proxmox-firewall (0.5.0) bookworm; urgency=medium

  * rules: allow vital ICMP(v6) types irregardless of any other rules, which
    is particularly for ICMPv6 related ones. This follows RFC 4890.

  * service: flush firewall rules on force disable to avoid a race condition
    where the nftables rule-set never gets flushed and persists after
    disabling.

  * update to newer proxmox-sys and proxmox-schema dependencies

  * conntrack: arp: move handling to guest chains in order to avoid affecting
    bridged host interfaces.

  * guest: match arp packets via 'meta' filter type to ensure that valid ARP
    packets encapsulated in VLAN frames get through, as with the 'ether' type
    ARP traffic inside VLANs always gets dropped.

 -- Proxmox Support Team <support@proxmox.com>  Mon, 22 Jul 2024 18:05:36 +0200

proxmox-firewall (0.4.2) bookworm; urgency=medium

  * rules: use proper ICMPv6 admin-prohibited type for rejecting IPv6 traffic,
    host-prohibited only exist for IPv4

  * guest out: fix handling ARP traffic with a default block/reject policy

  * guest out: fix handling connection tracking with a default block/reject
    policy

 -- Proxmox Support Team <support@proxmox.com>  Tue, 21 May 2024 15:43:51 +0200

proxmox-firewall (0.4.1) bookworm; urgency=medium

  * check for file flag in /run signaling that this service is disabled and
    skip config parsing completely in that case to avoid logging errors even
    if the user cannot be affected by them

 -- Proxmox Support Team <support@proxmox.com>  Fri, 26 Apr 2024 17:22:01 +0200

proxmox-firewall (0.4.0) bookworm; urgency=medium

  * config: macros: add SPICE-proxy macro

  * config: nftables: add support for icmp-type any

  * firewall: improve error handling of daemon

 -- Proxmox Support Team <support@proxmox.com>  Thu, 25 Apr 2024 19:29:47 +0200

proxmox-firewall (0.3.1) bookworm; urgency=medium

  * fix #5410: config: fix naming scheme for aliases in firewall config, allow
    underscores as long as it's not the first character.

 -- Proxmox Support Team <support@proxmox.com>  Wed, 24 Apr 2024 19:40:16 +0200

proxmox-firewall (0.3.0) bookworm; urgency=medium

  * firewall: improve handling REJECT rules

 -- Proxmox Support Team <support@proxmox.com>  Tue, 23 Apr 2024 18:33:38 +0200

proxmox-firewall (0.2.1) bookworm; urgency=medium

  * firewall: properly cleanup tables when firewall is inactive

 -- Proxmox Support Team <support@proxmox.com>  Tue, 23 Apr 2024 13:20:12 +0200

proxmox-firewall (0.2.0) bookworm; urgency=medium

  * firewall: wait for nft process to avoid left-over zombie processes

  * firewall: change systemd unit file to type simple and drop PID file, not
    relevant here

 -- Proxmox Support Team <support@proxmox.com>  Fri, 19 Apr 2024 19:42:26 +0200

proxmox-firewall (0.1.0) bookworm; urgency=medium

  * Initial release.

 -- Proxmox Support Team <support@proxmox.com>  Thu, 18 Apr 2024 21:07:32 +0200
