From 136e2c2a586818c55b5d6e658f3c7aba5444a195 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 31 2020 09:39:15 +0000 Subject: import firewalld-0.6.3-8.el7 --- diff --git a/SOURCES/0024-fix-rich-rule-forward-port-deletion-after-reload.patch b/SOURCES/0024-fix-rich-rule-forward-port-deletion-after-reload.patch new file mode 100644 index 0000000..c79a1c8 --- /dev/null +++ b/SOURCES/0024-fix-rich-rule-forward-port-deletion-after-reload.patch @@ -0,0 +1,126 @@ +From 582db194cc697f79a17ac543076dd4bbe1216db6 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 11 Apr 2019 11:14:40 -0400 +Subject: [PATCH 24/73] fix: rich rule forward-port deletion after reload + +Simplify mark allocation for rich rules and make sure we use the mark in +apply_zone_settings(). + +Fixes: #482 +Fixes: rhbz 1637675 +(cherry picked from commit 362ebff8016116f831b83d3c9ee65858055b2c91) +(cherry picked from commit ab365b6a49a6f78b1c8394fca20b69623f9b9061) +--- + src/firewall/core/fw_zone.py | 40 +++++++++++++++++++----------------- + 1 file changed, 21 insertions(+), 19 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index d5eafb863439..d98ff2259087 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -323,8 +323,12 @@ class FirewallZone(object): + elif key == "masquerade": + self._masquerade(enable, _zone, zone_transaction) + elif key == "rules": ++ if "mark" in obj.settings["rules"][args]: ++ mark = obj.settings["rules"][args]["mark"] ++ else: ++ mark = None + self.__rule(enable, _zone, +- Rich_Rule(rule_str=args), None, ++ Rich_Rule(rule_str=args), mark, + zone_transaction) + elif key == "interfaces": + self._interface(enable, _zone, args, zone_transaction) +@@ -672,8 +676,7 @@ class FirewallZone(object): + return None + + def __rule(self, enable, zone, rule, mark_id, zone_transaction): +- return self._rule_prepare(enable, zone, rule, mark_id, +- zone_transaction) ++ self._rule_prepare(enable, zone, rule, mark_id, zone_transaction) + + def add_rule(self, zone, rule, timeout=0, sender=None, + use_zone_transaction=None): +@@ -692,13 +695,16 @@ class FirewallZone(object): + else: + zone_transaction = use_zone_transaction + +- if _obj.applied: +- mark = self.__rule(True, _zone, rule, None, zone_transaction) ++ if type(rule.element) == Rich_ForwardPort: ++ mark = self._fw.new_mark() + else: + mark = None + ++ if _obj.applied: ++ self.__rule(True, _zone, rule, mark, zone_transaction) ++ + self.__register_rule(_obj, rule_id, mark, timeout, sender) +- zone_transaction.add_fail(self.__unregister_rule, _obj, rule_id) ++ zone_transaction.add_fail(self.__unregister_rule, _obj, rule_id, mark) + + if use_zone_transaction is None: + zone_transaction.execute(True) +@@ -720,28 +726,31 @@ class FirewallZone(object): + raise FirewallError(errors.NOT_ENABLED, + "'%s' not in '%s'" % (rule, _zone)) + ++ if "mark" in _obj.settings["rules"][rule_id]: ++ mark = _obj.settings["rules"][rule_id]["mark"] ++ else: ++ mark = None ++ + if use_zone_transaction is None: + zone_transaction = self.new_zone_transaction(_zone) + else: + zone_transaction = use_zone_transaction + +- if "mark" in _obj.settings["rules"][rule_id]: +- mark = _obj.settings["rules"][rule_id]["mark"] +- else: +- mark = None + if _obj.applied: + self.__rule(False, _zone, rule, mark, zone_transaction) + +- zone_transaction.add_post(self.__unregister_rule, _obj, rule_id) ++ zone_transaction.add_post(self.__unregister_rule, _obj, rule_id, mark) + + if use_zone_transaction is None: + zone_transaction.execute(True) + + return _zone + +- def __unregister_rule(self, _obj, rule_id): ++ def __unregister_rule(self, _obj, rule_id, mark=None): + if rule_id in _obj.settings["rules"]: + del _obj.settings["rules"][rule_id] ++ if mark: ++ self._fw.del_mark(mark) + + def query_rule(self, zone, rule): + return self.__rule_id(rule) in self.get_settings(zone)["rules"] +@@ -1705,9 +1714,6 @@ class FirewallZone(object): + if toaddr and enable: + zone_transaction.add_post(enable_ip_forwarding, ipv) + +- if enable: +- mark_id = self._fw.new_mark() +- + filter_chain = "INPUT" if not toaddr else "FORWARD_IN" + + if enable: +@@ -1720,10 +1726,6 @@ class FirewallZone(object): + toaddr, mark_id, rule) + zone_transaction.add_rules(backend, rules) + +- if not enable: +- zone_transaction.add_post(self._fw.del_mark, mark_id) +- mark_id = None +- + # SOURCE PORT + elif type(rule.element) == Rich_SourcePort: + port = rule.element.port +-- +2.20.1 + diff --git a/SOURCES/0025-test-add-coverage-for-gh-482.patch b/SOURCES/0025-test-add-coverage-for-gh-482.patch new file mode 100644 index 0000000..3ab4fa3 --- /dev/null +++ b/SOURCES/0025-test-add-coverage-for-gh-482.patch @@ -0,0 +1,48 @@ +From 835074b5a7a111b3a463f8072edc87b2a8476115 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 11 Apr 2019 10:26:00 -0400 +Subject: [PATCH 25/73] test: add coverage for gh #482 + +(cherry picked from commit 4116829da43082470fc8a5e204a0de71920cfc06) +(cherry picked from commit b5a652ff602e5643fed57cc562ba711af26803a2) +--- + src/tests/regression.at | 1 + + src/tests/regression/gh482.at | 17 +++++++++++++++++ + 2 files changed, 18 insertions(+) + create mode 100644 src/tests/regression/gh482.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 36e10eeb52d5..b6954f2c0fce 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -16,3 +16,4 @@ m4_include([regression/gh366.at]) + m4_include([regression/rhbz1601610.at]) + m4_include([regression/gh303.at]) + m4_include([regression/gh335.at]) ++m4_include([regression/gh482.at]) +diff --git a/src/tests/regression/gh482.at b/src/tests/regression/gh482.at +new file mode 100644 +index 000000000000..b75fa4f8df06 +--- /dev/null ++++ b/src/tests/regression/gh482.at +@@ -0,0 +1,17 @@ ++FWD_START_TEST([remove forward-port after reload]) ++AT_KEYWORDS(gh482 rhbz1637675) ++ ++FWD_CHECK([-q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) ++FWD_CHECK([-q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) ++ ++FWD_CHECK([-q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) ++FWD_RELOAD ++FWD_CHECK([-q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) ++FWD_CHECK([-q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) ++ ++FWD_CHECK([-q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321]) ++FWD_RELOAD ++FWD_CHECK([-q --remove-forward-port=port=1234:proto=tcp:toport=4321]) ++FWD_CHECK([-q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0026-rich-rules-fix-Rich_Mark-logic.patch b/SOURCES/0026-rich-rules-fix-Rich_Mark-logic.patch new file mode 100644 index 0000000..3511b29 --- /dev/null +++ b/SOURCES/0026-rich-rules-fix-Rich_Mark-logic.patch @@ -0,0 +1,49 @@ +From 845b0d5875fc1561ea291feb38a4247523066b31 Mon Sep 17 00:00:00 2001 +From: Felix Kaechele +Date: Sat, 23 Mar 2019 13:30:47 -0400 +Subject: [PATCH 26/73] rich rules: fix Rich_Mark logic + +We are looking to compare the type, not the object. +Without this fix ipXtables will only mark the very first packet of a connection. + +Signed-off-by: Felix Kaechele +(cherry picked from commit 12e281ae870d278f2260adfe6b9f6a5f7b059b87) +(cherry picked from commit 0900bec8c1bcbe9dee444c7466b30686679c3bf1) +--- + src/firewall/core/ipXtables.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py +index 4f04ac41f6a0..c21dc47457b3 100644 +--- a/src/firewall/core/ipXtables.py ++++ b/src/firewall/core/ipXtables.py +@@ -870,7 +870,7 @@ class ip4tables(object): + if rich_rule: + rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) + rule_fragment += self._rich_rule_source_fragment(rich_rule.source) +- if not rich_rule or rich_rule.action != Rich_Mark: ++ if not rich_rule or type(rich_rule.action) != Rich_Mark: + rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] + + rules = [] +@@ -895,7 +895,7 @@ class ip4tables(object): + if rich_rule: + rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) + rule_fragment += self._rich_rule_source_fragment(rich_rule.source) +- if not rich_rule or rich_rule.action != Rich_Mark: ++ if not rich_rule or type(rich_rule.action) != Rich_Mark: + rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] + + rules = [] +@@ -923,7 +923,7 @@ class ip4tables(object): + if rich_rule: + rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) + rule_fragment += self._rich_rule_source_fragment(rich_rule.source) +- if not rich_rule or rich_rule.action != Rich_Mark: ++ if not rich_rule or type(rich_rule.action) != Rich_Mark: + rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] + + rules = [] +-- +2.20.1 + diff --git a/SOURCES/0027-fix-nftables-rich-rule-mark-not-marking-every-packet.patch b/SOURCES/0027-fix-nftables-rich-rule-mark-not-marking-every-packet.patch new file mode 100644 index 0000000..d948817 --- /dev/null +++ b/SOURCES/0027-fix-nftables-rich-rule-mark-not-marking-every-packet.patch @@ -0,0 +1,51 @@ +From b1590ac89253781d127ad40baa1abb8de7731cc9 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 16 Apr 2019 10:53:48 -0400 +Subject: [PATCH 27/73] fix: nftables rich rule mark not marking every packet + +Similar to the fix for #478, nftables needs to mark every packet, not +just the first one that begins a new connection. + +(cherry picked from commit 9d98c11732bcbee4a74bd883cd9b6e7defb3b401) +(cherry picked from commit 7538a479e100d14d248a64c8a23d81ccc9723b9e) +--- + src/firewall/core/nftables.py | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index 50303e94ed7b..02e2ca008157 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -798,7 +798,8 @@ class nftables(object): + rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) + rule_fragment += self._rich_rule_source_fragment(rich_rule.source) + rule_fragment += [proto, "dport", "%s" % portStr(port, "-")] +- rule_fragment += ["ct", "state", "new,untracked"] ++ if not rich_rule or type(rich_rule.action) != Rich_Mark: ++ rule_fragment += ["ct", "state", "new,untracked"] + + rules = [] + if rich_rule: +@@ -831,7 +832,8 @@ class