%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
  %bcond_with usermode
  %bcond_with polkit0
  %bcond_without polkit1
%else
  %if 0%{?fedora} >= 10
    %bcond_with usermode
    %bcond_without polkit0
  %else
    %bcond_without usermode
    %bcond_with polkit0
  %endif
  %bcond_with polkit1
%endif

Summary: A graphical interface for basic firewall setup
Name: system-config-firewall
Version: 1.2.29
Release: 22%{?dist}
URL: http://fedorahosted.org/system-config-firewall
License: GPLv2+
ExclusiveOS: Linux
Group: System Environment/Base
BuildArch: noarch
Source0: https://fedorahosted.org/released/system-config-firewall/%{name}-%{version}.tar.bz2
# replace pickle by json (CVE-2011-2520):
Patch0: system-config-firewall-1.2.27-rhbz#717985.patch
# always allow ipv6-dhcp
Patch1: system-config-firewall-1.2.29-ipv6-dhcp.patch
# msa and ntp services
Patch2: system-config-firewall-1.2.29-rhbz#758826.patch
BuildRequires: desktop-file-utils
BuildRequires: gettext
BuildRequires: intltool
BuildRequires: python2
BuildRequires: perl
Obsoletes: system-config-securitylevel
Provides: system-config-securitylevel = 1.7.0
Requires: system-config-firewall-base = %{version}-%{release}
Requires: system-config-firewall-tui = %{version}-%{release}
Requires: hicolor-icon-theme
Requires: pygtk2
Requires: pygtk2-libglade
Requires: gtk2 >= 2.6
Requires: python2-dbus
%if %{with usermode}
Requires: usermode-gtk >= 1.94
%endif
%if %{with polkit0}
Requires: python2-slip-dbus >= 0.1.15
%endif
%if %{with polkit1}
Requires: python2-slip-dbus >= 0.2.7
%endif

%description
system-config-firewall is a graphical user interface for basic firewall setup.

%package base
Summary: system-config-firewall base components and command line tool
Group: System Environment/Base
Obsoletes: lokkit
Provides: lokkit = 1.7.0
Requires: python2
Requires: iptables >= 1.4.16.2-4
Requires: libselinux-utils >= 1.19.1

%description base
Base components of system-config-firewall with lokkit, the command line tool 
for basic firewall setup.

%package tui
Summary: A text interface for basic firewall setup
Group: System Environment/Base
Obsoletes: system-config-securitylevel-tui
Provides: system-config-securitylevel-tui = 1.7.0
Requires: system-config-firewall-base = %{version}-%{release}
#Requires: system-config-network-tui
Requires: python2-newt

%description tui
system-config-firewall-tui is a text user interface for basic firewall setup.

%prep
%setup -q
%patch0 -p1 -b .rhbz#717985
%patch1 -p1 -b .ipv6-dhcp
%patch2 -p1 -b .rhbz#758826

for i in src/convert-config src/fw_nm.py src/gtk_chooserbutton.py src/lokkit \
	 src/system-config-firewall src/system-config-firewall-mechanism.py \
	 src/system-config-firewall-tui; do perl -i -pe 's,#!/usr/bin/python,#!/usr/bin/python2,' $i; done

%build
autoreconf --force -v --install --symlink
%configure %{?with_usermode: --enable-usermode} \
	   %{?with_polkit0: --enable-policykit0} \
	   %{!?with_polkit1: --disable-policykit1}

%install
rm -rf %{buildroot}

make install DESTDIR=%{buildroot}

desktop-file-install --vendor system --delete-original \
	--dir %{buildroot}%{_datadir}/applications \
	%{buildroot}%{_datadir}/applications/system-config-firewall.desktop

%find_lang %{name} --all-name

%post
if [ $1 -eq 2 ]; then
   # kill the D-BUS mechanism on update
   killall -TERM system-config-firewall-mechanism.py >&/dev/null || :
fi

