firewalld-2.0.1-150600.3.5.1<>,gZp9|5[-< 9p=3R𞓱,p!*&M:/+{- D/8:^dht"eJn2UHIWObKnS [m`+)öo4YB 5jɾ1 0"?4ȫUlbj4e.uCDRj,u@?d V3P3oцdzBٙp+60n@t|5]63rmpٵ 4 ;/}KHr>T?d   c/ Ef <Clkk k k !pk wk yk,kCkZk,d(G8PO9O:rO=HU>H]?He@HmBHuFHGHkHNTkITkXUlYUxZU[U\Uk][Xk^qbs\ctdtetftltutkvzT w{kxkyHz\lGPT\`dnptCfirewalld2.0.1150600.3.5.1A firewall daemon with D-Bus interface providing a dynamic firewallfirewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface.gZh01-ch4dmSUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-laterhttps://www.suse.com/Productivity/Networking/Securityhttps://www.firewalld.orglinuxnoarch if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in firewalld.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi # Avoid restoring outdated stuff in posttrans for _f in firewalld-sysctls.conf; do [ ! -f "/etc/modprobe.d/${_f}.rpmsave" ] || \ mv -f "/etc/modprobe.d/${_f}.rpmsave" "/etc/modprobe.d/${_f}.rpmsave.old" || : done if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in firewalld.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi PNAME=firewalld SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable firewalld.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop firewalld.service ) || : fi# We might a have runtime configuration which we haven't # made it permanent yet so restarting the service could be # dangerous. It's safer to not touch the firewall ourselves but # Let the user restart it whenever he feels like it. if [ $1 -eq 0 ]; then # Package removal for service in firewalld.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi  ]9zz}wUZzx% cH %},`-@Z<S3&I(W(>1>ZvR00i$waP%Gt;f40!H?v ]N(5DV%pOWe \e) 67^IS~D+&AVg4:w )^IPQ`6c@we<CI!820=~HD'<" IF1& s JeVw z M H1A聤AAA聤AAA聤A큤AA큤A큤A큤A큤A큤A큤AA큤A큤A큤AA큤gZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZ_gZgZgZgZgZgZgZgZgZgZgZgZgZgZegZgZegZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZgZ04eb255d085b2550b12a0666910df802a9169af47c3133d358b528cb2818b17f9f37ec609d7ab31ba0baa7bac50dab5a89aa07662745cd35b1b721e117e20b4044687bd20dace0050c4724eba5659ee249ec21b5b60d0300da9acdd2027ba241120a02e9b88ba74949224eca7385825e39880f5687f739ade07d94ee22ffe32520367e42c2f17ea4d2de471d0bfe1d839e5dd03517eb4c80865635905a91e21b83d1f4eceec30153055dca2889d159595259fdb9fff911ade60f79bb9480716945b313ce514bcaa63394d4ff04d1f0f19bb3f237fe26ffe3da996dad8fc03391bedddcff47fdcfc8b038361a10ca89878ef777304aa6abb6e754eba98663d32efc1396baaeb3c1394cc2edd53343e0ef58c144b8d2838c38a65aa100e3ae19aa2775fafd0aaa0c843c05089410dcd6f52795b2ec920325ae1bbb960ff43e68f25a36252226cea7e6c19dc9354819ac3c785ca19584baedce9b600912eb24a452b9208bc832178cc8e568db8e41756943eca7d9d8cac6ce721f11c1e27f7bb44e199aee6be87fb7e521bf18f7b9a887a7ef2cc2a3cced3e95045b076300c70e71a1a9ed19ec7e8407d408721a384a7b540ea84ac7b512d064c76295d0d320854e3dc1a43b83774e06bcb009e8edec65e1f436dc67ba173b7b931b8a1f6784c856101f49623d9031609fab630cba659b25dc0bef6755dc30b3533c87b031a62d8062f0c384313c589cd3653e3bb4b30fc99b862604c1a2f5a095bcf8e3da28a4bfa2e2f3c0f7499e4502e81343fd8e0252d64858f2862ea3848a68c07b0e5edaa6faec51e2397c0d508fa59a6f29c8fd6855292250ab4c4a72bd06dd688736241687533748f6dc4bbca3e3cdf8c94cf0acfd84dec365bfdaabaf910c8ee1ecc4bf5520541e5f8df310a5047000c62e17525180f2a86f6ce68e9a515b65dc53003446789263d4756171f3eddb0194376c17c3da7dc3fbe86fbf3d8b3f67c33a4bd25142a33df23b4bbbdbbe7839cb0a9606123019d2e10db1c7e8ba3fd22fe7ae91a9dd785836f3c5eb2722fc5d452a9a48d35c620ddb928b9ca73002bf788026dbf1cb22e847d20c5586ac7755245fe2b5703ffcaf8ef3e26e54cd12ad7f1bec610efd7cce04ec7aaa6fd1b5dbdd5197229e28a9140d2ec3330077b009e7adcb444c223255e501b772168a31cb8a7b7b32334dbc76c3a808d9b8fe81e4487c88c3b700fb29f8709261e69bdb327ec32e4cec986c6f4595a6e6d45cbb6ea766bd6b6efc4aeff39086a3abed5a35eece438f67c8a7badb9e48d1fe5bc6753dbe5b06d58fdde34afd628972b18b679631a693f8d7d5680c79e36ed9186066ec7d15615bec19eda90b1a47a57a44b2113b3f72b4d7baabf4a200909bf7f8bab098701c599d449eaa1a674bb9f1ef062b43f8303df864ac007e4e7026f53d0021ceff4da7082c395c04ef3f03e62c5315ff44cb6f526b17ddde31c6cc8bc590c31687d92c8b531f1085806a0c8c8f148f22916719259638b0a09701ff630db1e19d7b261fe4579baf77416679255a768a30b1c24122c5af4ea3de6b4f509e76874a802b40725ce6027337b344ad530dcf819ecd4eb457e922bdf3ae18dfcf9ab9a6a90b974000364b17ea5a97eb04dcba874203aaefaadb6d49e6dba604f2c56a86a40d1545628325b41597c43ad9d844a5f81a679eed87f0c0823532c1a4048aaa992627224cf6a6495e0918ccd10b74be16656832a919e2aa387204c7448c5881286588edb7d1caf35a624b359789c358f1960327298053213306b46686468e0a06174d343412f91ba070cae8857aac9918c4a5b01ec0cabb40a42d82333f9b9c4b188a31142ec3baaa690424032d46c444cce83e96ce078fa382d37c85ec9ceea4acbb2e0d625d33f1f8e60131dc0301f343f63a74d5d009a962b790b3b39e234754ec20cacaceb318f51e93b2f5bb04720029b75c7545dbe5b6b0a7d3056d680452b851542a35535f65f5df125f28ed354bda85ee118e7f27cc7d08008a6b4fa633a605c8ace6397da68050e859129269142254cb0862a578bf89fc93536581d2549cf02a04e67230416e7f6bd164ebdcf3ff99843741e4540ff406775f76022c742110062306bad0e4d08a8aafa61839f1cc3665fe1c23fd61bc163203ac6036847164c8610057d01ba92ddf1e152c42256780ce14f20560c5cf6277be0955ac236e37c8fa8972eb7238927b3b25adfebdc8771210298d34fce9370bd5b6f60f641166a3aebc9358e694a895b78c02ef97f15ea1fdc12906cad7d44149863f858039f9704f92b26e855f266be4fc6d86d2be4f8910fd61d10f7ca48fcb3f4f4de37586d800d92d04a1945a00648a116f895fa71e585c6f7fe945a82bac835f504c88def827aca86aaad3fa75e2cd178b49e1813f83588822080f1a720423ecdb84608e421b0c496a0c536b6013dfa457299680ea8cf619c84712de2329e1c80cb905b95afa657eb4c2ce36827de5dac30578be7673090fd7843cbe7b0060c8da576e360c4976bd8de87218e842edf514f4fe87290ba306daf33ccfffb779bdab4742a47d40e748ca2c98447a02e78c99e7ae3f33303cbcb65c6d2e0c5afb044d0e43751d2f574a3596e3a693907281e0d03e20199679de339ac0b5e64fd737311e3223dc4929952d4962c727208383786a5f498f22e63bc005fa8e888dd3d17bc4dc7fe07caddf55734354f09870a9aa97a4d4d43f5cfd94de26f81afd1e8e2336024037184b45c383a511d5b44892cf5656acb3c1bc34e2df5712463764a6432089b9a1179a763c7048a0a6d555dea3348a8fb4d04a79f02cf5ebd976986312394939b4d4e1f876b0d07f1b5a290e77b61cc9d25ce8a47f1261761b287113f80709d1337054cb570e5517741d40d434c4f7b4544ec0e60769ecb6d9ff9d7a52c0183e86c3186bc1a811a2c9a76df6ee4ac36fdd346b29e63578f4ff3661e9b05a22048eed387bc7efd171f780c75fd83e3821fc624fa1990ce6561da030918d3c08e2b4041fa2bd3cb6fe119ba329178b2438d7c153a77c37f2f3973a434e81f678622d34f6b5b578dd1f793f27f6e0bedcb525ff92c2e25ecdcabf57166fe8d8452b8db77a525b02f03f10b1d8e70e2d5338fc6c3f7904cb5b285d1e594d3006d2c82190a9bc92a5ed89f0de9e92b44dd38950db13ef9a68c47eaedd08f65b3e1481597783a38ac7bdb121ba6312b24040448a60544ea21d9a5f4fd4528d794d15b5d2b6f1454a5b1dfbe17d24096a52bc7b7a4ea25c8ad294fa181d3c2c275b311245fd16492fd98f2d41ae7bef6701fb5f86a4e65a416176acaee92d33c8b24bf99cae720a7f2a94d513de4c25c3113813f47cc82d441ec55bf2712a3c9def62e44474c591618a30273eae6b2e1e44de1fb9bd8c818d618148ab1556614e44311e0650712c774038e1d3af9fef6eea39a6c65bed7d3158520fd491749f473a9c5929f3ec40b785e6c5f893a5d2b78d1ebc9c6b0a458b3a7769f73c764ef6a4f49e719141b1cf1f9d0726bcf2050c5ffc7a49e01f5d333f71873be0d19d574255cf84707e6e6cb7da6f0cc2b8d6316cf50e7c96b60bdbaeea7078f71ea155c6a86d28e6d9b858569562eea06d083f7229f40031caf4364b910c8e2459ac2f0a27983b569c6fed4e57c7d798e5f1358ea2be9d203d4dd1709bfa4161a926b892911d0df3dc33b719293f9e15a656d6dfaaec740ec4bfef8c6cce03c615ae31b1f6278573a416959a2980acfc49786f25c29d47100de850303af758ed58d7054aaa956aaf3bd38a838ed20fadb782b5051d7b77c0149812846e5f16b50f13bb53fc36eb561b56f94100397f3ea8924cdea4360813a1660c4679e49868e59bd98c31baecd00d0686c55beceae3bd5a6f0b0b5fdd19c3d2c8143c3f500d3d8b2f9747ef18c6c7f485576eaa37e4080c554937b4e18503f54007310784922b51d4657d85ed08c754fc2666229616b30181ab40c720a91cffe0eb4a7e7fc8776d6001d329277c00003d7e7cc1a3084e76305c230c6c185298313accfa4d7902694a6513defe21fee5b962f6f951a7eaaf1cb8cb81ff06bd803e2e9a837c3dc33fd4a06600fec94b90041deea6b04228b6243a1ac5a5962c1307d8d132f3a745898532cba8e8b741f4fa0c82708f712bda074b414a357c8bb9758d0955f6d4e9d828f6dcfe5a62af4e278d035b6607c27f19a580a83357f6bef45e579a36fb8b63df56a15a45ec36f0fb4ea428f374b1cbece77e2a5599d9fbc29807b2c687e99d309656ea3e8b4a624a8eefe2163694dfbd0e1746f2ec28379bec0e481e6d9ff7df11ec5b0a25f27c74b06c5f09af89810b1c782da3cf92248b3eaef420987b40d3f68ea205b3128924bc75e667b9f8f55f9e6acc2c0eeb3b4833843079964b04c1ac4fb572b817e67e1294408f2c5a0b583b4270c55e462ccca3962f74998a7b098a772733ef72dcbfda4a0c885676fd7f3414da386f2e2ac18169baebc4a1539a6b854b99d629df8673e94e19612c1a860db9b19ef19d87423f4bf87c444578db037843d183917ec959dcecaab0b8009e9c2047feecce7b8fed85d4dfaa795e8d6cdbc5fd661470724a4cdc65db29172db25009ac8d99012f3156f8c620ed8790319b1d7de3e1077577f7e7cc5b3a6bde09be9b12762b5b1ab9ebc53cd1d99858637f1caca232126d0ea0de21b90d9c5747acabfc6adc6a6de9be88017a692c65a509e7b2d57ca12f02222265a2024ca2c0d647be26962d2b52b8c94ad6d5e7a00048207ceb32469fb5de4fdcad7fcb94e2fc967dec92514a8956922e252c350f4b34d4b9a6c6345b4d55a3c9665170eacb8ca861c93100c4702bd37ab1fc29255f6a3ae0a89db8c2760002126891a365ceff8e2689f3d52613ab5bb7b0f845f829950cc8712878ff9af444802cf22c1744d36f38d028e3065f1d28e93b22ecb82c022c196d855dc82625e857c3ab0bbaad5ffc7c79e78ccc9f8421a66ba6f5e60e61884d00701245ffef25b30dc74c65a1898fa0e8e279607bf4212eccecb415803c6da50d96efbd09c00a89a3fe3e7ae7be4ea6850b2cb3881533d6f3303fe37cd55b9a3bb2d4c4d149f63ae7448df755