nftables(object): + rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) + rule_fragment += self._rich_rule_source_fragment(rich_rule.source) + rule_fragment = ["meta", "l4proto", protocol] +- rule_fragment += ["ct", "state", "new,untracked"] ++ if not rich_rule or type(rich_rule.action) != Rich_Mark: ++ rule_fragment += ["ct", "state", "new,untracked"] + + rules = [] + if rich_rule: +@@ -864,7 +866,8 @@ class nftables(object): + rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) + rule_fragment += self._rich_rule_source_fragment(rich_rule.source) + rule_fragment += [proto, "sport", "%s" % portStr(port, "-")] +- rule_fragment += ["ct", "state", "new,untracked"] ++ if not rich_rule or type(rich_rule.action) != Rich_Mark: ++ rule_fragment += ["ct", "state", "new,untracked"] + + rules = [] + if rich_rule: +-- +2.20.1 + diff --git a/SOURCES/0028-test-add-tests-for-rich-rule-mark-action.patch b/SOURCES/0028-test-add-tests-for-rich-rule-mark-action.patch new file mode 100644 index 0000000..c56295a --- /dev/null +++ b/SOURCES/0028-test-add-tests-for-rich-rule-mark-action.patch @@ -0,0 +1,63 @@ +From b705a39b0a37b9b855b1ded6b4a2d4a919d293e3 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 16 Apr 2019 10:44:32 -0400 +Subject: [PATCH 28/73] test: add tests for rich rule mark action + +Coverage for gh478. + +(cherry picked from commit 5840e1eea18a7a0070488491791a601905b90059) +(cherry picked from commit d4c829bc667547e9ff2669b26164da9636b8b0ce) +--- + src/tests/regression.at | 1 + + src/tests/regression/gh478.at | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + create mode 100644 src/tests/regression/gh478.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index b6954f2c0fce..ab11a013897c 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -17,3 +17,4 @@ m4_include([regression/rhbz1601610.at]) + m4_include([regression/gh303.at]) + m4_include([regression/gh335.at]) + m4_include([regression/gh482.at]) ++m4_include([regression/gh478.at]) +diff --git a/src/tests/regression/gh478.at b/src/tests/regression/gh478.at +new file mode 100644 +index 000000000000..5d5966513753 +--- /dev/null ++++ b/src/tests/regression/gh478.at +@@ -0,0 +1,30 @@ ++FWD_START_TEST([rich rule marks every packet]) ++AT_KEYWORDS(rich mark gh478) ++ ++FWD_CHECK([-q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10']) ++FWD_CHECK([-q --add-rich-rule='rule protocol value=icmp mark set=11']) ++FWD_CHECK([-q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12']) ++ ++m4_if(nftables, FIREWALL_BACKEND, [ ++ NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl ++ table inet firewalld { ++ chain mangle_PRE_public_allow { ++ tcp dport 1234 mark set 0x0000000a ++ meta l4proto icmp mark set 0x0000000b ++ tcp sport 4321 mark set 0x0000000c ++ } ++ } ++ ])], [ ++ IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ++ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa ++ MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb ++ MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc ++ ]) ++ IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ++ MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa ++ MARK icmp ::/0 ::/0 MARK set 0xb ++ MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc ++ ]) ++]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0029-fix-ipXtables-don-t-use-tables-that-aren-t-available.patch b/SOURCES/0029-fix-ipXtables-don-t-use-tables-that-aren-t-available.patch new file mode 100644 index 0000000..74e102b --- /dev/null +++ b/SOURCES/0029-fix-ipXtables-don-t-use-tables-that-aren-t-available.patch @@ -0,0 +1,159 @@ +From 7eff52fa9a7fe21549486e4c92869303f2dc9759 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 17 Apr 2019 15:57:22 -0400 +Subject: [PATCH 29/73] fix: ipXtables: don't use tables that aren't available + +At least for the default ruleset we can avoid failure if some of these +tables are missing. But features that use those missing tables will +still fail if the user attempts to use those features. + +Here is a probably incomplete mapping of tables -> features: + + raw: helpers, IPv6_rpfilter + mangle: rich rule mark action + nat: masquerade, forward ports + security: none + +Of course, direct rules apply to all tables. It is fatal if the "filter" +table is not available. + +Fixes: #411 +Fixes: #484 +(cherry picked from commit c46b0892e1e4a540c959b4c1f6ea87de50d1bcf8) +(cherry picked from commit 1dfbd1b2ba848e281876f7e40b47b8bc18a6d305) +--- + src/firewall/core/ipXtables.py | 104 ++++++++++++++++++--------------- + 1 file changed, 56 insertions(+), 48 deletions(-) + +diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py +index c21dc47457b3..4a9c06242f08 100644 +--- a/src/firewall/core/ipXtables.py ++++ b/src/firewall/core/ipXtables.py +@@ -449,6 +449,8 @@ class ip4tables(object): + def build_flush_rules(self): + rules = [] + for table in BUILT_IN_CHAINS.keys(): ++ if not self.get_available_tables(table): ++ continue + # Flush firewall rules: -F + # Delete firewall chains: -X + # Set counter to zero: -Z +@@ -459,6 +461,8 @@ class ip4tables(object): + def build_set_policy_rules(self, policy): + rules = [] + for table in BUILT_IN_CHAINS.keys(): ++ if not self.get_available_tables(table): ++ continue + if table == "nat": + continue + for chain in BUILT_IN_CHAINS[table]: +@@ -505,54 +509,58 @@ class ip4tables(object): + def build_default_rules(self, log_denied="off"): + default_rules = {} + +- default_rules["security"] = [ ] +- self.our_chains["security"] = set() +- for chain in BUILT_IN_CHAINS["security"]: +- default_rules["security"].append("-N %s_direct" % chain) +- default_rules["security"].append("-A %s -j %s_direct" % (chain, chain)) +- self.our_chains["security"].add("%s_direct" % chain) +- +- default_rules["raw"] = [ ] +- self.our_chains["raw"] = set() +- for chain in BUILT_IN_CHAINS["raw"]: +- default_rules["raw"].append("-N %s_direct" % chain) +- default_rules["raw"].append("-A %s -j %s_direct" % (chain, chain)) +- self.our_chains["raw"].add("%s_direct" % chain) +- +- if chain == "PREROUTING": +- default_rules["raw"].append("-N %s_ZONES_SOURCE" % chain) +- default_rules["raw"].append("-N %s_ZONES" % chain) +- default_rules["raw"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) +- default_rules["raw"].append("-A %s -j %s_ZONES" % (chain, chain)) +- self.our_chains["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) +- +- default_rules["mangle"] = [ ] +- self.our_chains["mangle"] = set() +- for chain in BUILT_IN_CHAINS["mangle"]: +- default_rules["mangle"].append("-N %s_direct" % chain) +- default_rules["mangle"].append("-A %s -j %s_direct" % (chain, chain)) +- self.our_chains["mangle"].add("%s_direct" % chain) +- +- if chain == "PREROUTING": +- default_rules["mangle"].append("-N %s_ZONES_SOURCE" % chain) +- default_rules["mangle"].append("-N %s_ZONES" % chain) +- default_rules["mangle"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) +- default_rules["mangle"].append("-A %s -j %s_ZONES" % (chain, chain)) +- self.our_chains["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) +- +- default_rules["nat"] = [ ] +- self.our_chains["nat"] = set() +- for chain in BUILT_IN_CHAINS["nat"]: +- default_rules["nat"].append("-N %s_direct" % chain) +- default_rules["nat"].append("-A %s -j %s_direct" % (chain, chain)) +- self.our_chains["nat"].add("%s_direct" % chain) +- +- if chain in [ "PREROUTING", "POSTROUTING" ]: +- default_rules["nat"].append("-N %s_ZONES_SOURCE" % chain) +- default_rules["nat"].append("-N %s_ZONES" % chain) +- default_rules["nat"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) +- default_rules["nat"].append("-A %s -j %s_ZONES" % (chain, chain)) +- self.our_chains["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ if self.get_available_tables("security"): ++ default_rules["security"] = [ ] ++ self.our_chains["security"] = set() ++ for chain in BUILT_IN_CHAINS["security"]: ++ default_rules["security"].append("-N %s_direct" % chain) ++ default_rules["security"].append("-A %s -j %s_direct" % (chain, chain)) ++ self.our_chains["security"].add("%s_direct" % chain) ++ ++ if self.get_available_tables("raw"): ++ default_rules["raw"] = [ ] ++ self.our_chains["raw"] = set() ++ for chain in BUILT_IN_CHAINS["raw"]: ++ default_rules["raw"].append("-N %s_direct" % chain) ++ default_rules["raw"].append("-A %s -j %s_direct" % (chain, chain)) ++ self.our_chains["raw"].add("%s_direct" % chain) ++ ++ if chain == "PREROUTING": ++ default_rules["raw"].append("-N %s_ZONES_SOURCE" % chain) ++ default_rules["raw"].append("-N %s_ZONES" % chain) ++ default_rules["raw"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) ++ default_rules["raw"].append("-A %s -j %s_ZONES" % (chain, chain)) ++ self.our_chains["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ ++ if self.get_available_tables("mangle"): ++ default_rules["mangle"] = [ ] ++ self.our_chains["mangle"] = set() ++ for chain in BUILT_IN_CHAINS["mangle"]: ++ default_rules["mangle"].append("-N %s_direct" % chain) ++ default_rules["mangle"].append("-A %s -j %s_direct" % (chain, chain)) ++ self.our_chains["mangle"].add("%s_direct" % chain) ++ ++ if chain == "PREROUTING": ++ default_rules["mangle"].append("-N %s_ZONES_SOURCE" % chain) ++ default_rules["mangle"].append("-N %s_ZONES" % chain) ++ default_rules["mangle"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) ++ default_rules["mangle"].append("-A %s -j %s_ZONES" % (chain, chain)) ++ self.our_chains["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ ++ if self.get_available_tables("nat"): ++ default_rules["nat"] = [ ] ++ self.our_chains["nat"] = set() ++ for chain in BUILT_IN_CHAINS["nat"]: ++ default_rules["nat"].append("-N %s_direct" % chain) ++ default_rules["nat"].append("-A %s -j %s_direct" % (chain, chain)) ++ self.our_chains["nat"].add("%s_direct" % chain) ++ ++ if chain in [ "PREROUTING", "POSTROUTING" ]: ++ default_rules["nat"].append("-N %s_ZONES_SOURCE" % chain) ++ default_rules["nat"].append("-N %s_ZONES" % chain) ++ default_rules["nat"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) ++ default_rules["nat"].append("-A %s -j %s_ZONES" % (chain, chain)) ++ self.our_chains["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) + + default_rules["filter"] = [ + "-N INPUT_direct", +-- +2.20.1 + diff --git a/SOURCES/0030-fix-nftables-make-helpers-work-by-creating-ct-helper.patch b/SOURCES/0030-fix-nftables-make-helpers-work-by-creating-ct-helper.patch new file mode 100644 index 0000000..36e0809 --- /dev/null +++ b/SOURCES/0030-fix-nftables-make-helpers-work-by-creating-ct-helper.patch @@ -0,0 +1,55 @@ +From 4653a1784d853eb34cd69371c28adae5b9666aa0 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 17 Apr 2019 16:57:03 -0400 +Subject: [PATCH 30/73] fix: nftables: make helpers work by creating ct helper + objects + +nftables needs to create "ct helper objects" in order for rules to +successfully set the ct helper. + +Fixes: #453 +Fixes: b630abd8e901 ("backend: introduce nftables support") +(cherry picked from commit 9e2d1ed0c3b23a3ca4b46dad25fd57d64f4ce53e) +(cherry picked from commit f110eed882fa387342dd64f28497b8b721b692aa) +--- + src/firewall/core/nftables.py | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index 02e2ca008157..bf41ed98a542 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -884,20 +884,25 @@ class nftables(object): + def build_zone_helper_ports_rules(self, enable, zone, proto, port, + destination, helper_name): + add_del = { True: "add", False: "delete" }[enable] +- target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], ++ target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], + zone=zone) + rule = [add_del, "rule", "inet", "%s" % TABLE_NAME, +- "raw_%s_allow" % (target), proto] ++ "filter_%s_allow" % (target)] + if destination: + if check_address("ipv4", destination): + rule += ["ip"] + else: + rule += ["ip6"] + rule += ["daddr", destination] +- rule += ["dport", "%s" % portStr(port, "-")] +- rule += ["ct", "helper", helper_name] ++ rule += [proto, "dport", "%s" % portStr(port, "-")] ++ rule += ["ct", "helper", "set", "\"helper-%s-%s\"" % (helper_name, proto)] + +- return [rule] ++ helper_object = ["ct", "helper", "inet", TABLE_NAME, ++ "helper-%s-%s" % (helper_name, proto), ++ "{", "type", "\"%s\"" % (helper_name), "protocol", ++ proto, ";", "}"] ++ ++ return [helper_object, rule] + + def _build_zone_masquerade_nat_rules(self, enable, zone, family, rich_rule=None): + add_del = { True: "add", False: "delete" }[enable] +-- +2.20.1 + diff --git a/SOURCES/0031-test-add-test-to-check-for-nftables-helper-objects.patch b/SOURCES/0031-test-add-test-to-check-for-nftables-helper-objects.patch new file mode 100644 index 0000000..4ced8a6 --- /dev/null +++ b/SOURCES/0031-test-add-test-to-check-for-nftables-helper-objects.patch @@ -0,0 +1,85 @@ +From 0d4399979436388b16b8a4c94967b25e6b0d6250 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 17 Apr 2019 17:06:11 -0400 +Subject: [PATCH 31/73] test: add test to check for nftables helper objects + +Coverage for gh #453. + +(cherry picked from commit a8930f0b694c871d9f0f7cdef0696afd81327817) +(cherry picked from commit 34c16a09e0678c1b79dbe897b1c4dfe75a27c308) +--- + src/tests/regression.at | 1 + + src/tests/regression/gh453.at | 52 +++++++++++++++++++++++++++++++++++ + 2 files changed, 53 insertions(+) + create mode 100644 src/tests/regression/gh453.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index ab11a013897c..8bcb576238e6 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -18,3 +18,4 @@ m4_include([regression/gh303.at]) + m4_include([regression/gh335.at]) + m4_include([regression/gh482.at]) + m4_include([regression/gh478.at]) ++m4_include([regression/gh453.at]) +diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at +new file mode 100644 +index 000000000000..44bf98cbda96 +--- /dev/null ++++ b/src/tests/regression/gh453.at +@@ -0,0 +1,52 @@ ++m4_if(nftables, FIREWALL_BACKEND, [ ++FWD_START_TEST([nftables helper objects]) ++AT_KEYWORDS(helper gh453) ++ ++FWD_CHECK([-q --add-service=ftp]) ++NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl ++ ct helper helper-ftp-tcp { ++ type "ftp" protocol tcp ++ l3proto inet ++ } ++])]) ++NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl ++ table inet firewalld { ++ chain filter_IN_public_allow { ++ tcp dport 22 ct state new,untracked accept ++ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 21 ct helper set "helper-ftp-tcp" ++ tcp dport 21 ct state new,untracked accept ++ } ++ } ++]) ++ ++FWD_CHECK([-q --add-service=sip]) ++NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-tcp"], 0, [m4_strip([dnl ++ ct helper helper-sip-tcp { ++ type "sip" protocol tcp ++ l3proto inet ++ } ++])]) ++NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-udp"], 0, [m4_strip([dnl ++ ct helper helper-sip-udp { ++ type "sip" protocol udp ++ l3proto inet ++ } ++])]) ++NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl ++ table inet firewalld { ++ chain filter_IN_public_allow { ++ tcp dport 22 ct state new,untracked accept ++ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 21 ct helper set "helper-ftp-tcp" ++ tcp dport 21 ct state new,untracked accept ++ tcp dport 5060 ct helper set "helper-sip-tcp" ++ udp dport 5060 ct helper set "helper-sip-udp" ++ tcp dport 5060 ct state new,untracked accept ++ udp dport 5060 ct state new,untracked accept ++ } ++ } ++]) ++ ++FWD_END_TEST ++]) +-- +2.20.1 + diff --git a/SOURCES/0032-fix-avoid-calling-backends-that-aren-t-available.patch b/SOURCES/0032-fix-avoid-calling-backends-that-aren-t-available.patch deleted file mode 100644 index a67f970..0000000 --- a/SOURCES/0032-fix-avoid-calling-backends-that-aren-t-available.patch +++ /dev/null @@ -1,127 +0,0 @@ -From fcff9a0adbc8042544372e1af5d84b48e6d52c93 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 13 May 2019 09:40:31 -0400 -Subject: [PATCH 32/37] fix: avoid calling backends that aren't available - -We should operate just fine if some backend aren't available, e.g. -ip6tables. This fixes some areas that broke that. - -Fixes: #491 -(cherry picked from commit 3fdffa76be42ce88bff35ce2b84c2beda3c016a1) -(cherry picked from commit 86d003dcdbd2eb20ac32858f7cfa3074169d5b5e) ---- - src/firewall/core/fw.py | 54 ++++++++++++++++++------------------ - src/firewall/core/fw_zone.py | 4 ++- - 2 files changed, 30 insertions(+), 28 deletions(-) - -diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py -index abb25f0c3e72..998de99e9532 100644 ---- a/src/firewall/core/fw.py -+++ b/src/firewall/core/fw.py -@@ -703,24 +703,24 @@ class Firewall(object): - def get_backend_by_ipv(self, ipv): - if self.nftables_enabled: - return self.nftables_backend -- if ipv == "ipv4": -+ if ipv == "ipv4" and self.ip4tables_enabled: - return self.ip4tables_backend -- elif ipv == "ipv6": -+ elif ipv == "ipv6" and self.ip6tables_enabled: - return self.ip6tables_backend -- elif ipv == "eb": -+ elif ipv == "eb" and self.ebtables_enabled: - return self.ebtables_backend - raise FirewallError(errors.INVALID_IPV, -- "'%s' is not a valid backend" % ipv) -+ "'%s' is not a valid backend or is unavailable" % ipv) - - def get_direct_backend_by_ipv(self, ipv): -- if ipv == "ipv4": -+ if ipv == "ipv4" and self.ip4tables_enabled: - return self.ip4tables_backend -- elif ipv == "ipv6": -+ elif ipv == "ipv6" and self.ip6tables_enabled: - return self.ip6tables_backend -- elif ipv == "eb": -+ elif ipv == "eb" and self.ebtables_enabled: - return self.ebtables_backend - raise FirewallError(errors.INVALID_IPV, -- "'%s' is not a valid backend" % ipv) -+ "'%s' is not a valid backend or is unavailable" % ipv) - - def is_backend_enabled(self, name): - if name == "ip4tables": -@@ -791,29 +791,29 @@ class Firewall(object): - rules = backend.build_default_rules(self._log_denied) - transaction.add_rules(backend, rules) - -- ipv6_backend = self.get_backend_by_ipv("ipv6") -- if self.ipv6_rpfilter_enabled and \ -- "raw" in ipv6_backend.get_available_tables(): -+ if self.is_ipv_enabled("ipv6"): -+ ipv6_backend = self.get_backend_by_ipv("ipv6") -+ if self.ipv6_rpfilter_enabled and \ -+ "raw" in ipv6_backend.get_available_tables(): - -- # Execute existing transaction -- transaction.execute(True) -- # Start new transaction -- transaction.clear() -+ # Execute existing transaction -+ transaction.execute(True) -+ # Start new transaction -+ transaction.clear() - -- rules = ipv6_backend.build_rpfilter_rules(self._log_denied) -- transaction.add_rules(ipv6_backend, rules) -+ rules = ipv6_backend.build_rpfilter_rules(self._log_denied) -+ transaction.add_rules(ipv6_backend, rules) - -- # Execute ipv6_rpfilter transaction, it might fail -- try: -- transaction.execute(True) -- except FirewallError as msg: -- log.warning("Applying rules for ipv6_rpfilter failed: %s", msg) -- # Start new transaction -- transaction.clear() -+ # Execute ipv6_rpfilter transaction, it might fail -+ try: -+ transaction.execute(True) -+ except FirewallError as msg: -+ log.warning("Applying rules for ipv6_rpfilter failed: %s", msg) -+ # Start new transaction -+ transaction.clear() - -- else: -- if use_transaction is None: -- transaction.execute(True) -+ if use_transaction is None: -+ transaction.execute(True) - - # flush and policy - -diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py -index d5eafb863439..31d7d6a168a8 100644 ---- a/src/firewall/core/fw_zone.py -+++ b/src/firewall/core/fw_zone.py -@@ -1554,7 +1554,7 @@ class FirewallZone(object): - if rule.family is not None: - ipvs = [ rule.family ] - else: -- ipvs = [ "ipv4", "ipv6" ] -+ ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)] - - source_ipv = self._rule_source_ipv(rule.source) - if source_ipv is not None and source_ipv != "": -@@ -1804,6 +1804,8 @@ class FirewallZone(object): - # - backends_ipv = [] - for ipv in ["ipv4", "ipv6"]: -+ if not self._fw.is_ipv_enabled(ipv): -+ continue - backend = self._fw.get_backend_by_ipv(ipv) - if len(svc.destination) > 0: - if ipv in svc.destination: --- -2.20.1 - diff --git a/SOURCES/0032-test-add-macro-CHECK_NFT_CT_HELPER.patch b/SOURCES/0032-test-add-macro-CHECK_NFT_CT_HELPER.patch new file mode 100644 index 0000000..6721543 --- /dev/null +++ b/SOURCES/0032-test-add-macro-CHECK_NFT_CT_HELPER.patch @@ -0,0 +1,35 @@ +From a18a6d69a4715452b387361dff2ea91fdb69e215 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 18 Apr 2019 23:59:54 -0400 +Subject: [PATCH 32/73] test: add macro CHECK_NFT_CT_HELPER() + +Checks if nft ct helpers are usable. + +(cherry picked from commit 32c2497f6ec0f22342d7b3c7cdaab8133a4a2b18) +(cherry picked from commit 912e951eaf9dc5480c9fbe71c74e9ce9999ee90a) +--- + src/tests/functions.at | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index cf72e8f69ec4..cb23b109a105 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -344,6 +344,14 @@ m4_define([CHECK_LOG_AUDIT], [ + ]) + ]) + ++m4_define([CHECK_NFT_CT_HELPER], [ ++ m4_if(nftables, FIREWALL_BACKEND, [ ++ NS_CHECK([nft add table inet firewalld_check_ct_helper]) ++ AT_SKIP_IF([! NS_CMD([nft add ct helper inet firewalld helper-ftp-tcp { type \"ftp\" protocol tcp \; } >/dev/null 2>&1])]) ++ NS_CHECK([nft delete table inet firewalld_check_ct_helper]) ++ ]) ++]) ++ + m4_ifnblank( + m4_esyscmd([ + KERNEL_MAJOR=`uname -r | cut -d. -f1` +-- +2.20.1 + diff --git a/SOURCES/0033-fix-tests-regression-gh453-guarantee-automatic-helpe.patch b/SOURCES/0033-fix-tests-regression-gh453-guarantee-automatic-helpe.patch new file mode 100644 index 0000000..b762752 --- /dev/null +++ b/SOURCES/0033-fix-tests-regression-gh453-guarantee-automatic-helpe.patch @@ -0,0 +1,33 @@ +From a1cdd0895c27da354899f109ee4fc663535a5adf Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 18 Apr 2019 22:47:03 -0400 +Subject: [PATCH 33/73] fix: tests/regression/gh453: guarantee automatic + helpers disabled + +The test is only relevant if automatic helpers are disabled. + +Fixes: a8930f0b694c ("test: add test to check for nftables helper objects") +(cherry picked from commit e2301b0409dbb7405e48bc547232ca9173d61399) +(cherry picked from commit 44f5c61f27fcc8d1ea14ae3783cf77584a2324bb) +--- + src/tests/regression/gh453.at | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/tests/regression/gh453.at b/src/tests/regression/gh453.at +index 44bf98cbda96..f57a79dcf9a2 100644 +--- a/src/tests/regression/gh453.at ++++ b/src/tests/regression/gh453.at +@@ -2,6 +2,10 @@ m4_if(nftables, FIREWALL_BACKEND, [ + FWD_START_TEST([nftables helper objects]) + AT_KEYWORDS(helper gh453) + ++CHECK_NFT_CT_HELPER ++ ++FWD_CHECK([-q --set-automatic-helpers=no]) ++ + FWD_CHECK([-q --add-service=ftp]) + NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl + ct helper helper-ftp-tcp { +-- +2.20.1 + diff --git a/SOURCES/0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch b/SOURCES/0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch deleted file mode 100644 index 0172150..0000000 --- a/SOURCES/0033-test-pass-IPTABLES-make-variables-down-to-autotest.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 71e90d92c71d48f130e803f9b4de5224f774d84c Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 14 May 2019 08:58:37 -0400 -Subject: [PATCH 33/37] test: pass IPTABLES make variables down to autotest - -(cherry picked from commit 8533c488a30de680769d61a08bc5f404716b04ee) -(cherry picked from commit 9de0a22a6046a162389617fd775a8c4a79ea6afa) ---- - src/tests/Makefile.am | 7 ++++++- - src/tests/functions.at | 4 ++-- - src/tests/regression/icmp_block_in_forward_chain.at | 4 ++-- - src/tests/regression/rhbz1514043.at | 2 +- - 4 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am -index a30ce4d5d607..2a5645ba81d8 100644 ---- a/src/tests/Makefile.am -+++ b/src/tests/Makefile.am -@@ -15,7 +15,11 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec - echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ - echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ - echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ -- echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])'; \ -+ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' && \ -+ echo 'm4_define([IPTABLES],[$(IPTABLES)])' && \ -+ echo 'm4_define([IPTABLES_RESTORE],[$(IPTABLES_RESTORE)])' && \ -+ echo 'm4_define([IP6TABLES],[$(IP6TABLES)])' && \ -+ echo 'm4_define([IP6TABLES_RESTORE],[$(IP6TABLES_RESTORE)])' ; \ - } > "$@" - - check-local: atconfig $(TESTSUITE) -@@ -31,6 +35,7 @@ installcheck-local: atconfig $(TESTSUITE) - - clean-local: - test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean -+ -rm $(srcdir)/package.m4 - - AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te - AUTOTEST = $(AUTOM4TE) --language=autotest -diff --git a/src/tests/functions.at b/src/tests/functions.at -index cf72e8f69ec4..70d5ec66590d 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -232,13 +232,13 @@ m4_define([EBTABLES_LIST_RULES], [ - - m4_define([IPTABLES_LIST_RULES], [ - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -- NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - ]) - - m4_define([IP6TABLES_LIST_RULES], [ - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -- NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) -+ NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) - ]) - -diff --git a/src/tests/regression/icmp_block_in_forward_chain.at b/src/tests/regression/icmp_block_in_forward_chain.at -index 77f3f274bc5a..3c8766a2b23b 100644 ---- a/src/tests/regression/icmp_block_in_forward_chain.at -+++ b/src/tests/regression/icmp_block_in_forward_chain.at -@@ -2,8 +2,8 @@ FWD_START_TEST([ICMP block present FORWARD chain]) - - FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) - m4_if(iptables, FIREWALL_BACKEND, [ -- NS_CHECK([iptables -L IN_public_deny | grep "host-prohibited"], 0, ignore) -- NS_CHECK([iptables -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) -+ NS_CHECK([IPTABLES -L IN_public_deny | grep "host-prohibited"], 0, ignore) -+ NS_CHECK([IPTABLES -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) - ], [ - NS_CHECK([nft list chain inet firewalld filter_IN_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) - NS_CHECK([nft list chain inet firewalld filter_FWDI_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) -diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at -index a7368dbd9eeb..a9750a584898 100644 ---- a/src/tests/regression/rhbz1514043.at -+++ b/src/tests/regression/rhbz1514043.at -@@ -7,7 +7,7 @@ services: dhcpv6-client samba ssh - ]) - dnl check that log denied actually took effect - m4_if(iptables, FIREWALL_BACKEND, [ -- NS_CHECK([iptables -t filter -L | grep "FINAL_REJECT:"], 0, ignore) -+ NS_CHECK([IPTABLES -t filter -L | grep "FINAL_REJECT:"], 0, ignore) - ], [ - NS_CHECK([nft list chain inet firewalld filter_INPUT | grep "FINAL_REJECT"], 0, ignore) - NS_CHECK([nft list chain inet firewalld filter_FORWARD | grep "FINAL_REJECT"], 0, ignore) --- -2.20.1 - diff --git a/SOURCES/0034-fix-on-reload-set-policy-before-cleanup.patch b/SOURCES/0034-fix-on-reload-set-policy-before-cleanup.patch new file mode 100644 index 0000000..c33f320 --- /dev/null +++ b/SOURCES/0034-fix-on-reload-set-policy-before-cleanup.patch @@ -0,0 +1,35 @@ +From 3054c6390a485451c83580e4cfeab4d90c08d95d Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 25 Apr 2019 15:08:28 -0400 +Subject: [PATCH 34/73] fix: on reload, set policy before cleanup + +Otherwise cleanup() will wipe out things that may be important when +setting the policy, e.g. IndividualCalls. + +(cherry picked from commit fd2e86fb4a508e750ad4fabc3a5be83e56338e2d) +(cherry picked from commit 99d0122d1a37b8744faeef619611bd7f9637e974) +--- + src/firewall/core/fw.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py +index abb25f0c3e72..876c43392b1b 100644 +--- a/src/firewall/core/fw.py ++++ b/src/firewall/core/fw.py +@@ -966,11 +966,11 @@ class Firewall(object): + _direct_config = self.direct.get_runtime_config() + _old_dz = self.get_default_zone() + ++ self.set_policy("DROP") ++ + # stop + self.cleanup() + +- self.set_policy("DROP") +- + start_exception = None + try: + self._start(reload=True, complete_reload=stop) +-- +2.20.1 + diff --git a/SOURCES/0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch b/SOURCES/0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch deleted file mode 100644 index 6990256..0000000 --- a/SOURCES/0034-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a565735cdf292e06d9530accee226beed0069368 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 13 May 2019 13:52:56 -0400 -Subject: [PATCH 34/37] test: add macro HOST_SUPPORTS_IP6TABLES - -(cherry picked from commit 4d5c3f190dc309ab03543dc7a65e45ee52858bd9) -(cherry picked from commit ada120045f6a1d387edf02772e889717da68050b) ---- - src/tests/functions.at | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 70d5ec66590d..da90f9ce549b 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -238,8 +238,10 @@ m4_define([IPTABLES_LIST_RULES], [ - - m4_define([IP6TABLES_LIST_RULES], [ - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [ - NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) - ]) -+ ]) - ]) - - m4_define([NFT_LIST_RULES], [ -@@ -355,3 +357,11 @@ m4_ifnblank( - [m4_define([HOST_SUPPORTS_NFT_FIB], [yes])], - [m4_define([HOST_SUPPORTS_NFT_FIB], [no])] - ) -+ -+m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd( -+ if IP6TABLES -L >/dev/null 2>&1; then -+ echo -n "yes" -+ else -+ echo -n "no" -+ fi -+)]) --- -2.20.1 - diff --git a/SOURCES/0035-test-add-macro-IF_IPV6_SUPPORTED.patch b/SOURCES/0035-test-add-macro-IF_IPV6_SUPPORTED.patch deleted file mode 100644 index 10b4a03..0000000 --- a/SOURCES/0035-test-add-macro-IF_IPV6_SUPPORTED.