%triggerpostun -- %{name} < 1.1.0
%{_datadir}/system-config-firewall/convert-config

%triggerpostun -- system-config-securitylevel
%{_datadir}/system-config-firewall/convert-config

%files
%{_bindir}/system-config-firewall
%if %{with usermode}
%{_datadir}/system-config-firewall/system-config-firewall
%endif
%defattr(0644,root,root)
%{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Config.Firewall.conf
%{_datadir}/dbus-1/system-services/org.fedoraproject.Config.Firewall.service
%if %{with polkit0}
%{_datadir}/PolicyKit/policy/org.fedoraproject.config.firewall.0.policy
%endif
%if %{with polkit1}
%{_datadir}/polkit-1/actions/org.fedoraproject.config.firewall.policy
%endif
%{_datadir}/system-config-firewall/fw_gui.*
%{_datadir}/system-config-firewall/fw_dbus.*
%{_datadir}/system-config-firewall/fw_nm.*
%{_datadir}/system-config-firewall/gtk_*
#{_datadir}/system-config-firewall/__pycache__/fw_dbus.*
#{_datadir}/system-config-firewall/__pycache__/fw_nm.*
#{_datadir}/system-config-firewall/__pycache__/gtk_*
%{_datadir}/system-config-firewall/*.glade
%attr(0755,root,root) %{_datadir}/system-config-firewall/system-config-firewall-mechanism.*
%{_datadir}/applications/system-config-firewall.desktop
%{_datadir}/icons/hicolor/*/apps/preferences-system-firewall*.*
%if %{with usermode}
%config /etc/security/console.apps/system-config-firewall
%config /etc/pam.d/system-config-firewall
%endif

%files base -f %{name}.lang
%doc COPYING
%{_sbindir}/lokkit
%attr(0755,root,root) %{_datadir}/system-config-firewall/convert-config
%dir %{_datadir}/system-config-firewall
#dir #{_datadir}/system-config-firewall/__pycache__
%defattr(0644,root,root)
%{_datadir}/system-config-firewall/etc_services.*
%{_datadir}/system-config-firewall/fw_compat.*
%{_datadir}/system-config-firewall/fw_config.*
%{_datadir}/system-config-firewall/fw_firewalld.*
%{_datadir}/system-config-firewall/fw_functions.*
%{_datadir}/system-config-firewall/fw_icmp.*
%{_datadir}/system-config-firewall/fw_iptables.*
%{_datadir}/system-config-firewall/fw_lokkit.*
%{_datadir}/system-config-firewall/fw_parser.*
%{_datadir}/system-config-firewall/fw_selinux.*
%{_datadir}/system-config-firewall/fw_services.*
%{_datadir}/system-config-firewall/fw_sysconfig.*
%{_datadir}/system-config-firewall/fw_sysctl.*
#{_datadir}/system-config-firewall/__pycache__/fw_config.*
#{_datadir}/system-config-firewall/__pycache__/fw_functions.*
#{_datadir}/system-config-firewall/__pycache__/fw_icmp.*
#{_datadir}/system-config-firewall/__pycache__/fw_selinux.*
#{_datadir}/system-config-firewall/__pycache__/fw_services.*
%ghost %config(missingok,noreplace) /etc/sysconfig/system-config-firewall

%files tui
%{_bindir}/system-config-firewall-tui
%{_datadir}/system-config-firewall/fw_tui.*

%changelog
* Thu May 02 2019 Thomas Sailer <t.sailer@alumni.ethz.ch> - 1.2.29-22
- Make it compile under Fedora 30

* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Mar 23 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.2.29-20
- Update Python 2 dependency declarations to new packaging standards
  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)

* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Jan 18 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.2.29-18
- Remove obsolete scriptlets

* Tue Aug 08 2017 Than Ngo <than@redhat.com> - 1.2.29-17
- Buildrequires python3

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Feb 10 2017 Thomas Woerner <twoerner@redhat.com> - 1.2.29-15
- Do not require iptables-ipv6, but iptables >= 1.4.16.2-4
- Fix build for F-26: autoreconf, add __pycache__ for some files

* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.29-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Tue Nov 26 2013 Thomas Woerner <twoerner@redhat.com> 1.2.29-11
- Added msa and ntp services (RHBZ#758826)
  Thanks to Philip Prindeville

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Mon Apr 23 2012 Thomas Woerner <twoerner@redhat.com> 1.2.29-7
- only write ipv6-dhcp for ipv6 (rhbz#815555)
 
* Fri Apr 20 2012 Thomas Woerner <twoerner@redhat.com> 1.2.29-6
- Always allow ipv6-dhcp

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Fri Jul 22 2011 Thomas Woerner <twoerner@redhat.com> 1.2.29-4
- fixed possible privilege escalation flaw via use of python pickle
  (CVE-2011-2520), replaced pickle by json (rhbz#717985) and (rhbz#722991)
- stop D-BUS firewall mechanism on update

* Sat May 07 2011 Christopher Aillon <caillon@redhat.com> - 1.2.29-3
- Update icon cache scriptlet

* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.29-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Jan  4 2011 Thomas Woerner <twoerner@redhat.com> 1.2.29-1
- fixed firewalld check for lokkit (rhbz#667128)
- translation updates: bn_IN, gu, ja, nl, pl, uk

* Tue Dec 21 2010 Thomas Woerner <twoerner@redhat.com> 1.2.28-1
- added firewalld check to prevent usage of s-c-fw if firewalld is running
- fixed gtk_label_autowrap not to change alignments
- fixed port of libvirt-tls (rhbz#565625)
- fixed requirement for newt-python (was newt before)
- return -2 for ports > 65535 in fw_functions.getPortID for better port error
  reporting
- hide dialogs before going on (rhbz#643966)
- updated translations: ca, de, he, hi, ja, nb, pa, pt, sk, sv, ta, uk, zh_TW

* Tue Aug 10 2010 Thomas Woerner <twoerner@redhat.com> 1.2.27-1
- updated translations: bn_IN, de, fi, fr, gu, hi, it, ja, kn, ko, ml, mr, or,
                        pt_BR, ru, ta, te, zh_CN, zh_TW

* Tue Jun 29 2010 Thomas Woerner <twoerner@redhat.com> 1.2.26-1
- added libvirt services (rhbz#565625)
- added Bakula service (rhbz#588377)
- fixed DBUS mechanism to report complete syslog message (rhbz#604623)
- fixed crash because of missing /etc/services file (rhbz#604726)
- updated translations: ar, as, bn_IN, da, de, es, fi, fr, gu, he, hi, is, it,
                        ja, kn, ko, ml, mr, nl, or, pa, pl, pt, ru, ta, te, 
                        zh_CN

* Mon Apr 26 2010 Thomas Woerner <twoerner@redhat.com> 1.2.25-1
- fixed lokkit: do not create or alter firewall in selinux only mode
  (rhbz#583986)
- use new icons (rhbz#583715)
- fixed treeviewtooltips to not show the tooltip if an overlapping window has
  the focus
- updated translations: bn_IN, de, es, gu, it, kn, ml, mr, nl, or, pa, pl, pt,
                        pt_BR, ru, sk, sr, sr@latin, te

* Tue Mar 23 2010 Thomas Woerner <twoerner@redhat.com> 1.2.24-1
- DBUS-mechanism: report errors to syslog and print traceback (rhbz#563354)
- fixed minor misspellings (rhbz#566468)
- msgmerged po files
- added missing default values for ip*tables-config content (rhbz#566869)
- autofoo utils update
- fixed max length of user defined interface name in interfaceDialog
- added missing range check to port_entry_changed_cb
- fixed sensitiveness of protocol label in portDialog
- fixed misuse of MARK extension in nat table, now in mangle table
- port forwarding dialog usability fixes (rhbz#507638)
- use new fw_functions.checkInterface function in tui and gui
- new function to check interface names in fw_functions
- use new checkInterface function in parser for trust, masq and forward-port
- add wlan standard device
- fixed build (fw_nm.py not packaged)
- updated translations: bn_IN, cs, da, de, el, en_GB, es, fi, fr, hu, is, it,
                        ja, nb, nl, or, pl, pt, pt_BR, ru, sr, sr@latin, sv,
                        te, uk