a5d87cde2b563829723a57ae7cf0836db65f0e2ee28c8ab41b1524a748b6784d0193afe901650a67db7042e55ee26719eb794a46300bceed7262846f469f0b9ce3bbdcc44f988b1fb06b70193647961e59f5b4f3fe10ad3d9257a704363845ed7cc713a8cb8b361d6646d651c94d32459fbde573295f9ed593864ceafa85bb880fe8caf88cd9e1428cde3ad3f6e747c7648466224b106df494673f6d0a633adba89633cd316f786984e369af22ecac58dbfa875cb14eaa84ae5fd96dbfd8ef143ff82792648f15b7995abe893cf761d8d4e27f4e86eee727dcb36eb4be08cfeefb30009c78ee4331cce490c047cce3e07c529032433f27134e76b0c0c84a34c22e2e9edbd565b2eca4688737bc8d3ebdc793e778ee0da26be2d465cd980d7da3944887cff95f3069e22e3fa5795f141b1c749c02b50bde5438254aeb8ce5a98a26610b4af38716f4adebfffac1a8003e3cd63ba4b04c26136c1b100fbd2e6559192289038dc1c59aaf66b2916cba6691a465f31042f5c7042986bbd77e22391286a3838476096ff766d459b12e518cc5e5961b57c5f4f7ad65e9da5f5c36b88f98fab824e217b55a51e9c09c5b787ea5929ca679e5edaf05f6cc407ab44f94bf5ebc4ec738a58564cbe09e85da1ebc373ea7b5a2022894e90ee895a1a1561ec9a0aadc1f3265ae997bb0935cf4fa4e4a14cb1b9c195cdd67bb9553c87a43dbecb964e7cfa430abc8f83decd663aba9b06bb69ab6dfce47cfe4b65cd7a618ca2f9828a8648606019f56fd67664081a5b6855d1311e3e9f8304d77b762865fef50aa05bb45c2b8d84de2a4a74b3a542c632ede90869b26bca46d1b37542c94d0045a3a76576aec5c9c2c053b6073f59366af4f1c1b97b77859895053cccf94111e07c767a9f84096d964fcb989590769bd56d2ffacf5463b961c3fc7b11f1093e0488abce1681302cba572337896e1dc3e150dfbbcfbc22950622dfcab275152ba520e052f197f0a95d8f35c3211a4a59d97eb4761489bc9137df4c84e66ff273685a641ccff8d9e67b971f74572d66b910d4d919b0bc8648cc255d456fd2d3644b3953f14e8c526b7e244964202d6068757c0155597797b30afef30edfa4fea0b73f53ca0aa2d50a005dde98383b7bc7e3b47811fa459f7364ce3eded1f816596df0dbb12a4f5ba2734ad31ad5bbd51bece67283d48f53980efd3195549a3c973a0dee0a960973e6238493ce413d7087bdcf5c41ae236d0255fc039db0e9ca39e1937cd9e64a381135519e2a10ba2ad6c92cf4ec8fd783801d56e5255617a7e77590b7ce8a68340d461bc4bc17057e09b7d6f63387bd4b4eac4fa0be8bd3b6f7d1414cf632f6588e1ec70cc3046d473348912b71424bdfeba1eb45cdf555c61172c674ebabbe49d88fa0ac204fc59ab021d2c5fbb3eb92f4f7b350a5514170242a0e885c40f859b8e7492ecec34692db6d8c3f09fa8dd5585c5f3e43ccbefbf7c35c2968e0d23586d0bf6c95a13f82c1db840dc49032aba8c8d9c117e6ab80e90bcd60e3092cc4ec549484774c0779073bfe44b30377ae6b172df1942184aa51f2669494911550d74f42274d1ae7ce6cc66bbefc5d7d443d0e3983300bdc6db114efe2bd4b51c6daf31e4b90129e00b0b3b016df15a9f0ec7eb6e331bb4e6a8e519c21bf1f8be32138925fb57c60fb14d156c972492084916053b985b8ce8f6ea739b22855041b6f9c1f00fff38c96995c35398840292a12c7804668d7856c04bb396a182eb5a92e54cd56dcb531e366274dc051e81a8a89bba0b312332069e630341b71fc02c7b94302a85323a448459de00a5cc0ce5bcbab2314660e64adf0d870868b2f7127ec155bc4a57de6ab4e3013e7ad07cbac53f0cab8ba4e91d0942bff0fa86669763f091122c4602fbfc580ecd10a6816918f236dc8b65f609b3af3b30e3109a6a6d0efd947e8e7110ea11d503deff5f77a6d32bffd22e2d30dd7418f0ab085d28880c5faaa001c0f4aa532b922438447530d2577ff9765acbc865acce3aca2959ae95b3874bd4c5ab618cacfe0beeb9d11ea8483db0e59020b127f184aed44cd656affba19cb7c18c3a6e56c432967734de6b5ea2593ab46e3249206fbd9b1058f2c501fbf04457f20a7516226a18990b88498c1a410ab412172fb811965a48d8498a0718d9a87422575941e1aa61e0be8f83ab6490b5d8ee78976065d1b8f9436306baf9f3866e6be4b51cf930e904a5e50c296794534b50e55852f8e9f1f9668e3bb30c52be0303ce5a8e30868422830ab76b34b23f92ad60f578bd96fe85996fa69daf823a5bc976d87f2e1fb3f7c5fe4ede82fe9c3238708604375f80577bdd3161f7d43475f8c8d2c90bc4252967c9026d2d13ae3acb62104066781d522b0761086612659675f5d24faa859551af84d20969dfe73dad53ee270597bd539fcaeb252fa827215cf38f799a13f9902adf425dd15ab5e0c37b6f6dbd8a168447d6fef6a6e97f8a5794983cab4262e9b26f080184f820a905ec201cd6a102a4f004d142e327c89692dc484b1e00a56122a5e72a5f49992663b38292d6daadec3891f51faf162dc282560b340696ec79dfa4b86d4ac385d29f8dc56948f75d56c0d58fadd20aaca7dcc5fb9792f18e1531a863a165317c3ef38f74efdeb8f7423f10baa7baa197334d52eb5fb6479a9fc9654e034b16761bf37d118f5731556a1acf52e49ee576bcc10a466d14a05402ea238ad55284f5733ee4f5a74ed351df315164747e3f7c67cefa7cbd0b75fd4764066d725d1fdf411a36083614052881faab4c298a1c5da01baf186776d5eda269620401ca341ab5ad0b13fffced2e30ae03c6e8bef9a78ed45123ecd6ba89a9ba80bac077bb4d446b71875b825cfc1e92c6bf6f450152037f02c41fbb296c4b843994f4523d8ff0512921dc56fc44907c7903977c58811ce3d96f4daa01a883b9b7463ff3e214ac4b469fcc79833402a100cf2e4712913fe2455dc207a13d136cb9495d5048812dbd0fda2b106f7f37b9d6e5e3cfab11f13c84cc47c6c7ad5c85f27558363e36b04f08fdab43784d8716d4f7b28668a525949d56108c834b47444b2137fe06605ce110f0935c6205c03fd0a109f899db4bdb31765ce91919192a1b3c889fcc0caf91e72927f38cbef5ae936cfecf65c730e3b4bbe4371342fc65a0bdecc64b38ebca74e99768fa88f475037d7ff3ff02839d282767b943dc4dfdcb2725cbfc43738d7095765fa2f51857d7769ae0499cc71b024e38bea2522e60786ea9911eaba46c8168767c47a1f1022594c61dba1acd00786480220644652bbed0afde92fd6fcb9838438185d5f12bde6ce67dad532083a5eb72eb4a88ff398189fd3f1f1fba18126bc5b9d892f909a7b41ada30d96466d0db5455b3846ad7fe27107a1c0452d4974c79cd39bcb785f2e3aa7b36a1f8cd883f2bf4f3d1bd97183ae7fcf0246dd6b1e2fed73f630e22be315409c984d374658def8faaf1acb2da690b3a51933bdd72ba6b61caaef5b99b26fe5893a24ac2bb7ac6d7c1f82bbd4bf3560b7b96d38a8327f1888a05651ea6139eef97f74ff5ae74ce640f6df83c86894842e1ec6348c45c1a3689958df24d00eac2505b8c9f04be56860390a76dec536fd431cad1829036e104c805f0712db119ceebdd40c009bddd83ad612ff84d7db5600fe5ae2dbcdf748adf1de7204b8e2c222e5bc1603fd9f7b227df25cfc874a22884803f89c5b453be64bab0aa63ccd4eb48394bb03d4c38ab7aaf005b3ceeda63964fd3b33b00f976c5cdf61b9f64cab0809ab1c32e8b915d41dcbacb20f5def4bc653f0ee2183e18e6b309be0d5b79c89fa29fd5ad27e673f5b706cc25041fa0b8319713dc9ee81c1b7d1a8d8dd2c0c976aa5ca378294419692c6975b7b1e49f67de2ce41fd76a3ed2cff83f6b36792798ee99ed2e442f98d78de6dc0f2b0cb8e475597224a094cf6dff24061650d5785242e369d909c202f99a3810ee5830dfff9a97e7ffd2fac2eae8a03ca61de100fb15594b4ad1afd5051ab54700863f6de6fc0551761e1bdee38cd2dd16cb23b96b7729f3ffa061a8e15c282a4b7421de7dbf54048680c8a1ff121743aba930e0d6383d90e122531ff66fd70eb5ced1f3d6d1898d23b605ad074d7bd9121da3cb3bb753b004476f4b4724b3aa89c762b51832d46fffcb51f84e7f62a313c8cd293fee179424963be069ea9ca3df0aa607435a4d1f69c67d8c01fd05859413d20f16cd95bef3b50a05aacdd4c115fc24bc233030cbf061432ac1e5c87ae80041ed7f1e60cb9c1b59843649fa610134ac5a80f1d0646f5cde3b2bf1458ecfa3c12847cd6266419075250596aadd7e8f01ae30c51887ff48e1c37e78dd5b3a75ad3e7eb4ef0a6cc5b5483b982cc16ed7b4fe7949b8287b13356e44f3122773aa1a738d4418bbcfc71959ac09fd7b618d2c50e3e51b7b3d2f62e3755de3fc22ef61aed727de79a85cc259dcab0fc6417171aeb053f0bfe056445759edaeb6f421431c21ee16e19fca257e02ad748d89d83aab48af2babcc2e570043b846772a9192cad20b2ef458f0fc2e6c0fbfeb76931a78223617fd0328ea24cc577c9a563b3279244fa3864cad213124e32a2a1357da7252c979aca82390c1a5081dfd94cec718d3c7229326a6fd90d3ca9fcba6fa35ff8172fdb96207047a1c61dbc62c3f44eaefbe7f88010ec0ec28fd1bf60f18faf6ea11f3698d184753e3c66c0fc525d13995c0a8fece6e78d164885e1ca3817b21814d52e065b9d498e44075cdf3f373cac4172779b41d9372bc233bd572ca97a19a8bb67200d668be3043d424dbddfa9da60f3394d473c1b3758ad1a108ac478e11b28df899bc84a9ead8afd690065fe69c0b90c1753e8c3592fa1f8afc0bccc2a75de102cd259427b93671e03dc7a0c842c10f687b8928757f68a51ad96622c0cd58861324c44db38bab9361bf1cd46fd8ab571944ae52ec61c1f94d2970d6ce423483e3aa0c6cdbad118712ef7433cc5ac004c35e8a7e5d515a2b2253a62e179458d54b5a56f9b41b3d62ebff5bf535059b929fa239f59e8274202c37ddb2d19bd02b60473e56d1b8343682a9c6f5b82bda76248832d8cac360e25fa7a0dd0d9cdefcff7aac3db81fed513835e1b362453eda47aecf07eb2a31b2a7cfda86f33ec4f5dc3e0a92d4e9aa75aa110f86ebff3a8a7baab6b5d813ba26a649789af09b2295c4362f64352c094dc66a38db9e84764d4821b49b10616c11510f7e04144256e33d548420027ce98f2e54fb0b6bdf2d19e7751dfffb5fefd2d8ebad08a49ba31708da29cdcf500387e22afc7ba4c74eab36583af613559746a783d58fda602618616d135dc7eff0a8062352e2f1d36a9412496d03ce2364723ef0cfaa18d614dfc40dff999d61cac5ef41189b2581f74b6ee71ff6bc2323b7a111b2f2303270d39e22fcd46865a02477584488b5471012eb29c1ecbb2f74c43f2c5f9e0fab026117459bd5c399ca340d222228c7c136b34380ef8a8baf871b6b7584c295e89622172eec81979815d1750cdf9c3be68d71d08267cb065df399dcb5340d645ea6aa2fb671871a0ef84ee6dcd4d31ad6e221e5a286d5bf7b9f026e76ef26d6d8c83b760c70473db870e7753f8528f640525af6c67e34d7da1a3211e7d7bef7167d6d800bcc7a0901646472ffafc0e914a95d1e4f902a616e32fc2bfa913ca6a623e6b1b2ce5fb6b89521f6fa6b9c704cd9e3227b7c2887748b9461b21def551b0d9735bb7a930872e5c3b4ae1c02cc907da37f69680f1bd22a0acd33ec60648729a63b0902da9e762284061f0a1bd8dc2f8a93fd390633e4ccb0af7c15191dc7e9bb86cd58eefb6fc46af8f7da5d152b883f273d893fe52d40450f4aafe639e643dc7f5e85426bc5b9e074b76b757b860cb8ecc79e11b52a5bd20ed57ff8afeaeffa9914a776c2684eb87bd75c3b9fb1632550b5ee46952fc55cea726fdd3485ed96226c8140393964a80f3f3e06dda77f25d351049b1dd4964f3d4996ddda1d50a74f6b6463770d1047fc49852d2c595fe295ba2db75476dbb053e21c59539e039bde113c368bd9c9fb3f165f5e63dc769264fdf3e42bf600a493a96c4ab853e57877452636b3a1cc969ec4c9dc644f6e90128811479e4eb676ec55b32388e449322fdb6230901725844a8ed6cc3c2c25e483cbf01bace99a1092e79883471faeccd74a9d938ffb9404af64665b2595631fdabc4f089e60c49be4b6283b25c8e9a094170d6a4449a92863ca937f2decc11c6d0db996d83551ede1be300e3670d86926954700579c4a1453f9fff573a2b9044d18d30a193da28a4c25d9e67380a8551e63b3391d5adfb2401dc6800e8dfcb59ea800ccb046f2d8495a4b1223958deff8b9a7bb00aa5db265e2c56a8b4d3a050bc6a9051aeebc23f8f387c48749c2f8cd5371f0a215c1097e30c0b814