݃|x6^ Nyn4NuQ~iqWo"ThL(\71E>=UOۮHu݈ Jǯ%ׅN>AՎma"zd$Fz)87Qsng+_ Q(7;X8/Z',J잉"gLY  8:q^/?M|)4n`{}`8g>3˟N2~%MiJ1r]{3"M{~c,9TF7y-&7`qhBR gHX1\uÅ 5^FP.ȆTmcHDy;!xȕZCރu "E Nu 241*Pצ'6FbbU[-FF" ]Ge`v/`m.-3Ύd:uj$-Xh :zYy #VU$TЧ߄y9#RVç0ŠX=[5Cs|TDx& NiI9BFɀUC4խ&o?PQwpi#Ы}&=*QMr|"BZ/ϗIن&la/+@9kϼp&&Iď$8XXp+Eܥ {97KF^e$ 7rUQ0i c !YT3n=h+d*vKssf(UAOOT5`|5' %+(Q]ΔVl2@frEv45>)Ԕ1|0pFIA;R;Rz553(9m ̍%7J^<_ m(T}u5F%PHMP9F% ira.L{;0^2<|g;; P'!QOU !N'?F(x Eۅ~VN\ p8]Aʪ<:Ț&*Y"Ċ_JEXA 'a'aT1z;}hƷ"˛Q0U^DX;7TL@1љ@U4BI. P{Fm#,C'|ڌpv eا v61d_e?\d{WZ`Bp9ski0˞ syȅr*tm};U(`%0\v[`֚':_"4aT Ʀqћ[ ,1zm+gQ**[ XZ;8p3_e3,0NP0 8+ z&TFGbrؼij1!rRM%q#y+my[jNEGG. |(!H9\Ր!kS,پђ .bG{M?mVzd1_E%SJϝ.?Y1\8Fvɸ*DSҡX+2z#H2glpi*`gr( !]v(.ݵ/qP~; !CFŜa9.1g$5+(W"P*sL9xfYP3rz tqLV,MO f2B.zՂ"ٶ!?FCUTBPJ8n&o+2=f>eV5LʈV|²V;xM'HLDXm GQ%?ȗ]KS)JJwϯ}B0/[Rț.jLg6+c7#qS%<,}|C<]`6Xn -?_3B*uSW$7'G*mC2 <7TaOnU.{J*ƍc Clm~KT a'Fus3̿D# 9"1v۶`E:6hЃ[YN{iB*7s/2QsePYȹ0I@.HlԢڝr:UNـ!,vF4Uڤ i>#4j"obM@EYBB ܘDSK™O1Nk@=7MWr@L5ZO(O\,T{ `* ?p?J cgd(3O38hAb.b٦~$j`d΂3#,.qѝ< 2%g[#mF|uV/~{xv[M4ܙE"1zQ^[ )W,t9 R&, 0Pc"4br:𔑪&N+xЛ[cq>Ѷȓ T=B1sA/HD$҄U$I9+BS`lynM) =^x,{ V Pgef_X "\ '2>D?S6,Oȣ>CwH r2s/ tKicoCo|ީ %# :gG>6َ~USoYx%4U/G.gSԱj$wm細aH~ ox\;$/%JdꌵhmG3G(#Lл aQ'*S5%+Ծh~'nߨ &-IIt :db:`:r&Ij^f.w ) =s*1m8 H[xo>P Tmhq.k1 $yp#ِJr1[u)t[.q0gB\C1..Oԁ? ZA\jpS ,M&BIȄ7?XCLfo˓.R:b}n>N 6]vo^ŝiܦ8zZ9+Χ#%S\ Ŗ,>Èmi-P)bϢ: EM<:9I'3G0HyĹO_a6+@+ _/e.¤1Owd34j@U:?3ClZFf:$&R;d}aBVGs}s 0߁G,}65 3!J_^ jt{jFĈ>x1TM}R:E dghPx]frߑw cINjؔ;,xFg QmL`l6~yX5=@$`{ҝ[oNSxmj>gHr:hnrb@^>4m6*3B%Pw -ް{m}& mOvjgq}~nqy@l\jAl)>i}FG[p7ڎ"<Ptdp@5@&w%v?g1ڰJq pGI%1Wt=(⩖oY(fz'J3,!U4qvxI,Ɏ@ҾK_W