* Thu Feb 25 2010 Thomas Woerner <twoerner@redhat.com> 1.2.23-2
- fixed missing execution bits for convert-config according to review

* Mon Jan 18 2010 Thomas Woerner <twoerner@redhat.com> 1.2.23-1
- fixed build (fw_nm.py not packaged)
- dropped dbus requirement for tui version

* Fri Jan 15 2010 Thomas Woerner <twoerner@redhat.com> 1.2.22-1
- using NetworkManager DBUS interface to replace NCDeviceList from
  system-config-network
- not opening orig port for local port forwarding, only new port is open
- added isakmp support for IPsec (rhbz#504446)
- added amanda client support (rhbz#541679)
- fixed requirement for setenforce: libselinux-utils instead of libselinux
- removed unused import socket
- added download url to Source tag in spec file
- fixed wrong license header in src/fw_tui.py (LGPL instead of GPL)
- update cluster-suite service: disable rgmanager and cssd
- removed separator at the end of the Options menu (rhbz#531635)
- removed 2049/udp from NFS4 service (rhbz#532491)

* Thu Oct  8 2009 Thomas Woerner <twoerner@redhat.com> 1.2.21-1
- fixed Policykit v0 compatibility for Fedora version 10 and 11: python-slip
  for PolicyKit v0 does not provide dbus
- updated translations: bn_IN, uk, zh_CN

* Tue Sep 29 2009 Thomas Woerner <twoerner@redhat.com> 1.2.20-1
- new sub-package base containing the base components and the command line tool
  (rhbz#525153)

* Tue Sep 29 2009 Thomas Woerner <twoerner@redhat.com> 1.2.19-1
- enhanced build environment to support usermode and policykit switches, new
  options for configure and spec file
- make toplevel invisible to not show half initialized window while policykit
  dialog is shown
- system-config-firewall.desktop.in moved to config subdir
- disable dbus usage if gui is used as root (needed for policykit v0)
- do not report dbus error if there is no firewall configuration (empty or
  missing /etc/sysconfig/system-config-firewall)
- resize main window to comfortably fit in a 800x600 gnome desktop
- moved all config files into config subdir: sysconfig, dekstop, pam and console
- new infrastructure to enable policy translations
- print exception if polkit authorization failes to console
- show dbus error dialog if dbus conection can not be established
- set title to APP_NAME for dialogs if there is no title
- center dialogs on screen if there is no parent
- make main app invisible at first to prevent to show an empty app while
  PolicyKit password dialog is visible
- updated translations: as, bn_IN, ca, da, de, ca, cs, es, fi, fr, gu, hi, it,
                        ja, kn, ko, ml, mr, nl, or, pa, pl, pt, pt_BR, ru, sk,
                        sr, sr@latin, sv, ta, te, uk, zh_TW

* Fri Sep 11 2009 Thomas Woerner <twoerner@redhat.com> 1.2.18-1
- added support for PolicyKit
- removed unused inconsistent flag from CellRendererToggle in serviceView (rhbz#521144)
- made "Port/Protocol" cell resizable in "Trusted Services"-view
- fixed hidden one line label after resize caused by fix for bgo#315462
- fixed startup busy loops if assistive technologies is enabled (rhbz#515048)
  by moving set_model after adding the columns to a TreeView
- fixed tui to create valid empty self.config object (rhbz#518210)
- failing to load the icon in fw_gui.setupScreen should not be fatal
  (rhbz#508186)
- made description column in settings dialog resizable
- removed rhpl usage (rhbz#508991)
- fixed not reappearing TreeViewTooltips if mouse moved in the tooltip popup
- hide TreeViewTooltips while scrolling
- code cleanup
- sort ports in fw_services by protocol, id
- updated translations: as, bn_IN, ca, da, de, es, fi, fr, gu, hi, kn, hu, it, 
                        ja, ko, ml, mr, nl, or, pa, pl, pt, pt_BR, ru, sk, sr,
			sr@latin, ta, te, uk, zh_CN, zh_TW