270539bdc252aa0ea077adde6c4c6bcaebb2c9756724d83c20cdb1d44b8227d3eba6e12f48c089ead377d6d529a217c7c31a623232d257d2f2763be3b8c35c31601068213ac8b43665797b11eb2fb3f31fd2cd044d5ad648f3d7513e9190aedbebf69d92c984cdf07766a1ddc50ebc79b6aca5976a9c914da4b4749ab44b849d256d96a74ecf971df3405191ebafd7d24a7f16cceafdf00976915b2aa22516319b1de41ce29f06d4a23d9a472f9589e64cc722cdfb6045caceceb73ff82411dbea449e2f3b63d24737fee17e2637c3432be29874db6ab501c24e2f242d5ec0f43c582d213bf829fd1ca8c0c362779cc62cf5e7530e9400577a42311da255e168832526fa471ff1d26c88e63184fd6b359d5c0ea97324fa251e6bb52320f3fd3f695a18ee14672e895f6c7a168dc852e8679c23122a76fd21de94ce714054ba2b6b4d2bbb85a9f9200834d6e0db995a4a67e99e333b396e36e4ada8346bfc892ed2363578895c67666be04ec5c3c8c488bd127ead41e9c7370b4af94a8becbea63dd9f15cf5509ebdcf929bdb690b4ca7477bea940d8d4407aff9ef360ad3460842f81206e44e60509a7aa5aeb0e88410c36991b7e0b02c3f98fc11a5943981c8dbca7409e45071413dfd9221ef764332f8c838438e3c840138ac370afaa97d6982ff54a749134e323bdb8885e267ba533f217a68f9080cfaed9a80941c633424dee2c59d26d3c4d37ffd40589a0baebe98ad10ed1848d0635c503ff0da8e3e005857ca992d36f946adc466dbdc28cc7caffa4492d5d6071afea20dd5103fc6f717330a585d150afdb11e024a3b0c8be6ad8e6e95571d8cdc92b5de5f1cc3cafb7619d9ed7700d14f7f53c11840c4581420804b264267c5b6ea4b7595a0b7aaf0318af7e462e79a1e2450e2831ca58eebc5dba3f163e9c58d07f4f768baf26daebd0f88e712f488eb7550837d40cdf4789dd5e3e8088a8f263b2632e2355fff581e4c61f7174e04d593c01088d952bfda83883640a8d368c9ebedfc135f60fa1294a4c1794a2e0fdaba1c5f70e2f011a9d9b987e43368ce1d582ee4b43006da4dd528bf35cb182af12dfefeed7d3dcbcde08a17475e86be6b3d3c9721d8490c4adcfa2ee5f8c949e4b3bcfd87abf128a77f3f5cdd538e507911e5109ee6330983a0149b2f231db5f2d4c14825e1d6778be669e9521c4273fd4e1ff37e5c839b2e100b9bf85319e6cd70bad6cbc4280a0d2c35e59273b989ebd6ce82591210e85b5fedaaf0bb5a1a3ddb4c9fbad4d13f0123139c60bafc79f7ea5105ee6e745e7825bc674c4f519edd8eb9060aeaaba876d7171f3063eb56beaf3cb3d1b3b567b5b3fd2e47b450e2a9c5b05c6896f12f272c5a984229b0eaaac650f1955219d9ec539a7b43706b7d18bb3ac4c9af097d486a3412f0383b18f50247edb64b4a98dfd3381b45b107405861efe50e68d984a7779bc460feab846102cf02f3fccad7fd9c049386c9e232c1d755c40d2d602ca20323920a1d05843762c1e139939a4453564851673850964e8dee3fabd6e8e1c1c3f98167fbb4d65f77f0d612ce3f706fc7202546942fd8a2a9c5b2467570eb4e0759e7a52881913d7d67713348e34be07a6fd1fd4c205c8184147cec4223451f4f48ccb459649e4e0dc4c30fd5f29e26830311f0940aa7a183f3cbc19188fc8c42a127da16edc3f5ba2416eb99f2c821307105f59b2414b3d3cfd0234a758d53a315f291f1c95c9c9df21ea81e56b144d6c9af4b87957be81a23d6e5a12ad601608b138e628fd744bee1509fd28f5cb7a4023031d95c3fbbe6811f1c6cadf0538b8fbfd56a74ae5992c133cda474652e3cfcb494b2ec2cb17eadd9987c0968211e14dc9eba4027d9d256c5fe2bbe907f8ca8eaad4112063b6d8715d95074fbe675414438b7b96ed6bf626d8c385d03c5fca007b5b953c737ea9da67bb435aefefefaea1c695bf28dd0521852f5006da42cdc1f78fd436c2bfbb4d461fe448de51df67f1cc26ddc36498c2b278a961fc579df2e9555a7e83cd2f9eca909427ed50351a65195a8215e756afd51ed6d03af56edd113ed8666ea11c61a48c79a9526e1e8f17a27120f6243219993641cc1b49030b8665271ab7dc81a2761b7fcd88e5443adf06d4b3ca9c2bd839b998230ace34db18c4fda647becd2c0e0770c787b8f723a78061899cf2cb943bf572b28232da117764b4f4df14daad533a02e66630d9f871ebcc9272e8ce02d8c2aab64130fe44e75c8ddca6f4fe0c529d991ab14873c06c7dd48f188c6d25dc4157a887cd51817c7d7325f366aaff0c47f76dbbe64c176d0a2c4bf9b10555907b6ead1b5404b096d0b4c69ce60960115891395a85e4194ff851ac4550845321ad4023638255e9e8d03d022b8d0e585030af2f6817ef2b8ed651a9aed883b9999300a4364ca795822895d2342f9353862f8d7df5deaaca4f1271d833c350fc03e9e44f3f0c9143f03e58cabe0216d5ddec3f147caf6f72294be3d34cd1f907ecaa8bfedec6761500702680648dd2d581b0e6f7e36bd3033a5245f2ecfe67f1b4c4df6a8ccb9b309b8e56d1638fe12372e9fb4f5e22f1723568c4be1a1e17670da4428810b370550278006ac6f177fb7be96a2990859121927d2e7943e001fb9355072b8619dde1012303c60f9f917ff88bd768a0772f0872f039dc8e7790e15442280249a07c30b1bb8bf368f659aee5f87549ad0b2b131f91189b91aab6871a1c57b11307e612029670525a4325756ebc1ca8330303705c8add2c5ac77b8950cfdf90256fda78c137f6f32e7a2dfd6b61c82cef532526faabbd97d85f72823069a80aed209870140f7fd4c2256e3454e6763950157cc5ae6f910c549622684081fccf13821a3da08e3b78177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b8806430435783d430c519c270c6afe7409d52fbfda69399bf759a3a19844700e4de3a03d5f8bac68201b8947ad3b7eb026d9594ecb8d021b9c3e610265c6206548966536ad9d7d4f9253cc9f9bacff5600c6cbb55e088608704b5ab68782a4e40ec31ed9ee6b11f7bccc22ac51780fec944e38e4efcc3698c2e52c88aa209c130abdf652524140167aa42e5e88232bca699ad5a76d981b7d925e9536115f40f485840b7ca4acec61c6b949f8e41e9e27417190791b2389d24a7ed9d1bfc909c4c61c592eaf916ba5787b34a39ccdb8584ca0ed7d89b62d6ed120bdbb490f330aed74a2b9b4980312031bfd5eb7d0391edbd217a0e13b010a583816264a510dc6de1cbf3f0020e0cc4b6d0fe09014c0f0c618336e57271860cd644a01aa6ec1098e0d0a3b2a0ec517e3f23a58001a33072ce54f17f13a0d4d7ff47df56e5f29983f973b47be1d79584ed79eca451d95297a5a565a664f003f50e56617ccd6566144814610350a0a24f54742d904eb9fe0c18f2a91210f2dec5a2669591b1c08e72e0f2feed4205c628d865110bcec0fa8d59035563cc1314f7ae4be27d51d4a20a36a9b6637170e3bfd021843e5e21d6cc820e335261098b6d02c4a07e9dfa0012ea538c641508ef6a55cf62b4af853be62ece4bf7853a90bc0ff270215473f396c3ef498feedaea8b364a933387b715b1a49d12deb5c5c38cdd41ffb7bca3d28e2daedc14448bb66ac4f7f9cf7e52ddf67950eb8118f87670bb55187d6832c1d50aa6562e368410acad3e1a582a246021cf692d395a1f448c1dce7709556b08461fbebserviceorg.fedoraproject.FirewallD1.server.policy.choicerootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootfirewalld-2.0.1-150600.3.5.1.src.rpmconfig(firewalld)firewalldfirewalld-prometheus-config  @    @/bin/sh/bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/python3config(firewalld)coreutilsdiffutilsebtablesfillupgrepipsetiptableslogrotatenftablespython3-firewallpython3-gobjectpython3-nftablesrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)typelib(GObject)2.0.1-150600.3.5.12.0.13.0.4-14.6.0-14.0-15.2-14.14.3g#q@e@dD@cGby@bA@b1@b!@`m`@``2@_/@_[f_X_R,@_9_3^%@^d@^9\]p]@]4@]4@]v>\\\@\s\Z@\73[ā@[[@[[@[[qr[m~@[h8@[?YZz@Z3@ZZ@Zs@Zp^@Zk@Z;@Z@ZOZ@Zr@Z }Z ,@ZY6@XXXEVX)@X2@WiW@W{@WrfWj}WXWM|W,@W#LWV޾VՄ@V2V@V@VHdavide.benini@suse.commohd.saquib@suse.commohd.saquib@suse.commohd.saquib@suse.comsflees@suse.dewitold.bedyk@suse.commrostecki@suse.commwilck@suse.commrostecki@suse.commrostecki@suse.commrostecki@suse.comrfrohl@suse.commrostecki@suse.comfbui@suse.commrostecki@suse.comcallumjfarmer13@gmail.comdmueller@suse.commrostecki@suse.comMathias.Homann@opensuse.orghpj@urpla.netbjorn.lie@gmail.comngompa13@gmail.comMathias.Homann@opensuse.orgMathias.Homann@opensuse.orgMathias.Homann@opensuse.orgmrostecki@opensuse.orgmrostecki@opensuse.orgdimstar@opensuse.orgdimstar@opensuse.orgmrostecki@opensuse.orgmrostecki@opensuse.orgmrostecki@suse.demchandras@suse.demchandras@suse.deluizluca@gmail.commchandras@suse.demchandras@suse.deluc14n0@linuxmail.orgmchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.desbrabec@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dedimstar@opensuse.orgmchandras@suse.derbrown@suse.commpluskal@suse.commchandras@suse.demchandras@suse.dempluskal@suse.commchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejengelh@inai.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.demchandras@suse.dejslaby@suse.commchandras@suse.de- Fix for SG#69031, bsc#1231771: * 0001-fix-nftables-set-correctly-match-iifname-oifname.patch: [PATCH 1/2] fix(nftables): set: correctly match iifname/oifname * 0002-test-ipset-verify-match-with-iface.patch: [PATCH 2/2] test(ipset): verify match with iface- update to v2.0.1 (jsc#PED-5597) * fix(cli): all --list-all-zones output identical (d30bc61) * fix(cli): properly show default zone attribute (ea8d9a8) * fix(cli): properly show active attribute for zones and policies (b202403) * fix(cli): --get-active-zones should include the default zone (dae9112) * fix(nftables): always flush main table on start (cd20981) * fix(runtimeToPermanent): deepcopy settings before mangling (9c53639) * docs: fix reference to lockdown-whitelist.xml in SYNOPSIS section (1c77205) * fix(firewall-config): escape markup stored in bindings store (c876fd0) * fix(tests): avoid deprecated assertRaisesRegexp for assertRaisesRegex (2935119) * fix(icmp): fix check_icmpv6_name() to use correct IPv6 names (af3c35b) * fix(ipset): fix configuring IP range for ipsets with nftables (6a050ec) * fix(ipset): fix configuring "timeout","maxelem" values for ipsets with nftables (7d3340c) * fix(core): fix exception while parsing invalid "tcp-mss-clamp" in policy (ff61209) * docs(policy): fix wrong documentation of in man firewalld.policy (21026d9) * Correct Requires, python3-slip-dbus -> python3-dbus-python * This is a major release. The major version is being bumped symbolically to reflect significant changes done in commit f4d2b80 ("fix(policy): disallow zone drifting"). It does not contain any deliberate breaking changes * fix(reload): restore policy for old backend if it changed (de85849) * fix(io): rich: tcp mss: handle value=None (8016f10) * fix(firewall-config): rich: set destination address (f6641a9) * fix(policy): mixed IP families in ingress/egress (69ed4d6) - removed following patches: [- 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch] [- 