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 92fbe922bb4435a0cb48f8042e3ff33e8e1d0eaf Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 14 May 2019 18:30:12 -0400 -Subject: [PATCH 35/37] test: add macro IF_IPV6_SUPPORTED - -(cherry picked from commit d569d7239f23f443ac4c5dce843481223481ec96) -(cherry picked from commit 781fe1a49ab1d3fea3540742c38fe6633e65d700) ---- - src/tests/functions.at | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index da90f9ce549b..106c71ff9920 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -365,3 +365,10 @@ m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd( - echo -n "no" - fi - )]) -+ -+m4_define([IF_IPV6_SUPPORTED], [ -+ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ -+ m4_if(nftables, FIREWALL_BACKEND, [$1], [ -+ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [$1], [$2]) -+ ])]) -+]) --- -2.20.1 - diff --git a/SOURCES/0035-tests-functions-normalize-nft-list-rule-output.patch b/SOURCES/0035-tests-functions-normalize-nft-list-rule-output.patch new file mode 100644 index 0000000..92b8860 --- /dev/null +++ b/SOURCES/0035-tests-functions-normalize-nft-list-rule-output.patch @@ -0,0 +1,39 @@ +From 32e94d98bb52ea5c1c8d2d43beea9381b9f629b8 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 7 Dec 2018 09:34:27 -0500 +Subject: [PATCH 35/73] tests/functions: normalize nft list rule output + +nftables commit 6dd848339444 ("src: meta: always prefix 'meta' for +almost all tokens") made the "mark" output always be prefixd by "meta". +To be compatible with old nft version, strip the meta keyword. + +Fix test cases as well. + +(cherry picked from commit 3e56d69f5702bbf326dd6701e329aa1e98071b7a) +(cherry picked from commit 0e3cc0f0417774c80bd1cffd9a1249bf434bfd67) +--- + src/tests/functions.at | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index cb23b109a105..6af0c31c422a 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -243,9 +243,13 @@ m4_define([IP6TABLES_LIST_RULES], [ + ]) + + m4_define([NFT_LIST_RULES], [ ++ dnl nftables commit 6dd848339444 change list output to show "meta mark" ++ dnl instead of just "mark". ++ m4_define([NFT_LIST_RULES_NORMALIZE], [sed -e 's/meta mark/mark/g']) + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) ++ m4_undefine([NFT_LIST_RULES_NORMALIZE]) + ]) + + m4_define([IPSET_LIST_SET], [ +-- +2.20.1 + diff --git a/SOURCES/0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch b/SOURCES/0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch deleted file mode 100644 index d9053b3..0000000 --- a/SOURCES/0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 77819612c5f96a899823063fb9a612eab7cf14cb Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 13 May 2019 10:27:07 -0400 -Subject: [PATCH 36/37] fix: tests/functions: ignore warnings about missing - ip6tables - -We allow running firewalld without ip6tables, as such it's not an error -for it to be missing during testsuite execution. - -(cherry picked from commit 3ac719c1908d4d86d344ebc7b1e105545471046a) -(cherry picked from commit 1e7e05ba07c78f6c21de818d1ab2f18d3c31534e) ---- - src/tests/functions.at | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index 106c71ff9920..4c74c249f32e 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -132,6 +132,9 @@ m4_define([FWD_START_TEST], [ - - m4_define([FWD_END_TEST], [ - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ -+ IF_IPV6_SUPPORTED([], [ -+ sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log -+ ]) - if test x"$1" != x"ignore"; then - if test -n "$1"; then - sed -i $1 ./firewalld.log --- -2.20.1 - diff --git a/SOURCES/0036-test-functions-Strip-nft-hook-and-policy-from-output.patch b/SOURCES/0036-test-functions-Strip-nft-hook-and-policy-from-output.patch new file mode 100644 index 0000000..b0b37e7 --- /dev/null +++ b/SOURCES/0036-test-functions-Strip-nft-hook-and-policy-from-output.patch @@ -0,0 +1,34 @@ +From 8dd1d1c0db69252d3092b2c08ee2c7b4b1b62e58 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 21 Dec 2018 09:14:15 -0500 +Subject: [PATCH 36/73] test/functions: Strip nft hook and policy from output + +Depending on the nft version the priority may print as "-290" or "raw + +10". Just strip the whole hook line - we really just want to see the +rules. + +(cherry picked from commit 9b681605f96907f3fced59a4e6c884b68db0ffc8) +(cherry picked from commit 3158bc0088c64bbb4ca4d368697cb22c6001c17b) +--- + src/tests/functions.at | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 6af0c31c422a..102004f678b3 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -245,7 +245,10 @@ m4_define([IP6TABLES_LIST_RULES], [ + m4_define([NFT_LIST_RULES], [ + dnl nftables commit 6dd848339444 change list output to show "meta mark" + dnl instead of just "mark". +- m4_define([NFT_LIST_RULES_NORMALIZE], [sed -e 's/meta mark/mark/g']) ++ m4_define([NFT_LIST_RULES_NORMALIZE], [dnl ++ sed -e 's/meta mark/mark/g'dnl ++ | sed -e '/type.*hook.*priority.*policy.*/d'dnl ++ ]) + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ + NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) +-- +2.20.1 + diff --git a/SOURCES/0037-fix-tests-guard-occurrences-of-IPv6.patch b/SOURCES/0037-fix-tests-guard-occurrences-of-IPv6.patch deleted file mode 100644 index a40bd34..0000000 --- a/SOURCES/0037-fix-tests-guard-occurrences-of-IPv6.patch +++ /dev/null @@ -1,242 +0,0 @@ -From 2b76468d515858e27a1c50b9b27864adbb1bb96f Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Mon, 13 May 2019 14:00:21 -0400 -Subject: [PATCH 37/37] fix: tests: guard occurrences of IPv6 - -Since we can run without IPv6 support we need to skip test areas that -explicitly use IPv6. - -(cherry picked from commit bcb33e448abbf3a2a3a8721c257ad48bfc18dd9d) -(cherry picked from commit 9344ff8c7ce3e55a2296ca3d565b51d9a52065c4) ---- - src/tests/firewall-cmd.at | 30 +++++++++++++++++++++++++---- - src/tests/regression/gh335.at | 6 ++++++ - src/tests/regression/rhbz1594657.at | 2 ++ - 3 files changed, 34 insertions(+), 4 deletions(-) - -diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at -index bcbfe9639ef1..a3844151aeb3 100644 ---- a/src/tests/firewall-cmd.at -+++ b/src/tests/firewall-cmd.at -@@ -199,8 +199,10 @@ sources: $1 - - check_zone_source([1.2.3.4]) - check_zone_source([192.168.1.0/24]) -+ IF_IPV6_SUPPORTED([ - check_zone_source([3ffe:501:ffff::/64]) - check_zone_source([dead:beef::babe]) -+ ]) - - m4_undefine([check_zone_source]) - -@@ -292,10 +294,12 @@ FWD_START_TEST([user services]) - FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address - FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore) - FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore) -+ IF_IPV6_SUPPORTED([ - FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) - FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) - FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore) - FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 1, ignore) -+ ]) - - FWD_CHECK([--permanent --zone=public --add-service=foobar], 0, ignore) - FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore) -@@ -447,10 +451,12 @@ FWD_START_TEST([forward ports]) - FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) - FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) - FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) -+ IF_IPV6_SUPPORTED([ - FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) - FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) - FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) - FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) -+ ]) - FWD_CHECK([--add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) - FWD_CHECK([--query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) - FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) -@@ -473,10 +479,12 @@ FWD_START_TEST([forward ports]) - FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) - FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) - FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) -+ IF_IPV6_SUPPORTED([ - FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) - FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) - FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) - FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) -+ ]) - FWD_CHECK([--permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) - FWD_CHECK([--permanent --query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) - FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) -@@ -592,12 +600,14 @@ FWD_START_TEST([ipset]) - FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) - FWD_RELOAD - -+ IF_IPV6_SUPPORTED([ - FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore) - FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore) - FWD_RELOAD - FWD_CHECK([--ipset=foobar --add-entry=12:34:56:78:90:ac], 0, ignore) - FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) - FWD_RELOAD -+ ]) - FWD_END_TEST([-e '/ERROR: INVALID_ENTRY: invalid address/d']) - - FWD_START_TEST([user helpers]) -@@ -733,11 +743,13 @@ FWD_START_TEST([direct passthrough]) - FWD_CHECK([--direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) - FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 1, ignore, ignore) - -+ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl - FWD_CHECK([--direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore) - FWD_CHECK([--direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64"], 0, ignore) - FWD_CHECK([--direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64"], 0, ignore) - FWD_CHECK([--direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64"], 0, ignore) - FWD_CHECK([--direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore, ignore) -+ ]) - - FWD_CHECK([--direct --passthrough ipv5 -nvL], 111, ignore, ignore) - FWD_CHECK([--direct --passthrough ipv4], 2, ignore, ignore) -@@ -868,21 +880,25 @@ FWD_START_TEST([rich rules good]) - rich_rule_test([rule protocol value="sctp" log]) - rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept]) - rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop]) -+ IF_IPV6_SUPPORTED([ - rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"]) - rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop]) - rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"]) -+ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"]) -+ rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept]) -+ rich_rule_test([rule family="ipv6" masquerade]) -+ ]) - rich_rule_test([rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"]) - rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"]) -- rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"]) - rich_rule_test([rule family="ipv4" source address="192.168.1.0/24" masquerade]) - rich_rule_test([rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept]) -- rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept]) - rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade]) -- rich_rule_test([rule family="ipv6" masquerade]) - rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"]) - rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"]) -+ IF_IPV6_SUPPORTED([ - rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) - rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) -+ ]) - rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) - FWD_END_TEST - FWD_START_TEST([rich rules audit]) -@@ -897,7 +913,6 @@ FWD_START_TEST([rich rules bad]) - FWD_CHECK([--permanent --add-rich-rule='$1'], $2, ignore, ignore) - ]) - rich_rule_test([], 122) dnl empty -- rich_rule_test([family="ipv6" accept], 122) dnl no rule - rich_rule_test([name="dns" accept], 122) dnl no rule - rich_rule_test([protocol value="ah" reject], 122) dnl no rule - rich_rule_test([rule protocol value="ah" reject type="icmp-host-prohibited"], 122) dnl reject type needs specific family -@@ -911,8 +926,11 @@ FWD_START_TEST([rich rules bad]) - rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port - rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute - rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level -+ IF_IPV6_SUPPORTED([ -+ rich_rule_test([family="ipv6" accept], 122) dnl no rule - rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family - rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit -+ ]) - rich_rule_test([rule protocol value="esp"], 122) dnl no action/log/audit - rich_rule_test([rule family="ipv4" masquerade drop], 122) dnl masquerade & action - rich_rule_test([rule family="ipv4" icmp-block name="redirect" accept], 122) dnl icmp-block & action -@@ -1029,6 +1047,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90' - ]) - FWD_CHECK([--check-config], 111, ignore, ignore) - -+ IF_IPV6_SUPPORTED([ - AT_DATA([./helpers/foobar.xml], [dnl - - -@@ -1036,6 +1055,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90' - - ]) - FWD_CHECK([--check-config], 103, ignore, ignore) -+ ]) - AT_CHECK([rm ./helpers/foobar.xml]) - - dnl icmptype -@@ -1278,6 +1298,7 @@ WARNING: Invalid rule: Invalid log level - ]) - FWD_CHECK([--check-config], 28, ignore, ignore) - -+ IF_IPV6_SUPPORTED([ - AT_DATA([./zones/foobar.xml], [dnl - - -@@ -1292,6 +1313,7 @@ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl - WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept - WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept - ])]) -+ ]) - AT_CHECK([rm ./zones/foobar.xml]) - - FWD_END_TEST([-e '/ERROR:/d'dnl -diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at -index 901e2fa04f69..54cc4c66e163 100644 ---- a/src/tests/regression/gh335.at -+++ b/src/tests/regression/gh335.at -@@ -7,12 +7,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor - NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - FWD_RELOAD - -+IF_IPV6_SUPPORTED([ - NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) - NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) - FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"]) - NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) - FWD_RELOAD -+]) - - NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) - NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) -@@ -21,12 +23,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor - NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - FWD_RELOAD - -+IF_IPV6_SUPPORTED([ - NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) - NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) - FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"']) - NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) - FWD_RELOAD -+]) - - dnl following tests should _not_ enable IP forwarding - NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) -@@ -40,8 +44,10 @@ FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protoc - NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - -+IF_IPV6_SUPPORTED([ - FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"']) - NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) - NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) -+]) - - FWD_END_TEST -diff --git a/src/tests/regression/rhbz1594657.at b/src/tests/regression/rhbz1594657.at -index c01a34012875..33b7bafe6b08 100644 ---- a/src/tests/regression/rhbz1594657.at -+++ b/src/tests/regression/rhbz1594657.at -@@ -6,7 +6,9 @@ FWD_CHECK([--direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT], 13, - FWD_CHECK([--direct --passthrough ipv4 -t filter -L dummy_chain], 13, [ignore], [ignore]) - FWD_CHECK([--direct --passthrough ipv4 -t filter -L INPUT], 0, [ignore]) - -+m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl - FWD_CHECK([--direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore]) - FWD_CHECK([--direct --passthrough ipv6 -t filter -L dummy_chain], 13, [ignore], [ignore]) - FWD_CHECK([--direct --passthrough ipv6 -t filter -L INPUT], 0, [ignore]) -+]) - FWD_END_TEST --- -2.20.1 - diff --git a/SOURCES/0037-fix-tests-nftables-compatibility-with-numeric-output.patch b/SOURCES/0037-fix-tests-nftables-compatibility-with-numeric-output.patch new file mode 100644 index 0000000..aff2f14 --- /dev/null +++ b/SOURCES/0037-fix-tests-nftables-compatibility-with-numeric-output.patch @@ -0,0 +1,53 @@ +From d9106cd887f111eb1f7fe40e8e2129d8e7652521 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 29 Apr 2019 13:19:47 -0400 +Subject: [PATCH 37/73] fix: tests/nftables: compatibility with numeric output + changes + +Newer versions (>0.9.0) of nft changed "-n" to mean _all_ numeric +output. Newer versions also default to the older versions equivalent of +"-nn", which is what we use. So key off the newer arguments and use the +appropriate flags depending on nft version. + +See nftables commit 505794f75f2a ("src: get rid of +nft_ctx_output_{get,set}_numeric()") and other related commits. + +(cherry picked from commit fa740a638e60265957f3ef1b86df6d3f99dd5010) +(cherry picked from commit 612c5d9d281404aa8d0babbd66d115854a1822d1) +--- + src/tests/functions.at | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 102004f678b3..ca9224476a56 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -249,8 +249,9 @@ m4_define([NFT_LIST_RULES], [ + sed -e 's/meta mark/mark/g'dnl + | sed -e '/type.*hook.*priority.*policy.*/d'dnl + ]) ++ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([nft -nn list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([nft NFT_NUMERIC_ARGS list chain $1 firewalld $2 | TRIM_WHITESPACE | NFT_LIST_RULES_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) + m4_undefine([NFT_LIST_RULES_NORMALIZE]) + ]) +@@ -266,7 +267,7 @@ m4_define([IPSET_LIST_SET], [ + + m4_define([NFT_LIST_SET], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([nft -nn list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ++ NS_CHECK([nft NFT_NUMERIC_ARGS list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) + ]) + ]) + +@@ -370,3 +371,5 @@ m4_ifnblank( + [m4_define([HOST_SUPPORTS_NFT_FIB], [yes])], + [m4_define([HOST_SUPPORTS_NFT_FIB], [no])] + ) ++ ++m4_define([NFT_NUMERIC_ARGS], m4_esyscmd([nft -h |grep "numeric-protocol" >/dev/null && echo -n "" || { echo -n "-" && echo -n "nn"; } ])) +-- +2.20.1 + diff --git a/SOURCES/0038-fix-document-check-config-option.patch b/SOURCES/0038-fix-document-check-config-option.patch new file mode 100644 index 0000000..14e2e81 --- /dev/null +++ b/SOURCES/0038-fix-document-check-config-option.patch @@ -0,0 +1,61 @@ +From a40742ebfa9daf8f08713f3c7b7737ff7582f238 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 1 May 2019 08:27:14 -0400 +Subject: [PATCH 38/73] fix: document --check-config option + +Somehow it was not in the man pages. + +Fixes: b071536beb7e ("firewall-cmd: add --check-config option") +Fixes: 749e64b74cff ("firewall-offline-cmd: add --check-config option") +(cherry picked from commit 52356f49567c7026d1845805b8a65e0e05dee991) +(cherry picked from commit 4125f3e4de0afae42f98175fefe89ebd8df2fb67) +--- + doc/xml/firewall-cmd.xml.in | 10 ++++++++++ + doc/xml/firewall-offline-cmd.xml | 10 ++++++++++ + 2 files changed, 20 insertions(+) + +diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in +index 18d176fef239..5f25661b4a0e 100644 +--- a/doc/xml/firewall-cmd.xml.in ++++ b/doc/xml/firewall-cmd.xml.in +@@ -165,6 +165,16 @@ + + + ++ ++ ++ ++ ++ ++ Run checks on the permanent configuration. This includes XML validity ++ and semantics. ++ ++ ++ + + + +diff --git a/doc/xml/firewall-offline-cmd.xml b/doc/xml/firewall-offline-cmd.xml +index 1ca0acf00a09..d66f45abb753 100644 +--- a/doc/xml/firewall-offline-cmd.xml ++++ b/doc/xml/firewall-offline-cmd.xml +@@ -133,6 +133,16 @@ + + + ++ ++ ++ ++ ++ ++ Run checks on the permanent configuration. This includes XML validity ++ and semantics. ++ ++ ++ + + + +-- +2.20.1 + diff --git a/SOURCES/0038-fix-tests-update-package.m4-if-makefile-changed.patch b/SOURCES/0038-fix-tests-update-package.m4-if-makefile-changed.patch deleted file mode 100644 index b142d3b..0000000 --- a/SOURCES/0038-fix-tests-update-package.m4-if-makefile-changed.