* Mon Jul 27 2009 Thomas Woerner <twoerner@redhat.com> 1.2.17-1
- Added Red Hat Cluster Suite to trusted services (rhbz#493668)
- Fixed wrong patch for system-config-firewall-tui (rhbz#461046)
- Fixed sysctl parser to also support ';' for comments
- Fixed port range check for service names containing '-'
- New column in serviceView for conntrack helper, removed from tooltip
- New column in icmpView for protocol types, removed from tooltip
- Added TFTP and TFTP client support (rhbz#494417)
- Fixed sensitiveness of OK button in portDialog if editing an Port
  (rhbz#500380)
- Added missing tooltips for buttons in mainNotebook tabs. (rhbz#493872)
- updated po files

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Mon Apr 13 2009 Thomas Woerner <twoerner@redhat.com> 1.2.16-2
- release bump

* Mon Apr 13 2009 Thomas Woerner <twoerner@redhat.com> 1.2.16-1
- fixed build system to update desktop file from desktop.in
  fixes icon reference in desktop file (rhbz#493674)
- updated translations: fr

* Mon Apr 13 2009 Thomas Woerner <twoerner@redhat.com> 1.2.15-1
- fixed icon reference in desktop file (rhbz#493674)
- fixed po/POTFILES.in
- updated translations: as, bn_IN, el, fi, gu, hi, hu, it, kn, ko, mai, ml, mr, or, pa, pt, ru, sk, sv, ta, te, zh_TW

* Fri Mar 27 2009 Thomas Woerner <twoerner@redhat.com> 1.2.14-1
- new build environment using configure, autofoo and intltool
- fixed typo in router-solicitation description (rhbz#490979)
- new themable application icon: preferences-system-firewall (rhbz#454402)
- make backup copies before overwriting files (rhbz#437374)
- updated translations: 

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.13-3
- Rebuild for Python 2.6

* Tue Oct 28 2008 Thomas Woerner <twoerner@redhat.com> 1.2.13-2
- fixed system-config-firewall-tui path (rhbz#457485)

* Tue Oct 28 2008 Thomas Woerner <twoerner@redhat.com> 1.2.13-1
- fixed two typos in fw_icmp (rhbz#467334)
- added ability to sort custom rules files (rhbz#467696)
- fixed modified test in sysctl writer: fixes rhbz#462325
  also removed quotes around values for new keys
- some build fixes
- updated translations for: as, de, fi, fr, he, hi, ko, hu, it, ja, ko, ml,
                            pl, pt_BR, ru, sk, sr, sr@latin, sv, ta, te, 
                            zh_CN, zh_TW

* Tue Oct 21 2008 Thomas Woerner <twoerner@redhat.com> 1.2.12-2
- require usermode-gtk instead of usermode

* Tue Oct  7 2008 Thomas Woerner <twoerner@redhat.com> 1.2.12-1
- only provide lang files in tui sub-package (rhbz#465572)
- updated translations for: as, bn_IN, ca, cs, es, fr, gu, it, ja, kn, mr, nl,
                            pa, or, pl, pt_BR, sk, zh_CN, zh_TW

* Fri Sep 19 2008 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
- use dialogs for parser errors in tui (rhbz#457485)
- enable to add protocol specific (IPv4, IPv6) icmp types for ICMP filtering
- updated translations for he, ja, ko and zh_CN