0003-firewall-offline-cmd-fail-fix.patch] [- 0004-fix_rich_source_address_with_netmask.patch] [- feature-upstream-new-check-config-1.patch] [- feature-upstream-new-check-config-2.patch]- Fix firewalld does not longer understand IPv4 network masks of type `255.255.255.0` Added following patch (boo#1212974) [+ 0004-fix_rich_source_address_with_netmask.patch]- Fix firewall-offline-cmd fails with ERROR: Calling pre func Added following patch (bsc#1206928) [+ 0003-firewall-offline-cmd-fail-fix.patch]- Fix regression introduced in previous patch (an api change to a function also needed backporting) (bsc#1198814) * feature-upstream-new-check-config-1.patch * feature-upstream-new-check-config-2.patch- Provide dummy firewalld-prometheus-config package (bsc#1197042)- Add patch which fixes the zone configuration (bsc#1191837) * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch- Fix modprobe.d directory for SLE15 SP3 - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)- Remove dependency on firewalld from firewall-macros (bsc#1183404)- Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option. * 0002-Disable-FlushAllOnReload-option.patch- Update to 0.9.3 (jsc#SLE-17336): * docs(dbus): fix invalid method names * fix(forward): iptables: ipset used as zone source * fix(rich): non-printable characters removed from rich rules * docs(firewall-cmd): small description grammar fix * fix(rich): limit table to strip non-printables to C0 and C1 * fix(zone): add source with mac address- Add dependency for firewall-offline-cmd (bsc#1180883)- Remove the patch which enforces usage of iptables instead of nftables (jsc#SLE-16300): * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Add firewalld zone for the docker0 interface. This is the workaround for lack of nftables support in docker. Without that additional zone, containers have no Internet connectivity. (rhbz#1817022, jsc#SLE-16300) - Update to 0.9.1: * Bugfixes: * docs(firewall-cmd): clarify lockdown whitelist command paths * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active * fix(policy): zone interface/source changes should affect all using zone- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.- Add python3-nftables as a requirement.- update to 0.9.0: * New major features * prevention of Zone Drifting * Intra Zone Forwarding * Policy Objects * For a full list of changes, see https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0- update to 0.8.3: * nftables: convert to libnftables JSON interface * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. * allow custom helpers using standard helper modules (rhbz 1733066) * testsuite is now shipped in the dist tarball * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting * fix: add logrotate policy * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: ipset types using “port” * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify –set-target values “default” vs “reject” * fix: update dynamic DCE RPC ports in freeipa-trust service * fix: nftables: ipset: port ranges for non-default protocols * fix(systemd): Conflict with nftables.service * fix(direct): rule in a zone chain * fix(client): addService needs to reduce tuple size * fix(doc): dbus: signatures for zone tuple based APIs * fix(config): bool values in dict based import/export * fix(dbus): service: don’t cleanup config for old set APIs * fix(ipset): flush the set if IndividiualCalls=yes * fix(firewall-offline-cmd): remove instances of “[P]” in help text * fix(rich): source mac with nftables backend * docs: replace occurrences of the term blacklist with denylist * fix: core: rich: Catch ValueError on non-numeric priority values * docs(README): add libxslt for doc generation * fix(cli): add –zone is an invalid option with –direct * fix(cli): add ipset type hash:mac is incompatible with the family parameter- Update to version 0.7.5 (jsc#SLE-12281): * release: v0.7.5 * chore(translation): merge from master * fix(cli): add ipset type hash:mac is incompatible with the family parameter Fixes: rhbz1541077 * test(rhbz1483921): better test name * fix(cli): add --zone is an invalid option with --direct * fix: core: rich: Catch ValueError on non-numeric priority values * fix: update dynamic DCE RPC ports in freeipa-trust service * docs: replace occurrences of the term blacklist with denylist * docs(README): add libxslt for doc generation * test(rich): source mac with nftables backend * fix(firewall-offline-cmd): remove instances of "[P]" in help text * test(check-container): add support for centos8 stream * test(functions): use IndividualCalls if host doesn't support nft rule index * test(functions): add macro IF_HOST_SUPPORTS_NFT_RULE_INDEX * test(dbus): better way to check IPv6_rpfilter expected value * fix(ipset): flush the set if IndividiualCalls=yes * test(ipv6): skip square bracket address tests if ipv6 not available * test(gh509): only run test for nftables backend * fix(dbus): service: don't cleanup config for old set APIs * fix(config): bool values in dict based import/export * fix(doc): dbus: signatures for zone tuple based APIs * test(dbus): zone: fix zone runtime functional test title * test(dbus): zone: fix false failure due to list order * fix(client): addService needs to reduce tuple size * test(direct): rule in a zone chain * fix(direct): rule in a zone chain * test(dbus): zone: verify runtime config APIs * test(dbus): zone: verify permanent config APIs * fix(systemd): Conflict with nftables.service * fix: test/regression/gh599: use expr to be more portable * test: dbus: zone: verify runtime config API signatures * test: dbus: zone: verify permanent config API signatures * fix: test/regression/gh599: fix if not using debug output * test: log: verify logging still works after truncate * test: ipset: verify port ranges for non-default protocol- Update to 0.7.4 This is a bug fix only release. However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. * improvement: build: add an option to disable building documentation * Typo in firewall-config(1) * Fix typo in TFTP service description * doc: README: add note about language translations * fix: rich: source/dest only matching with mark action * feat: AllowZoneDrifting config option * feat: nftables: support AllowZoneDrifting=yes * feat: ipXtables: support AllowZoneDrifting=yes * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting * fix: add logrotate policy * fix: tests: regenerate testsuite if .../{cli,python}/*.at changes * doc: direct: add CAVEATS section * fix: checkIP6: strip leading/trailing square brackets * fix: nftables: remove square brackets from IPv6 addresses * fix: ipXtables: remove square brackets from IPv6 addresses * fix: nftables: zone dispatch with multidimensional ipsets * fix: ipset: destroy runtime sets on reload/stop * fix: port: support querying sub ranges * fix: source_port: support querying sub ranges * doc: specify accepted characters for object names * fix: doc: address copy/paste mistakes in short/description * fix: configure: atlocal: quote variable values * fix: nftables: allow set intervals with concatenations * doc: clarify --set-target values "default" vs "reject"- Update to version 0.7.3: * release: v0.7.3 * chore: update translations * doc: README: add note about integration tests * test: check-container: also run check-integration * test: integration: NM zone overrides interface on reload * test: build: support integration tests * test: functions: add macro NMCLI_CHECK * test: functions: new macros for starting/stopping NetworkManager * fix: test: leave "cleanup" for tests cases * test: check-container: add support for fedora rawhide * test: check-container: add support for debian sid * test: build: add support for running in containers * fix: test/functions: FWD_END_TEST: improve grep for errors/warnings * fix: test: direct passthrough: no need to check for dummy module * fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version * fix: reload: let NM interface assignments override permanent config * chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES * fix: tests: convert host ipv6 checks to runtime * fix: tests: convert ip6tables checks to runtime * fix: tests: convert probe of nft numeric args to runtime * fix: tests: convert nftables fib checks to runtime * fix: build: distribute testsuite * fix: don't probe for available kernel modules * fix: failure to load modules no longer fatal * fix: tests/functions: canonicalize XML output * chore: doc: update authors * fix: test: use debug output based on autotest variable * fix: src/tests/Makefile: distclean should clean atconfig- No longer recommend -lang: supplements are in use.