This is a bug fix only release.
- nftables: fix log-denied with values other than "all" or "off"
- fw_ipset: raise FirewallError if backend command fails
- ipset: only use "-exist" on restore
- fw_ipset: fix duplicate add of ipset entries
- *tables: For opened ports/protocols/etc match ct state new,untracked
- nftables: fix rich rules ports/protocols/source ports not considering ct state
- ports: allow querying a single port added by range
- fw_zone: fix services with multiple destination IP versions
- fw_zone: consider destination for protocols
- firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False
- nftables: fix rich rule audit log
- fw: if failure occurs during startup set state to FAILED
- services/high-availability: open all 8 ports used knetd/corosync