* Tue Jul  8 2008 Thomas Woerner <twoerner@redhat.com> 1.2.10-1
- lokkit: fixed path for system-config-firewall-tui (rhbz#454108)
- updated translations for: it, fr, nl, ru, sr, sr@latin

* Wed Jun 11 2008 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
- fixed format string to silence inttool
- new remider to check if the ip*tables services are enabled
- use proper dialog functions in the tui
- updated translations: cs, de, es, gu, pl

* Fri May 23 2008 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
- new tui interface
- new system-config-firewall-tui
- new client services for ipp and samba
- lokkit: fixed disabling of firewall in force mode (rhbz#443411)
- disabled port forwarding for IPv6
- some minor fixes and enhancements

* Thu Apr  3 2008 Thomas Woerner <twoerner@redhat.com> 1.2.7-1
- fixed crash if encoding is not UTF-8 (rhbz#439902)
- updated translations: bn_IN, cs, de, es, fi, fr, gu, hi, it, kn, ko, ml,
                        mr, pa, pl, pt_BR, ru, sr, sr@latin, ta, te, zh_CN

* Tue Mar  4 2008 Thomas Woerner <twoerner@redhat.com> 1.2.6-1
- new ICMP filter to block specified ICMP types
- fixed minor problem in lokkit (initialize old_config)
- set starting diretory for custom rules files to /etc/sysconfig
- more build environment changes for git
- use gtk.CellRendererToggle instead of own CellRendererCheck
- several parser changes for transparent error handling and output
- some minor enhancements
- translation updates

* Wed Feb 20 2008 Thomas Woerner <twoerner@redhat.com> 1.2.5-1
- dropped system-config-securitylevel compatibility files
- project moved to git.fedoraproject.org

* Thu Feb 14 2008 Thomas Woerner <twoerner@redhat.com> 1.2.4-1
- fixed overwrite problem if IPTABLES_SAVE_ON_RESTART is set (rhbz#431961)
- use SELECTION_NONE for trustedView 

* Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.2.3-2
- fixed usermode version (rhbz#428392)

* Fri Feb  8 2008 Thomas Woerner <twoerner@redhat.com> 1.2.3-1
- fixed traceback for empty configuration use in life installer (rhbz#430963)
- use config-util for userhelper configuration (rhbz#428392)
- mark dirty after applying new default configuration
- do not overwrite attributes filename and converted in config
- use new shared ChooserButton
- fixed forward dialog and labels to use current dialog width
- use tempfile.mkdtemp for better security
- updated translations: fi, fr, it, ja, nl, pt_BR, sr and sr@latin

* Fri Feb  1 2008 Thomas Woerner <twoerner@redhat.com> 1.2.2-1
- fixed icmp handling for ip6tables in FORWARD chain
- do state established, related test early in FORWARD chain
- fixed typo in address for port-forwarding
- added IPv4 only message to masquerading and port-forwarding for lokkit
- updated translations: es, pl

* Thu Jan 31 2008 Thomas Woerner <twoerner@redhat.com> 1.2.1-1
- fixed traceback for clean selinux configuration (rhbz#430963)
- fixed icmp handling for ip6tables
- updated translations: as, de, it, ja, pl, pt_BR, zh_CN

* Fri Jan 25 2008 Thomas Woerner <twoerner@redhat.com> 1.2.0-1
- added port forwarding
- using INPUT chain in table filter instead of RH-Firewall-1-INPUT
- fixed masquerading
- rewrite of firewall generation code
- trusted hosts now also allowed for FORWARD
- lots of bug fixes
- gui enhancements

* Wed Jan 16 2008 Thomas Woerner <twoerner@redhat.com> 1.1.3-2
- added fw_compat files to files section

* Tue Jan 15 2008 Thomas Woerner <twoerner@redhat.com> 1.1.3-1
- new fw_compat, used in config-convert and fw_sysconfig to automatically 
  convert old system-config-securitylevel configurations
- new wizard look
- fixed range check for user defined ports
- some code cleanup
- updated translations for fi, fr and ja