- Replace incorrect usage of %_libexecdir with %_prefix/lib- rebased the original patch from revision 19- Added a patch to make iptables the default again on openSUSE- Update to version 0.7.2: This is a bug fix only release. * fix: direct: removeRules() was mistakenly removing all rules * fix: guarantee zone source dispatch is sorted by zone name * fix: nftables: fix zone dispatch using ipset sources in nat chains * doc: add --default-config and --system-config * fix: --add-masquerade should only affect ipv4 * fix: nftables: --forward-ports should only affect IPv4 * fix: direct: removeRules() not removing all rules in chain * dbus: service: fix service includes individual APIs * fix: allow custom helpers using standard helper modules * fix: service: usage of helpers with '-' in name * fix: Revert "ebtables: drop support for broute table" * fix: ebtables: don't use tables that aren't available * fix: fw: initialize _rfc3964_ipv4- Update to version 0.7.1: * Rich Rule Priorities * Service Definition Includes - Service definitions can now include lines like: which will include all the ports, etc from the https service. * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in firewalld.conf is available. It does filtering based on RFC3964 in regards to IPv4 addresses. This functionality was traditionally in network-scripts. * FlushAllOnReload - A new option FlushAllOnReload in firewalld.conf is available. Older release retained some settings (direct rules, interface to zone assignments) during a - -reload. With the introduction of this configuration option that is no longer the case. Old behavior can be restored by setting FlushAllOnReload=no. * 15 new service definitions * fix: firewall-offline-cmd: service: use dict based APIs * fix: client: service: use dict based dbus APIs * test: dbus: coverage for new service APIs * fix: dbus: new dict based APIs for services * test: dbus: service API coverage * test: functions: add macro DBUS_INTROSPECT * test: functions: add CHOMP macro for shell output * fix: tests/functions: use gdbus instead of dbus-send * fix: dbus: add missing APIs for service includes - Remove patch for using iptables instead of nftables - we should finally switch to nftables and fix its issues properly if they occur again: * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Remove patch which was released upstream: * 0002-Add-FlushAllOnReload-config-option.patch- Update to version 0.6.4: * chore: update translations * treewide: fix over indentation (flake8 E117) * test: travis: add another test matrix for omitting ip6tables * chore: travis: split test matrix by keywords * chore: tests: add AT_KEYWORDS for firewall-offline-cmd * improvement: tests: Use AT_KEYWORDS for backends * fix: tests: guard occurrences of IPv6 * fix: tests/functions: ignore warnings about missing ip6tables * test: add macro IF_IPV6_SUPPORTED- Move RPM macros to %_rpmmacrodir.- Revert last change: the macros DO reference firewall-cmd, but as they are expanded during build time of the package, not at runtime, the point in time is wrong to require firewalld. The consumer of the macro is responsible to ask for the right commands to be present at runtime of the scripts (boo#1125775#c9).- Add dependency between firewall-macros and firewalld. (boo#1125775)- Fix --with-ifcfgdir configure parameter. (boo#1124212)- Add upstream patch to make --reload/--complete-reload forget the runtime configuration and always load the permanent one (bsc#1121277) * 0002-Add-FlushAllOnReload-config-option.patch- Update to 0.6.3. Some of the changes are: * update translations * nftables: fix reject statement in "block" zone * shell-completion: bash: don't check firewalld state * firewalld: fix --runtime-to-permanent if NM not in use. * firewall-cmd: sort --list-protocols output * firewall-cmd: sort --list-services output * command: sort services/protocols in --list-all output * services: add audit * nftables: fix rich rule log/audit being added to wrong chain * nftables: fix destination checks not allowing masks * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361) * fw_zone: expose _ipset_match_flags() * tests/firewall-cmd: exercise multiple interfaces and zones * fw_transaction: On clear zone transaction, must clear fw and other zones * Fix translating labels (gh#firewalld/firewalld#392) - Remove patches which have made it upstream: * 0001-Fix-translating-labels-392.patch * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch- Add upstream patch to mark more strings as translatable which is required by firewall UI when creating rich rules (bsc#1096542) * 0001-Fix-translating-labels-392.patch- Add upstream patch to fix rich rules that uses ipset (bsc#1104990) * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch- Update to 0.6.2. Some of the changes are: * update translations * nftables: fix log-denied with values other than "all" or "off" * fw_ipset: raise FirewallError if backend command fails * ipset: only use "-exist" on restore * fw_ipset: fix duplicate add of ipset entries * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) * ipXtables: increase wait lock to 10s * nftables: fix rich rules ports/protocols/source ports not considering ct state * ports: allow querying a single added by range * fw_zone: do not change rich rule errors into warnings * fw_zone: fix services with multiple destination IP versions (bsc#1105899) * fw_zone: consider destination for protocols * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) * fw: If direct rules fail to apply add a "Direct" label to error msg * fw: if startup fails on reload, reapply non-perm config that survives reload * nftables: fix rich rule audit log * ebtables: replace RETURN policy with explicit RETURN at end of chain * direct backends: allow build_chain() to build multiple rules * fw: if failure occurs during startup set state to FAILED * fw: on restart set policy from same function * ebtables: drop support for broute table - Remove upstream patches * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch * firewalld-fix-firewalld-config-crash.patch- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821) * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch - Add upstream patch to fix building rules for multiple IP families (bsc#1105899) * 0001-fw_zone-consider-destination-for-protocols.patch * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch- Add firewalld-fix-firewalld-config-crash.patch: set nm_get_zone_of_connection to return 'None' instead of 'False' for automatically generated connections to avoid firewall-config crashes. Patch provided by upstream (boo#1106319, gh#firewalld/firewalld#370).- Also switch firewall backend fallback to 'iptables' (bsc#1102761) This ensures that existing configuration files will keep working even if FirewallBackend option is missing. * 0001-firewall-backend-Switch-default-backend-to-iptables.patch- Update to 0.6.1. Some of the changes are: * Correct source/destination in rich rule masquerade * Only modify ifcfg files for permanent configuration changes * Fix a backtrace when calling common_reverse_rule() * man firewalld.conf: Show nftables is the default FirewallBackend * firewall-config: fix some untranslated strings that caused a UI bug causing rich rules to not be modify-able (bsc#1096542) * fw_direct: avoid log for untracked passthrough queries * fixed many issues if iptables is actually iptables-nft * Use preferred location for AppData files * ipXtables: fix ICMP block inversion with set-log-denied * fixes ICMP block inversion with set-log-denied with IndividualCalls=yes * nftables: fix set-log-denied if target is not ACCEPT * fw_direct: strip _direct chain suffix if using nftables * NetworkManager integration bugfixes.- Switch back to 'iptables' backend as default (bsc#1102761)- Update to 0.6.0. Some of the changes are: * update translations * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) * IPv6 rpfilter: explicitly allow neighbor solicitation * nftables backend (default) * Added loads of new services * firewall-cmd: add --check-config option * firewall-offline-cmd: add --check-config option * firewallctl: completely remove all code and references * dbus: expose FirewallBackend * dbus: fix erroneous fallback for AutomaticHelpers - Remove patches which have made it upstream * firewalld-add-additional-services.patch - spec-cleaner fixes- Update to 0.5.3 (bsc#1093120) * tests/regression: add test for ipset with timeout * ipset: allow adding entries to ipsets with timeout * translations: update * helpers: load helper module explicitly if no port given * helpers: nf_conntrack_proto-* helpers needs name cropped * config/Makefile: correct name of proto-gre helper * tests/regression: test helper nf_conntrack_proto_gre (#263) * functions: get_nf_nat_helpers() should look in other directories too * functions: Allow nf_conntrack_proto_* helpers * services: Add GRE * helpers: Add proto-gre * tests/regression: add test to verify ICMP block in forward chain * ipXtables: fix ICMP block not being present in FORWARD chain- Translations update (bsc#1081623).