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 55ada411c884734d097c295f14d70e543c136a73 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 30 May 2019 09:45:07 -0400 -Subject: [PATCH 38/39] fix: tests: update package.m4 if makefile changed - -A common case is if we've done another ./configure and changed variables -that get passed down via package.m4. - -(cherry picked from commit b2c98d9aadc3c4bc7306240381f1750a36850d09) ---- - src/tests/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am -index 2a5645ba81d8..7a644ca915c1 100644 ---- a/src/tests/Makefile.am -+++ b/src/tests/Makefile.am -@@ -9,7 +9,7 @@ EXTRA_DIST = \ - $(TESTSUITE_FILES) \ - $(srcdir)/package.m4 - --$(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec -+$(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile - :;{ \ - echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ - echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ --- -2.20.1 - diff --git a/SOURCES/0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch b/SOURCES/0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch deleted file mode 100644 index d1d39ba..0000000 --- a/SOURCES/0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch +++ /dev/null @@ -1,34 +0,0 @@ -From edb4469374232d11b4f390ede726683ef5d3dbe7 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 30 May 2019 09:45:59 -0400 -Subject: [PATCH 39/39] fix: tests/functions: define HOST_SUPPORTS_IP6TABLES - value immediately - -(cherry picked from commit 6644eddbb219d83f4cb59523bfa873b4b1869e78) ---- - src/tests/functions.at | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tests/functions.at b/src/tests/functions.at -index c21831839662..fae1a78f6005 100644 ---- a/src/tests/functions.at -+++ b/src/tests/functions.at -@@ -361,13 +361,13 @@ m4_ifnblank( - [m4_define([HOST_SUPPORTS_NFT_FIB], [no])] - ) - --m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd( -+m4_define([HOST_SUPPORTS_IP6TABLES], m4_esyscmd( - if IP6TABLES -L >/dev/null 2>&1; then - echo -n "yes" - else - echo -n "no" - fi --)]) -+)) - - m4_define([IF_IPV6_SUPPORTED], [ - m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ --- -2.20.1 - diff --git a/SOURCES/0039-fix-tests-nftables-constant-set-compat-between-relea.patch b/SOURCES/0039-fix-tests-nftables-constant-set-compat-between-relea.patch new file mode 100644 index 0000000..351ce0f --- /dev/null +++ b/SOURCES/0039-fix-tests-nftables-constant-set-compat-between-relea.patch @@ -0,0 +1,34 @@ +From 5d1ee5889bacf65a0d386a56a7b75f49a44e9bf7 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 1 May 2019 14:41:33 -0400 +Subject: [PATCH 39/73] fix: tests nftables: constant set compat between + releases + +For newer versions (>0.9.0) of nftables, matches against sets of +constants are output using the set notation. To be compatible with older +releases we need some sed magic. + +(cherry picked from commit b7656e99ccf7c64961416e81b11ab5dbc1869694) +(cherry picked from commit f6b417f9786f81701d2c63b234f7029e528b0ab2) +--- + src/tests/functions.at | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index ca9224476a56..729bfc0dfc6a 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -247,7 +247,9 @@ m4_define([NFT_LIST_RULES], [ + dnl instead of just "mark". + m4_define([NFT_LIST_RULES_NORMALIZE], [dnl + sed -e 's/meta mark/mark/g'dnl +- | sed -e '/type.*hook.*priority.*policy.*/d'dnl ++ -e '/type.*hook.*priority.*policy.*/d'dnl ++ dnl tranform ct state { established,related } to ct state established,related ++ -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\(@<:@a-z@:>@*\), /\1,/g;}' dnl + ]) + + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +-- +2.20.1 + diff --git a/SOURCES/0040-fix-Revert-ebtables-drop-support-for-broute-table.patch b/SOURCES/0040-fix-Revert-ebtables-drop-support-for-broute-table.patch deleted file mode 100644 index 134e742..0000000 --- a/SOURCES/0040-fix-Revert-ebtables-drop-support-for-broute-table.patch +++ /dev/null @@ -1,56 +0,0 @@ -From e490ca17f5a61ef8c28ada20fec922acc300640e Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 20 Sep 2019 08:39:05 -0400 -Subject: [PATCH 40/41] fix: Revert "ebtables: drop support for broute table" - -This reverts commit 0e78dea21ffb03ea2e51df6158471b9cbd6652c9. - -Apparently there _are_ users of this table. Let's revert this change and -be a little smarter about not attempting to use the table if it's not -available (ebtables-nft). We'll still fail if the user has direct rules -for this table, but at least the default ruleset will work. - -(cherry picked from commit ca34c9e051807d62371d5e980210f11859cab360) -(cherry picked from commit b80835f5af8ad5c4c39cc8b78ec5314963926a8f) ---- - src/firewall-config.in | 4 ++++ - src/firewall/core/ebtables.py | 1 + - 2 files changed, 5 insertions(+) - -diff --git a/src/firewall-config.in b/src/firewall-config.in -index c19541b0ce82..91ce89ab72a0 100755 ---- a/src/firewall-config.in -+++ b/src/firewall-config.in -@@ -7653,6 +7653,8 @@ class FirewallConfig(object): - self.directChainDialogTableCombobox.append_text("mangle") - self.directChainDialogTableCombobox.append_text("raw") - self.directChainDialogTableCombobox.append_text("security") -+ else: -+ self.directChainDialogTableCombobox.append_text("broute") - - combobox_select_text(self.directChainDialogTableCombobox, old_table) - -@@ -7807,6 +7809,8 @@ class FirewallConfig(object): - self.directRuleDialogTableCombobox.append_text("mangle") - self.directRuleDialogTableCombobox.append_text("raw") - self.directRuleDialogTableCombobox.append_text("security") -+ else: -+ self.directRuleDialogTableCombobox.append_text("broute") - - combobox_select_text(self.directRuleDialogTableCombobox, old_table) - -diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py -index df4c31743cd7..65688571ce31 100644 ---- a/src/firewall/core/ebtables.py -+++ b/src/firewall/core/ebtables.py -@@ -31,6 +31,7 @@ from firewall.errors import FirewallError, INVALID_IPV - import string - - BUILT_IN_CHAINS = { -+ "broute": [ "BROUTING" ], - "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ], - "filter": [ "INPUT", "OUTPUT", "FORWARD" ], - } --- -2.20.1 - diff --git a/SOURCES/0040-fix-propagate-exception-if-backend-fails-with-Indivi.patch b/SOURCES/0040-fix-propagate-exception-if-backend-fails-with-Indivi.patch new file mode 100644 index 0000000..5830373 --- /dev/null +++ b/SOURCES/0040-fix-propagate-exception-if-backend-fails-with-Indivi.patch @@ -0,0 +1,39 @@ +From 1254cf169249fa75ff9838df48402c936e706426 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 2 May 2019 11:47:25 -0400 +Subject: [PATCH 40/73] fix: propagate exception if backend fails with + IndividualCalls=yes + +They were being logged, but not propagated. They need to be propagated +so things like reload() can enter FAILED state. + +(cherry picked from commit 360d40a075f5b72e93d941297cc0badf036e53e3) +(cherry picked from commit fba166f79f1fac5e94a97c18369f36d13cab1bd6) +--- + src/firewall/core/fw.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py +index 876c43392b1b..114d41090042 100644 +--- a/src/firewall/core/fw.py ++++ b/src/firewall/core/fw.py +@@ -882,7 +882,6 @@ class Firewall(object): + backend.set_rule(rule, self._log_denied) + except Exception as msg: + log.debug1(traceback.format_exc()) +- log.error("Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables.") + log.error(msg) + for rule in reversed(_rules[:i]): + try: +@@ -890,7 +889,7 @@ class Firewall(object): + except Exception: + # ignore errors here + pass +- return False ++ raise msg + return True + else: + return backend.set_rules(_rules, self._log_denied) +-- +2.20.1 + diff --git a/SOURCES/0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch b/SOURCES/0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch new file mode 100644 index 0000000..74960a5 --- /dev/null +++ b/SOURCES/0041-fix-do-not-flush-entire-ruleset-in-CHECK_NAT_COEXIST.patch @@ -0,0 +1,32 @@ +From 427b0e1ceb92e81ecef9304701ccc6a6f89a3dca Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 2 May 2019 12:39:22 -0400 +Subject: [PATCH 41/73] fix: do not flush entire ruleset in + CHECK_NAT_COEXISTENCE + +It should only delete the table it uses to probe. Flushing the entire +ruleset is really bad. + +Fixes: 19d33cde55d4 ("tests/firewall-cmd: check for NAT coexistence") +(cherry picked from commit 1acdf4432d233d4e1ed9215318282e64b0e4404a) +(cherry picked from commit 4912e6c14e180dbe66162348aae7f4ebd6743ee1) +--- + src/tests/functions.at | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 729bfc0dfc6a..0dcda6311a75 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -338,7 +338,7 @@ m4_define([CHECK_NAT_COEXISTENCE], [ + AT_SKIP_IF([! modprobe iptable_nat]) + AT_SKIP_IF([! NS_CMD([nft add table ip foobar])]) + AT_SKIP_IF([! NS_CMD([nft add chain ip foobar foobar_chain { type nat hook postrouting priority 100 \; }])]) +- NS_CHECK([nft flush ruleset]) ++ NS_CHECK([nft delete table ip foobar]) + else + AT_SKIP_IF([true]) + fi +-- +2.20.1 + diff --git a/SOURCES/0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch b/SOURCES/0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch deleted file mode 100644 index d87fe91..0000000 --- a/SOURCES/0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6a5d8aa720479781b122f999e4a4180c84c39be5 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 20 Sep 2019 08:47:22 -0400 -Subject: [PATCH 41/41] fix: ebtables: don't use tables that aren't available - -(cherry picked from commit 53fa559352156ae4c33613e2e45eb5355e1e86b9) -(cherry picked from commit 3b7dd4993f18c9090f3c307fd40919cc8b2616bc) ---- - src/firewall/core/ebtables.py | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py -index 65688571ce31..b17e43dadf20 100644 ---- a/src/firewall/core/ebtables.py -+++ b/src/firewall/core/ebtables.py -@@ -229,6 +229,8 @@ class ebtables(object): - def build_flush_rules(self): - rules = [] - for table in BUILT_IN_CHAINS.keys(): -+ if table not in self.get_available_tables(): -+ continue - # Flush firewall rules: -F - # Delete firewall chains: -X - # Set counter to zero: -Z -@@ -239,6 +241,8 @@ class ebtables(object): - def build_set_policy_rules(self, policy): - rules = [] - for table in BUILT_IN_CHAINS.keys(): -+ if table not in self.get_available_tables(): -+ continue - for chain in BUILT_IN_CHAINS[table]: - rules.append(["-t", table, "-P", chain, policy]) - return rules --- -2.20.1 - diff --git a/SOURCES/0042-fix-rich-rule-destination-with-services.patch b/SOURCES/0042-fix-rich-rule-destination-with-services.patch deleted file mode 100644 index e53b789..0000000 --- a/SOURCES/0042-fix-rich-rule-destination-with-services.