* Mon Jan  7 2008 Thomas Woerner <twoerner@redhat.com> 1.1.2-1
- fw_gui: fixed row activation for masquerading
- fw_gui: fixed _setInterfaces to use internal functions to correctly set
  toggles
- fw_gui: show info dialog if no config exists and firewall gets enabled: new
  function enableFirewall
- fw_gui, fw_tui: disable firewall if no config exists
- fw_gui, fw_tui: do not print traceback if NCDeviceList.getDeviceList raises
  and exception
- forward masqueraded connections
- gtk_cellrenderercheck: fixed size calculations
- fw_sysconfig: set config.filename to None for merged configuration in
  read_sysconfig_config if no configuration exists
- new translations

* Fri Dec 21 2007 Thomas Woerner <twoerner@redhat.com> 1.1.1-1
- use radio buttons for skill menu entries to show active level
- fixed convert-config problem if there is no configuration to convert
  (rhbz#426477)
- minor string changes
- new it and pt_BR translations

* Thu Dec 20 2007 Thomas Woerner <twoerner@redhat.com> 1.1.0-1
- new default configurations: server, desktop
- cleanup of wizard: dropped network connection tab
- new option in wizard to keep configuration or load a default configuration
- new menu entry and dialog to configure iptables and ip6tables service settings
- some enhancements to the gtk_cellrenderercheck for better look and feel

* Fri Dec 14 2007 Thomas Woerner <twoerner@redhat.com> 1.1.0-0
- ports are ports and services are services: there is a new service tag to
  enable services; a port is not enabling a service anymore
- new conversion tool for 1.0.X to 1.1.X configuration
- new version option for lokkit
- wizard
  - dropped network connection selection tab
  - using keep configuration check instead of clear configuration check
  - added default configuration selection
- gui: new menu for skill level and load default configuration
- use choices in optparse, removed obsolete check functions

* Thu Dec 13 2007 Thomas Woerner <twoerner@redhat.com> 1.0.12-2
- fixed lokkit command problem for non english languages
- using latest translations

* Mon Dec 10 2007 Thomas Woerner <twoerner@redhat.com> 1.0.12-1
- allow to activate checkboxes by row activation in treeviews
- code cleanup in view_toggle_cb
- fixed port display for IPSec
- use system icons where possible, new wizard icons
- added fallback for CellRendererCheck if icons are missing, size fixes
- added tooltips for toolbar and menu entries (if needed)
- improved more english texts (rhbz#395801)
  thanks to Paul W. Frields for the initial patch

* Wed Nov 21 2007 Thomas Woerner <twoerner@redhat.com> 1.0.11-1
- fixed crash on startup for network device aliases (rhbz#384891)
  thanks to Loran Freval for the patch
- added port entry max length in other ports dialog (rhbz#385931)
- added version number to about dialog (rhbz#387891)
- improved some english texts (rhbz#383741)
  thanks to Paul W. Frields for the initial patch
- code cleanup with start speedup
- do not allow to add custm rules for ipv6:nat
- also translate parser error messages

* Fri Nov  9 2007 Thomas Woerner <twoerner@redhat.com> 1.0.10-1
- fixed problem with network devices (rhbz#331671)
- dropped obsolete translation no.po (rhbz#332331)

* Mon Nov  5 2007 Thomas Woerner <twoerner@redhat.com> 1.0.9-1
- do not report configuration failed if ipv6 is disabled (rhbz#355561)
- print messages if lokkit failed
- lokkit be more verbose on restarting ipXtables in verbose mode

* Fri Oct 26 2007 Thomas Woerner <twoerner@redhat.com> 1.0.8-2
- lokkit: write new config with nostart option (rhbz#353961)
- translation fixes for de, it, nb, sr@latin