- Backport upstream patches to add additional services (bsc#1082033) * firewalld-add-additional-services.patch- Update to 0.5.2 * fix rule deduplication causing accidental removal of rules * log failure to parse direct rules xml as an error * firewall-config: Break infinite loop when firewalld is not running * fix set-log-denied not taking effect * po: update translations- Remove high-availability service. SUSE HA uses the cluster service provided by the yast2-cluster package (bsc#1078223)- Update to 0.5.1 * ipXtables: fix iptables-restore wait option detection * python3: use "foo in dict" not dict.has_key(foo) * Fix potential python3 keys() incompatibility in watcher * Fixed python3 compatibility * ebtables: fix missing default value to set_rule() * fw_zone: fix invalid reference to __icmp_block_inversion * zones: Correct and defer check_name for combined zones- Update to 0.5.0 * firewallctl: mark deprecated (gh#firewalld/firewalld##261) * Add nmea-0183 service * Add sycthing-gui service * Add syncthing service * Adding FirewallD jenkins service (gh#firewalld/firewalld#256) * services/high-availability: Add port 9929 * Fix and improve firewalld-sysctls.conf * firewalld: also reload dbus config interface for global options * Add MongoDB service definition * src: firewall: Add support for SUSE ifcfg scripts * Add UPnP client service * firewalld: Allow specifying log file location * firewalld/firewall-offline-cmd: Allow setting system config directories - Drop obsolete patch * 0001-suse-ifcfg-files.patch - Drop tests installation- Introduce new python3-firewall and firewall-macros subpackages. The first one contains the firewalld python3 bindings and the second one contains the RPM macros for firewalld.- Replace dbus-1-python requires with dbus-1-python3: since firewalld was migrated to python3, we also have to require the python3 dependencies (boo#1070310).- Add missing python3-gobject-Gdk dependency (boo#1069952)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Make sure to use python3 everywhere (boo#1068778)- Add combined upstream patch to support SUSE ifcfg network files. * 0001-suse-ifcfg-files.patch (gh#firewalld/firewalld#262, fate#323460)- Update to version 0.4.4.6 * firewall.core.fw_config: Fix check for icmp builtin name * config.services: docker-swarm: fix incorrect attribute * xmlschema/service.xsd: Fix protocol looking for name instead of value * Add docker swarm service (gh#firewalld/firewalld#230) * Adding FirewallD redis service (gh#firewalld/firewalld#248) * Adding firewalld zabbix server and agent services (gh#firewalld/firewalld#221) * firewall-offline-cmd: Don't require root for help output * doc: firewall-cmd: Document --query-* options return codes * firewall-cmd: Use colors only if output is a TTY * core: Log unsupported ICMP types as informational only * add bgp service to predefined services edit to config/Makefile.am * Add git service * Add kprop service * minidlna definitions (gh#firewalld/firewalld#236) * SpiderOak ONE listens on port 21327 and 21328 * autogen.sh: Allow skipping configure via NOCONFIGURE env var * Add missing ports to RH-Satellite-6 service * Reload nf_conntrack sysctls after the module is loaded * Add NFSv3 service. * config/Makefile.am: Add murmur service (a95eed1) * add new service IRC * firewall.core.prog: Simplify runProg output: Combine stderr and stdout * firewall.core.fw: Fix possible dict size change in for loop * firewall.core.fw: Use new firewalld git repo in firewalld organization * config/firewall-config.appdata.xml.in: Use new firewalld git repo in firewalld organization * firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting family * firewall.core.rich: Add checks for Rich_Source validation * Handle also IPv6 with the zone masquerade flag * Add IPv6 support for forward-ports in zones * firewall.command: Enable parse_forward_port to work with IPv6 adresses * firewall.core.fw_zone: Fix IPv6 address in rich rule forward ports * add Murmur (Mumble server) service - spec file fixes to avoid rpmlint warnings about duplicate files.- Switch to python3 - Run spec cleaner - Move autogen to build section - Add systemd requirements- Update to version 0.4.4.5 * firewall-offline-cmd: Fix --remove-service-from-zone option (rh#1438127) * Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules * firewall-cmd: Fix --{set,get}-{short,description} for zone * firewall.core.ipXtables: Use new wait option for restore commands if available * Adding ovirt-vmconsole service file * Adding oVirt storage-console service. * Adding ctdb service file. * Adding service file for nrpe. * Rename extension for policy choices (server and desktop) to .policy.choice (rh#1449754) * D-Bus interfaces: Fix GetAll for interfaces without properties (rh#1452017) * firewall.core.fw_config: Fix wrong variable use in repr output * firewall.core.fw_icmptype: Add missing import for copy * firewall.core.fw_test: Fix wrong format string in repr * firewall.core.io.zone: Fix getattr use on super(Zone) * firewall.functions: New function get_nf_nat_helpers * firewall.core.fw: Get NAT helpers and store them internally. * firewall.core.fw_zone: Load NAT helpers with conntrack helpers * firewalld.dbus: Add missing properties nf_conntrach_helper_setting and nf_conntrack_helpers * firewall.server.firewalld: New property for NAT helpers supported by the kernel- Update to version 0.4.4.4 * Drop references to fedorahosted.org from spec file and Makefile.am * firewall-config: Show invalid ipset type in the ipset dialog in the bad label * firewall.core.fw: Show icmptypes and ipsets with type errors in permanent env * firewall.server.firewalld: Provide information about the supported icmp types * firewall.core.fw_icmptype: Add ICMP type only if the type is supported * firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types * firewall.core.ipXtables: New method supported_icmp_types * firewall-config: Deactivate edit buttons if there are no items * firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594) * firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default * firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone transactions - Remove upstream patch: * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch- Update to version 0.4.4.3 * New service freeipa-trust (rh#1411650) * Complete icmp types for IPv4 and IPv6 * New h323 helper container * Support helper container: h323 * firewall.server.decorators: ALREADY_ errors should be logged as warnings * firewall.command: ALREADY_SET should also result in zero exit code * tests/firewall-offline-cmd_test.sh: Only use firewall-offline-cmd * Support more ipset types: hash:ip,port, hash:ip,port,ip, hash:ip,port,net, hash:ip,mark, hash:net,net, hash:net,port, hash:net,port,net, hash:net,iface * New checks for ipset entry validation * Use ipset dimension for match * firewall.core.base: New ZONE_SOURCE_IPSET_TYPES list * New firewall.core.icmp providing names and types for icmp and icmpv6 values * firewall.core.fw_ipset: New methods to get ipset dimension and applied state * firewall.errors: New error NOT_APPLIED * firewall-cmd man page: Add missing --get-ipset-types * firewall.core.fw_nm: No trace back on failed get_connection call (rh#1413345) * firewall.core.prog: Fix addition of the error output in runProg * Speed up ipset handling, (re)loading and import from file * Support --family option for --new-ipset * Handle FirewallError for query sequences in command line tools * Fail to alter entries of ipsets with timeout * Extended tests for ipset options * Return empty list for ipsets using timeouts * firewall.functions: Fix checks in checkIPnMask and checkIP6nMask (gh#t-woerner/firewalld#186) * firewalld.conf man page: New section about AutomaticHelpers * firewall-offline-cmd man page: Added -v and -q options, fixed section ids * firewall{-cmd, ctl}: Fix scope of final return in try_set_zone_of_interface * firewall.core.fw_zone: Limit masquerading forward rule to new connections * firewall-config: Update active zones on reloaded signal * firewall-applet: Update active zones and tooltip on reloaded signal * firewall.core.fw_zone: Fix missing chain for helper in rich rules using service (rh#1416578) * Support icmp-type usage in rich rules (rh#1409544) * firewall[-offline]-cmd: Fix --{set,get}-{short,description} for ipset and helper (rh#1416325) * firewall.core.ipset: Solve ipset creation issues with -exist and more flag tests * Speed up start and restart for ipsets with lots of entries (rh#1416817) * Speed up of ipset alteration by adding and removing entries using a file (rh#1416817) * Code cleanup and minor bug fixes * firewall.core.prog: Fix addition of the error output in runProg * New services mssql, kibana, elasticsearch, quassel, bitcoin-rpc, bitcoin-testnet-rpc, bitcoin-testnet, bitcoin and spideroak-lansync * Translation updates - Add upstream patch to fix ipset overloading from /etc/firewalld/ipsets (gh#t-woerner/firewalld#206) * 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch- Update to version 0.4.4.2 * firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem * firewall.core.fw_nm: create NMClient lazily * Do not use hard-coded path for modinfo, use autofoo to detect it * firewall.core.io.ifcfg: Dropped invalid option warning with bad format string * firewall.core.io.ifcfg: Properly handle quoted ifcfg values * firewall.core.fw_zone: Do not reset ZONE with ifdown * Updated translations from zanata * firewall-config: Extra grid at bottom to visualize firewalld settings- Update to version 0.4.4.1 * Translation updates form zanata * firewallctl: New support for helpers * firewallctl: Use sys.excepthook to force exception_handler usage always * firewall-config: Use proper source check in sourceDialog- Update to version 0.4.4 * firewall-applet: Use PyQt5 * firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property * New helpers Q.931 and RAS from nf_conntrack_h323 * firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table * firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table * New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp * firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones * firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences * Misc bug fixes. * For the complete list of changes please see: https://github.com/t-woerner/firewalld/releases/tag/v0.4.4- Relax permissions for default installation files. The files in /usr/lib/firewalld are the default ones as shipped by the package and there is nothing secret in them.