Major version bump
This release is also a major version bump. It includes breaking and behavioral changes. Please read the blog post.
This is also a feature release. It includes all bug fixes since v0.9.0.
Highlights include:
- Reduced dependencies
- Intra-zone forwarding by default
- NAT rules moved to inet family (reduced rule set)
- Default target is now similar to reject
- ICMP blocks and block inversion only apply to input, not forward
- tftp-client service has been removed
- iptables backend is deprecated
- Direct interface is deprecated
- CleanupModulesOnExit defaults to no (kernel modules not unloaded)
New features
$ git shortlog --grep "^feat.*:" v0.9.0..v1.0.0
Derek Dai (1):
- feat(rich): support using ipset in destination
Eric Garver (2):
- feat: add netbios-ns service
- feat(firewalld): drop linux capabilities
Georg Sauthoff (1):
- feat(service): Add WireGuard service definition
Pat Riehecky (1):
- feat(service): Add Kubernetes definitions
Paul Laufer (1):
- feat(config): add CleanupModulesOnExit configuration option
Vrinda Punj (3):
- feat(rich): add XML parsing/CLI parsing for tcp-mss-clamp
- feat(rich): add backend translation for tcp-mss-clamp
- feat(service): add galera service
张龙涛 (2):
- feat(shell-completion): Add zsh completion of policy
- feat(shell-completion/zsh): add sub option for --policy
Breaking changes
$ git shortlog --grep "BREAKING CHANGE" v0.9.0..v1.0.0
Eric Garver (9):
- build(configure): require python >= 3.6
- chore(zone): enable intra-zone forwarding by default for new zones
- chore(zone): enable intra-zone forwarding by default for shipped zones
- docs(README): clarify dependencies
- improvement(nftables): use inet family for nat rules
- fix(zone): target: default is now similar to reject
- improvement(zone): icmp_block: now only applies to INPUT
- improvement(zone): icmp_block_inversion: now only applies to INPUT
- chore: remove broken tftp-client service