* Mon Oct  1 2007 Thomas Woerner <twoerner@redhat.com> 1.0.8-1
- use extension match for protocols (rhbz#229879)
- use ipv6-icmp instead of icmpv6 (rhbz#291001)
- use ':' in tui as port/proto delimiter for other ports (rhbz#292171)
- some translation fixes

* Tue Sep 25 2007 Thomas Woerner <twoerner@redhat.com> 1.0.7-1
- new translations
- added openvpn to services (rhbz#)
- fixed typo in description text for ipsec
- using port numbers instead of port names for services
- renamed some variables to be consistent
- make tolltip better: bigger text, helper modules
- dropped unused code: inconsistent handling
- make port check button inactive in add_port_cb
- new function _addDevice: code cleanup
- allow to set variables in ipXtablesConfig, which were not set before
- fixed os.system calls in ipXtablesClass to return proper return values
- fixed status funciton in ipXtablesClass
- new _append_unique function in fw_parser to prevent duplicates
- added warning dialog for missing or unusable /etc/sysconfig/ip*tables files
- fixed expand of the warning label in the startup dialog

* Wed Sep 12 2007 Thomas Woerner <twoerner@redhat.com> 1.0.6-1
- dropped --stop option from fw_gui::genArgs
- new translations
- sysctl support for masquerading (net.ipv4.ip_forward will be set)
- glade file: fixed spacings, dropped not needed containers

* Wed Sep  5 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-4
- fixed problem if /etc/sysconfig/system-config-securtylevel and 
  /etc/sysconfig/system-config-firewall are not readable

* Fri Aug 31 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-3
- fixed problem if IP*TABLES_MODULES is not set in config files

* Fri Aug 31 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-2
- fixed lokkit problem if selinux configuration is not available (rhbz#269601)

* Thu Aug 30 2007 Thomas Woerner <twoerner@redhat.com> 1.0.5-1
- more translations
- fixed IPsec description
- fixed po file generation to use xgettext only

* Wed Aug 22 2007 Thomas Woerner <twoerner@redhat.com> 1.0.4-1
- more translations
- build environment changes
- dropped build stage, because it is not needed at all

* Tue Aug 21 2007 Thomas Woerner <twoerner@redhat.com> 1.0.3-1
- added missing system-config-securitylevel compatibility files
- string and documentation fixes
- fixed typos reported by Alain Portal
- more translations
- fixed buildroot
- cleanup and changes according to review (rhbz#253232)
- moved doc to tui sub package

* Fri Aug 17 2007 Thomas Woerner <twoerner@redhat.com> 1.0.2-2
- fixed license headers for GPLv2+

* Thu Aug 16 2007 Thomas Woerner <twoerner@redhat.com> 1.0.2-1
- obsolete and provide system-config-securitylevel package
- added compat files for anaconda, firstboot and system-config-kickstart
- lokkit fixes for nostart option:
  - only write config for iptables and ip6tables if enabled
  - stop iptables and ip6tables if disabled
  - unlink iptables and ip6tables rule files if disabled
- lokkit: new option --update to regenerate firewall configuration if not 
  disabled
- check for include files only when writing firewall configuration
- clean buildroot in install
- made system-config-securitylevel a synonym for system-config-firewall
- ip6tables: reject with icmp6-adm-prohibited instead of icmp6-port-unreachable
  (rhbz#250915)
- moved config files from /etc/sysconfig into tui sub package
- removed x bit from import files

* Mon Jul 23 2007 Thomas Woerner <twoerner@redhat.com> 1.0.1-2
- fixed disabled string in fw_gui
- set mode after copying of ip*tables-config to 0600
- fixed categories in desktop file

* Mon Jun  4 2007 Thomas Woerner <twoerner@redhat.com> 1.0.1-1
- fixed startup and description texts
- added missing requirement for system-config-network-tui
- moved base python files into tui sub package
- fixed requirements
- made package noarch

* Fri Jun  1 2007 Thomas Woerner <twoerner@redhat.com> 1.0.0-1
- initial package