- Update to version 0.4.3.3 * Fixes CVE-2016-5410 (bsc#992772) * Standard error is now used for errors and warnings * Several fixes for use in change roots * Systemd service file changes * Fixed translations in firewall-config * Command line clients * Fixes infinite event handling loop in firewall-{config,applet} (bsc#992082)- Update to version 0.4.3.2 * Fix regression with unavailable optional commands * All missing backend messages should be warnings * Individual calls for missing restore commands * Only one authenticate call for add and remove options and also sequences * New service RH-Satellite-6- Update to version 0.4.3.1 * firewall.command: Fix python3 DBusException message not interable error * src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing * firewallctl: Do not trace back on list command without further arguments * firewallctl (man1): Added remaining sections zone, service, .. * firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting * firewall.server.config: Allow to set IndividualCalls property in config interface * Fix missing icmp rules for some zones * runProg: Fix issue with running programs * firewall-offline-cmd: Fix issues with missing system-config-firewall * firewall.core.ipXtables: Split up source and dest addresses for transaction * firewall.server.config: Log error in case of loading malformed files in watcher * Install and package the firewallctl man page * Translation updates- Update to version 0.4.3 * New firewallctl utility (rh#1147959) * doc.xml.seealso: Show firewalld.dbus in See Also sections * firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (rh#1339251) * {zone,service,ipset,icmptype}_writer: Do not fail on failed backup * firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd * firewall-cmd: Dropped duplicate setType call in --new-ipset * radius service: Support also tcp ports (RBZ#1219717) * xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources * config.xmlschema.service.xsd: Fix service destination conflicts (rh#1296573) * firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg * firewall.command: Only print summary and description in print_X_info with verbose * firewall.command: print_msg should be able to print empty lines * firewall-config: No processing of runtime passthroughs signals in permanent * Landspace.io fixes and pylint calm downs * firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes * firewall-config: Fixed titles of command and context dialogs, also entry lenths * firewall-config: pylint calm downs * firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit * firewall-config: Use self.active_zoens in conf_zone_added_cb * firewall.command: New parse_port, extended parse methods with more checks * firewall.command: Fixed parse_port to use the separator in the split call * firewall.command: New [de]activate_exception_handler, raise error in parse_X * services ha: Allow corosync-qnetd port * firewall-applet: Support for kde5-nm-connection-editor * tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications * firewall-offline-cmd: Use FirewallCommand for simplification and sequence options * tests/firewall-cmd_test.sh: New tests for service and icmptype modifications * firewall-cmd: Fixed set, remove and query destination options for services * firewall.core.io.service: Source ports have not been checked in _check_config * firewall.core.fw_zone: Method check_source_port is not used, removed * firewall.core.base: Added default to ZONE_TARGETS * firewall.client: Allow to remove ipv:address pair for service destinations * tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent * firewall-cmd: Landscape.io fixes, pylint calm downs * firewall-cmd: Use FirewallCommand for simplification and sequence options * firewall.command: New FirewallCommand for command line client simplification * New services: kshell, rsh, ganglia-master, ganglia-client * firewalld: Cleanup of unused imports, do not translate some deamon messages * firewalld: With fd close interation in runProg, it is not needed here anymore * firewall.core.prog: Add fd close iteration to runProg * firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function * firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib * firewall-config: New add/remove ipset entries from file, remove all entries * firewall-applet: Fix tooltip after applet start with connection to firewalld * firewall-config: Select new zone, service or icmptype if the view was empty * firewalld.spec: Added build requires for iptables, ebtables and ipset * Adding nf_conntrack_sip module to the service SIP * firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist * Drop unneeded python shebangs * Translation updates - Remove obsolete patches: * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch - Add missing %{?_smp_mflags} during install. This will speed up the installation phase as well as expose build system's problems due to higher level of parallelism. - Run make during %build to ensure missing documentation is generated. - spec file cleanups.- Add upstream patch to prevent unconditional dependencies to the NetworkManager typelib (gh#t-woerner/firewalld#119) * 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch- Update to version 0.4.2 * New module to search for and change ifcfg files for interfaces not under control of NM * firewall_config: Enhanced messages in status bar * firewall-config: New message window as overlay if not connected * firewall-config: Fix sentivity of option, view menus and main paned if not connected * firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup * firewall-[offline]cmd: Show target in zone information * D-Bus: Completed masquerade methods in FirewallClientZoneSettings * Fixed log-denied rules for icmp-blocks * Keep sorting of interfaces, services, icmp-blocks and other settings in zones * Fixed runtime-to-permanent not to save interfaces under control of NM * New icmp-block-inversion flag in the zones * ICMP type filtering in the zones * New services: sip, sips, managesieve * rich rules: Allow destination action (rh#1163428) * firewall-offline-cmd: New option -q/--quiet * firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file * firewall-[offline-]cmd: Fix option for setting the destination address * firewall-config: Fixed resizing behaviour * New transaction model for speed ups in start, restart, stop and other actions * firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults * Fixed memory leak in dbus_introspection_add_properties * Landscape.io fixes, pylint calm downs * New D-Bus getXnames methods to speed up firewall-config and firewall-cmd * ebtables-restore: No support for COMMIT command * Source port support in services, zones and rich rules * firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets * firewall-config: New active bindings side bar for simple binding changes * Reworked NetworkManager module * Proper default zone handling for NM connections * Try to set zone binding with NM if interface is under control of NM * Code cleanup and bug fixes * Include test suite in the release and install in /usr/share/firewalld/tests * New Travis-CI configuration file * Fixed more broken frensh translations * Translation updates - Add upstream patches * 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes unneeded python shebangs * 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do not try to access the network-scripts ifcfg directory. - Drop rejected patch * drop-standard-output-error-systemd.patch - Minor spec file clean-up- Avoid runtime dependency on systemd, the macros can all deal with its absence.- Suggest the susefirewall2-to-firewalld package which could assist in migrating the SuSEFirewall2 iptables rules to FirewallD.- Update to version 0.4.1.2 * Install fw_nm module * firewalld: Do not fail if log file could not be opened * Make ipsets visible per default in firewall-config * Fixed translations with python3 [changes in 0.4.1.1] * Fix for broken frensh translation [changes in 0.4.1] * Enhancements of ipset handling * No cleanup of ipsets using timeouts while reloading * Only destroy conflicting ipsets * Only use ipset types supported by the system * Add and remove several ipset entries in one call using a file * Reduce time frame where builtin chains are on policy DROP while reloading * Include descriptions in --info-X calls * Command line interface support to get and alter descriptions of zones, * services, ipsets and icmptypes with permanent option * Properly watch changes in combined zones * Fix logging in rich rule forward rules * Transformed direct.passthrough errors into warnings * Rework of import structures * Reduced calls to get ids for port and protocol names (rh#1305434) * Build and installation fixes by Markos Chandras * Provide D-Bus properties in introspection data * Fix for flaws found by landscape.io * Fix for repeated SUGHUP * New NetworkManager module to get and set zones of connections, used in firewall-applet and firewall-config * configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset) * Code cleanups * Bug fixes - Fix drop-standard-output-error-systemd.patch tagging - Add libxslt-tools build dependency- Do not recommend a specific version for the lang subpackage- Move translations to a new subpackage- Set DISABLE_RESTART_ON_UPDATE to 'yes' instead of '1'. The macros in /etc/rpm/macros.systemd only check for the 'yes' value so fix it to properly prevent the firewalld service from being restarted during updates.- Drop typelib(NetworkManager), NetworkManager-glib, gtk3 and libnotify dependencies (see OBS SR#360792)- firewall-config needs typelib(NetworkManager) to run- Initial commit. Version 0.4.0 * drop-standard-output-error-systemd.patch (gh#t-woerner/firewalld/pull/67)/bin/sh/bin/sh/bin/sh/bin/shfirewalld-prometheus-configh01-ch4d 1733986462  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk2.0.1-150600.3.5.12.0.1-150600.3.5.10.20.2     firewalldfirewalld.confhelpersicmptypesipsetslockdown-whitelist.xmlpoliciesserviceszonesfirewalldmodprobe.dfirewalld-sysctls.conffirewall-cmdfirewall-offline-cmdfirewalldhelpersQ.931.xmlRAS.xmlamanda.xmlftp.xmlh323.xmlirc.xmlnetbios-ns.xmlpptp.xmlproto-gre.xmlsane.xmlsip.xmlsnmp.xmltftp.xmlicmptypesaddress-unreachable.xmlbad-header.xmlbeyond-scope.xmlcommunication-prohibited.xmldestination-unreachable.xmlecho-reply.xmlecho-request.xmlfailed-policy.xmlfragmentation-needed.xmlhost-precedence-violation.xmlhost-prohibited.xmlhost-redirect.xmlhost-unknown.xmlhost-unreachable.xmlip-header-bad.xmlneighbour-advertisement.xmlneighbour-solicitation.xmlnetwork-prohibited.xmlnetwork-redirect.xmlnetwork-unknown.xmlnetwork-unreachable.xmlno-route.xmlpacket-too-big.xmlparameter-problem.xmlport-unreachable.xmlprecedence-cutoff.xmlprotocol-unreachable.xmlredirect.xmlreject-route.xmlrequired-option-missing.xmlrouter-advertisement.xmlrouter-solicitation.xmlsource-quench.xmlsource-route-failed.xmltime-exceeded.xmltimestamp-reply.xmltimestamp-request.xmltos-host-redirect.xmltos-host-unreachable.xmltos-network-redirect.xmltos-network-unreachable.xmlttl-zero-during-reassembly.xmlttl-zero-during-transit.xmlunknown-header-type.xmlunknown-option.xmlipsetsREADME.mdpoliciesallow-host-ipv6.xmlservices0-AD.xmlRH-Satellite-6-capsule.xmlRH-Satellite-6.xmlafp.xmlamanda-client.xmlamanda-k5-client.xmlamqp.xmlamqps.xmlanno-1602.xmlanno-1800.xmlapcupsd.xmlaudit.xmlausweisapp2.xmlbacula-client.xmlbacula.xmlbareos-director.xmlbareos-filedaemon.xmlbareos-storage.xmlbb.xmlbgp.xmlbitcoin-rpc.xmlbitcoin-testnet-rpc.xmlbitcoin-testnet.xmlbitcoin.xmlbittorrent-lsd.xmlceph-exporter.xmlceph-mon.xmlceph.xmlcfengine.xmlcheckmk-agent.xmlcivilization-iv.xmlcivilization-v.xmlcockpit.xmlcollectd.xmlcondor-collector.xmlcratedb.xmlctdb.xmldds-multicast.xmldds-unicast.xmldds.xmldhcp.xmldhcpv6-client.xmldhcpv6.xmldistcc.xmldns-over-tls.xmldns.xmldocker-registry.xmldocker-swarm.xmldropbox-lansync.xmlelasticsearch.xmletcd-client.xmletcd-server.xmlfactorio.xmlfinger.xmlforeman-proxy.xmlforeman.xmlfreeipa-4.xmlfreeipa-ldap.xmlfreeipa-ldaps.xmlfreeipa-replication.xmlfreeipa-trust.xmlftp.xmlgalera.xmlganglia-client.xmlganglia-master.xmlgit.xmlgpsd.xmlgrafana.xmlgre.xmlhttp.xmlhttp3.xmlhttps.xmlident.xmlimap.xmlimaps.xmlipfs.xmlipp-client.xmlipp.xmlipsec.xmlirc.xmlircs.xmliscsi-target.xmlisns.xmljenkins.xmlkadmin.xmlkdeconnect.xmlkerberos.xmlkibana.xmlklogin.xmlkpasswd.xmlkprop.xmlkshell.xmlkube-api.xmlkube-apiserver.xmlkube-control-plane-secure.xmlkube-control-plane.xmlkube-controller-manager-secure.xmlkube-controller-manager.xmlkube-nodeport-services.xmlkube-scheduler-secure.xmlkube-scheduler.xmlkube-worker.xmlkubelet-readonly.xmlkubelet-worker.xmlkubelet.xmlldap.xmlldaps.xmllibvirt-tls.xmllibvirt.xmllightning-network.xmlllmnr-client.xmlllmnr-tcp.xmlllmnr-udp.xmlllmnr.xmlmanagesieve.xmlmatrix.xmlmdns.xmlmemcache.xmlminecraft.xmlminidlna.xmlmongodb.xmlmosh.xmlmountd.xmlmqtt-tls.xmlmqtt.xmlms-wbt.xmlmssql.xmlmurmur.xmlmysql.xmlnbd.xmlnebula.xmlneed-for-speed-most-wanted.xmlnetbios-ns.xmlnetdata-dashboard.xmlnfs.xmlnfs3.xmlnmea-0183.xmlnrpe.xmlntp.xmlnut.xmlopentelemetry.xmlopenvpn.xmlovirt-imageio.xmlovirt-storageconsole.xmlovirt-vmconsole.xmlplex.xmlpmcd.xmlpmproxy.xmlpmwebapi.xmlpmwebapis.xmlpop3.xmlpop3s.xmlpostgresql.xmlprivoxy.xmlprometheus-node-exporter.xmlprometheus.xmlproxy-dhcp.xmlps2link.xmlps3netsrv.xmlptp.xmlpulseaudio.xmlpuppetmaster.xmlquassel.xmlradius.xmlrdp.xmlredis-sentinel.xmlredis.xmlrpc-bind.xmlrquotad.xmlrsh.xmlrsyncd.xmlrtsp.xmlsalt-master.xmlsamba-client.xmlsamba-dc.xmlsamba.xmlsane.xmlsettlers-history-collection.xmlsip.xmlsips.xmlslp.xmlsmtp-submission.xmlsmtp.xmlsmtps.xmlsnmp.xmlsnmptls-trap.xmlsnmptls.xmlsnmptrap.xmlspideroak-lansync.xmlspotify-sync.xmlsquid.xmlssdp.xmlssh.xmlstatsrv.xmlsteam-streaming.xmlstellaris.xmlstronghold-crusader.xmlsupertuxkart.xmlsvdrp.xmlsvn.xmlsyncthing-gui.xmlsyncthing-relay.xmlsyncthing.xmlsynergy.xmlsyscomlan.xmlsyslog-tls.xmlsyslog.xmltelnet.xmltentacle.xmlterraria.xmltftp.xmltile38.xmltinc.xmltor-socks.xmltransmission-client.xmlupnp-client.xmlvdsm.xmlvnc-server.xmlwarpinator.xmlwbem-http.xmlwbem-https.xmlwireguard.xmlws-discovery-client.xmlws-discovery-tcp.xmlws-discovery-udp.xmlws-discovery.xmlwsman.xmlwsmans.xmlxdmcp.xmlxmpp-bosh.xmlxmpp-client.xmlxmpp-local.xmlxmpp-server.xmlzabbix-agent.xmlzabbix-java-gateway.xmlzabbix-server.xmlzabbix-trapper.xmlzabbix-web-service.xmlzero-k.xmlzerotier.xmlzonesblock.xmldmz.xmldocker.xmldrop.xmlexternal.xmlhome.xmlinternal.xmlpublic.xmltrusted.xmlwork.xmlfirewalld.servicefirewalldrcfirewallddbus-1system.dFirewallD.conffirewalldREADME.mdsysconfig.firewalldfirewalldCOPYINGfirewall-cmd.1.gzfirewall-offline-cmd.1.gzfirewalld.1.gzfirewalld.conf.5.gzfirewalld.dbus.5.gzfirewalld.direct.5.gzfirewalld.helper.5.gzfirewalld.icmptype.5.gzfirewalld.ipset.5.gzfirewalld.lockdown-whitelist.5.gzfirewalld.policies.5.gzfirewalld.policy.5.gzfirewalld.richlanguage.5.gzfirewalld.service.5.gzfirewalld.zone.5.gzfirewalld.zones.5.gzpolkit-1actionsorg.fedoraproject.FirewallD1.desktop.policy.choiceorg.fedoraproject.FirewallD1.policyorg.fedoraproject.FirewallD1.server.policy.choice/etc//etc/firewalld//etc/logrotate.d//lib//lib/modprobe.d//usr/bin//usr/lib//usr/lib/firewalld//usr/lib/firewalld/helpers//usr/lib/firewalld/icmptypes//usr/lib/firewalld/ipsets//usr/lib/firewalld/policies//usr/lib/firewalld/services//usr/lib/firewalld/zones//usr/lib/systemd/system//usr/sbin//usr/share//usr/share/dbus-1//usr/share/dbus-1/system.d//usr/share/doc/packages//usr/share/doc/packages/firewalld//usr/share/fillup-templates//usr/share/licenses//usr/share/licenses/firewalld//usr/share/man/man1//usr/share/man/man5//usr/share/polkit-1//usr/share/polkit-1/actions/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:36786/SUSE_SLE-15-SP6_Update/af6febc86ebc273375d98d104fe82837-firewalld.SUSE_SLE-15-SP6_Updatedrpmxz5noarch-suse-linuxdirectoryASCII textXML 1.0 document, ASCII textPython script, ASCII text executableXML 1.0 document, UTF-8 Unicode textXML 1.0 document, ASCII text, with very long linestroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)RRRRRl vWf@0O ͪD!bmjE>SEuϸ%q "2^j7H&LxV$t{h؉*]@*;ikgTeR`Uzz@2UQq7}p VbP^K6ĭ{fl蔚|r+, 4|`P=4 v~^D~J#<-g>IC-^`:wkDoo܋sM"1" mSlb2ܳ;*;BVp@ V4$F&*w#L8Yn&'T4?fԻs_r"7d3y BZ. S:1V(ŕw φ#4M:]9yqh3 ͺYu`D 4Q9f 04G[\BL kAz/UkV6RxYT(] #\Tb9m߻cމ`pW=Rq4&1 y7Sx2eyHy3L247塤bǝw[>&k-?#yY&+.IiQ=j%jfiަcGg4 vN@7c$ՑQ9M/,;`)/ $-v "BIIZe@L?R ЁK_:9}BeF We3"y('wOMVNkqWߓn5-y*qWÃYﮕVMjk\}@/FaK]'l”ݔMUC42D]KI;yN=71%'oͣ7X@ G-mNzW8V\-.fDhu~Yv~sg ?@h88ptrNm0Uw y,3u/>d*I]wp?g}ļhb7ެ:!AF"U45\2Ȭ2NL3csZ.P7q9 Um7~kya9դ-JJ^P$T@eAiy=):H %< @GH)6Qbp0 ` S@$>> Cّ|}%ZC#ji>11!np6lZ-nzFG~m*[(Í,z޶Mi&}MB=dže*(#.#ˠ/t+ eƭT߇ƮT]7kh1J=V0S_Nf'?H贆oPD {B DnmM\t;BF> pMjQ3\oAku3;aC3')8[ڿ^!hjc=.ˮ{;ȳWi2Hh4Lj ɷvK{a5,l9Ix{mD_<4謪9`Csˤ?TVMTNn{Afgf&e_N?ñZ#p.#J1YD\R#~~}U,nfMOs8} h+!j6J } V^$S]$S}Ϲ}6#C!:ֳޔ=H4z.%V+(=G)CgJ†`FD}v㚟5:+8Д^)m&r_%A<"!O@UIPl=ݵOA2E{I-/:O2Ϯ=~AVJD|#M]ggC̶MVۂC78GS 榁/`VBs"3n^> ,8OQ;Zk*4 0J j"N0/Q2y\Q RyfKlCzpK}ӿh$ Jj$8I7KP1JܮPOOI+,EǀuSI/Bi,%^QjB!pMoa5},#3ۊRQ #(m^jF'WBβ:˺^>danJ*SJwUI 7% (=O|M:g?O'>g8 x3"b} \NHSbW,Nj, =GCP-M$L^%AМSݤDE6'8~6gVE6usT pe+TEpHEJ"t.'гk nԟ*h [^eܸ{Y]}Π\T{SfHMSr^>{r2kE6>@nf|W\O#bWg,ʹ BTfR@ k:x%00*m'oe ,7Sv[^hc l ݎ}xc,;y-LAc#RAQ)e^gP;zlz\z~aHbܧP Tbp"sFds|Lޓ:YJrD}Kxa*nn%~4ox8N#S:\er$teR*NҼS, (u-]S#D8 S~p0r,mF&dX"mJqzLZ78 74NARŃ פ S 2e uF E[Thp=$̷Jrݶ՝2Agasa   zKU+#hxJkwU%,GGRν@/='`#726i܄Tl¹I,'~ۂhԄ2_NňDuȚ8QN=Pt| XG AM.)KWkBLePDI%w_wJ NL" Ea<:TW&'LT>j Fo{$aJ!Y.حP+%6LR=BȘREF;7⌜?Os& 6@6VIjnjv}uT?P$}DC GBzg*MIsAXwQ/u*NG >!KتN ?|񶪮@* Bl=ArjnAJZ{_ YZ