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0dc5116a02ca03a3b78f5e5c653ebc783d2cdf2e Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 6 Jun 2019 12:25:08 -0400 -Subject: [PATCH 42/43] fix: rich rule destination with services - -Fixes: rhbz 1715977 -(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57) -(cherry picked from commit 9cd642933d41a983c4cbdef6aa936151e89a05ef) ---- - src/firewall/core/fw_zone.py | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py -index 31d7d6a168a8..e6eb299dec71 100644 ---- a/src/firewall/core/fw_zone.py -+++ b/src/firewall/core/fw_zone.py -@@ -1575,17 +1575,18 @@ class FirewallZone(object): - if type(rule.element) == Rich_Service: - svc = self._fw.service.get_service(rule.element.name) - -- destinations = [rule.destination] if rule.destination else [None] -- -+ destinations = [] - if len(svc.destination) > 0: - if rule.destination: - # we can not use two destinations at the same time - raise FirewallError(errors.INVALID_RULE, - "Destination conflict with service.") -- destinations = [] - for ipv in ipvs: - if ipv in svc.destination and backend.is_ipv_supported(ipv): - destinations.append(svc.destination[ipv]) -+ else: -+ # dummy for the following for loop -+ destinations.append(None) - - for destination in destinations: - if enable: --- -2.23.0 - diff --git a/SOURCES/0042-fix-tests-regression-pr323-don-t-check-for-nf_nat_pr.patch b/SOURCES/0042-fix-tests-regression-pr323-don-t-check-for-nf_nat_pr.patch new file mode 100644 index 0000000..eb3cf09 --- /dev/null +++ b/SOURCES/0042-fix-tests-regression-pr323-don-t-check-for-nf_nat_pr.patch @@ -0,0 +1,30 @@ +From 85b0be0e6dd77d7cf45e733a91b8e6b85b4a3de5 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 8 May 2019 14:12:38 -0400 +Subject: [PATCH 42/73] fix: tests/regression/pr323: don't check for + nf_nat_proto_gre + +It has been removed from newer kernels. See kernel commit 5cbabeec1eb7 +("netfilter: nat: remove nf_nat_l4proto struct"). + +Fixes: #476 +(cherry picked from commit c681790741e6b4eb010b4a2f8f1dbef33f309334) +(cherry picked from commit e2327529572e9ffab99828f153cda3a97ff58e98) +--- + src/tests/regression/pr323.at | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/tests/regression/pr323.at b/src/tests/regression/pr323.at +index f2186070c951..e229a3f81178 100644 +--- a/src/tests/regression/pr323.at ++++ b/src/tests/regression/pr323.at +@@ -5,6 +5,5 @@ FWD_CHECK([-q --remove-protocol=gre]) + + FWD_CHECK([-q --add-service=gre]) + AT_CHECK([lsmod | grep nf_conntrack_proto_gre], 0, ignore) +-AT_CHECK([lsmod | grep nf_nat_proto_gre], 0, ignore) + + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0043-fix-tests-regression-rhbz1601610-ignore-warning-abou.patch b/SOURCES/0043-fix-tests-regression-rhbz1601610-ignore-warning-abou.patch new file mode 100644 index 0000000..f82c422 --- /dev/null +++ b/SOURCES/0043-fix-tests-regression-rhbz1601610-ignore-warning-abou.patch @@ -0,0 +1,26 @@ +From a62eb434c84712691f49ad51a359bfa6b7ef2b8c Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 8 May 2019 14:18:01 -0400 +Subject: [PATCH 43/73] fix: tests/regression/rhbz1601610: ignore warning about + version mismatch + +(cherry picked from commit 4f6d9fe950a5a465b55f28c9af906392fd60296c) +(cherry picked from commit 1bae323645e498d1cbf87c25932b2e7720811fab) +--- + src/tests/regression/rhbz1601610.at | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/tests/regression/rhbz1601610.at b/src/tests/regression/rhbz1601610.at +index 17129a541041..afe8422f5ee7 100644 +--- a/src/tests/regression/rhbz1601610.at ++++ b/src/tests/regression/rhbz1601610.at +@@ -101,4 +101,5 @@ Members: + ])]) + + FWD_END_TEST([-e '/ERROR: COMMAND_FAILED:.*already added.*/d'dnl +- -e '/ERROR: COMMAND_FAILED:.*element.*exists/d']) ++ -e '/ERROR: COMMAND_FAILED:.*element.*exists/d'dnl ++ -e '/Kernel support protocol versions/d']) +-- +2.20.1 + diff --git a/SOURCES/0043-test-coverage-for-rhbz-1715977.patch b/SOURCES/0043-test-coverage-for-rhbz-1715977.patch deleted file mode 100644 index 47e150f..0000000 --- a/SOURCES/0043-test-coverage-for-rhbz-1715977.patch +++ /dev/null @@ -1,44 +0,0 @@ -From db60f004d65078579f67be270427265d65876f4b Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Thu, 6 Jun 2019 11:51:11 -0400 -Subject: [PATCH 43/43] test: coverage for rhbz 1715977 - -(cherry picked from commit 3fb02f8d6648906bdf089a4734c939c809f85583) -(cherry picked from commit 819e7196c1aa79998b3b094805c51e4caf49a572) ---- - src/tests/regression.at | 1 + - src/tests/regression/rhbz1715977.at | 13 +++++++++++++ - 2 files changed, 14 insertions(+) - create mode 100644 src/tests/regression/rhbz1715977.at - -diff --git a/src/tests/regression.at b/src/tests/regression.at -index 36e10eeb52d5..bbfcb65fe6e9 100644 ---- a/src/tests/regression.at -+++ b/src/tests/regression.at -@@ -16,3 +16,4 @@ m4_include([regression/gh366.at]) - m4_include([regression/rhbz1601610.at]) - m4_include([regression/gh303.at]) - m4_include([regression/gh335.at]) -+m4_include([regression/rhbz1715977.at]) -diff --git a/src/tests/regression/rhbz1715977.at b/src/tests/regression/rhbz1715977.at -new file mode 100644 -index 000000000000..0a05b14f9e3e ---- /dev/null -+++ b/src/tests/regression/rhbz1715977.at -@@ -0,0 +1,13 @@ -+FWD_START_TEST([rich rule destination with service destination]) -+AT_KEYWORDS(rich service rhbz1715977) -+ -+FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) -+FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept']) -+FWD_RELOAD -+ -+FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore]) -+FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept']) -+FWD_RELOAD -+FWD_GREP_LOG([WARNING: internal: INVALID_RULE: Destination conflict with service.]) -+ -+FWD_END_TEST([-e '/INVALID_RULE: Destination conflict with service/d']) --- -2.23.0 - diff --git a/SOURCES/0044-fix-avoid-calling-backends-that-aren-t-available.patch b/SOURCES/0044-fix-avoid-calling-backends-that-aren-t-available.patch new file mode 100644 index 0000000..acfb978 --- /dev/null +++ b/SOURCES/0044-fix-avoid-calling-backends-that-aren-t-available.patch @@ -0,0 +1,127 @@ +From 5910f49d563c7d18354c83f6b6b76e4dca5ad931 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 13 May 2019 09:40:31 -0400 +Subject: [PATCH 44/73] fix: avoid calling backends that aren't available + +We should operate just fine if some backend aren't available, e.g. +ip6tables. This fixes some areas that broke that. + +Fixes: #491 +(cherry picked from commit 3fdffa76be42ce88bff35ce2b84c2beda3c016a1) +(cherry picked from commit 86d003dcdbd2eb20ac32858f7cfa3074169d5b5e) +--- + src/firewall/core/fw.py | 54 ++++++++++++++++++------------------ + src/firewall/core/fw_zone.py | 4 ++- + 2 files changed, 30 insertions(+), 28 deletions(-) + +diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py +index 114d41090042..3e639f83d1f4 100644 +--- a/src/firewall/core/fw.py ++++ b/src/firewall/core/fw.py +@@ -703,24 +703,24 @@ class Firewall(object): + def get_backend_by_ipv(self, ipv): + if self.nftables_enabled: + return self.nftables_backend +- if ipv == "ipv4": ++ if ipv == "ipv4" and self.ip4tables_enabled: + return self.ip4tables_backend +- elif ipv == "ipv6": ++ elif ipv == "ipv6" and self.ip6tables_enabled: + return self.ip6tables_backend +- elif ipv == "eb": ++ elif ipv == "eb" and self.ebtables_enabled: + return self.ebtables_backend + raise FirewallError(errors.INVALID_IPV, +- "'%s' is not a valid backend" % ipv) ++ "'%s' is not a valid backend or is unavailable" % ipv) + + def get_direct_backend_by_ipv(self, ipv): +- if ipv == "ipv4": ++ if ipv == "ipv4" and self.ip4tables_enabled: + return self.ip4tables_backend +- elif ipv == "ipv6": ++ elif ipv == "ipv6" and self.ip6tables_enabled: + return self.ip6tables_backend +- elif ipv == "eb": ++ elif ipv == "eb" and self.ebtables_enabled: + return self.ebtables_backend + raise FirewallError(errors.INVALID_IPV, +- "'%s' is not a valid backend" % ipv) ++ "'%s' is not a valid backend or is unavailable" % ipv) + + def is_backend_enabled(self, name): + if name == "ip4tables": +@@ -791,29 +791,29 @@ class Firewall(object): + rules = backend.build_default_rules(self._log_denied) + transaction.add_rules(backend, rules) + +- ipv6_backend = self.get_backend_by_ipv("ipv6") +- if self.ipv6_rpfilter_enabled and \ +- "raw" in ipv6_backend.get_available_tables(): ++ if self.is_ipv_enabled("ipv6"): ++ ipv6_backend = self.get_backend_by_ipv("ipv6") ++ if self.ipv6_rpfilter_enabled and \ ++ "raw" in ipv6_backend.get_available_tables(): + +- # Execute existing transaction +- transaction.execute(True) +- # Start new transaction +- transaction.clear() ++ # Execute existing transaction ++ transaction.execute(True) ++ # Start new transaction ++ transaction.clear() + +- rules = ipv6_backend.build_rpfilter_rules(self._log_denied) +- transaction.add_rules(ipv6_backend, rules) ++ rules = ipv6_backend.build_rpfilter_rules(self._log_denied) ++ transaction.add_rules(ipv6_backend, rules) + +- # Execute ipv6_rpfilter transaction, it might fail +- try: +- transaction.execute(True) +- except FirewallError as msg: +- log.warning("Applying rules for ipv6_rpfilter failed: %s", msg) +- # Start new transaction +- transaction.clear() ++ # Execute ipv6_rpfilter transaction, it might fail ++ try: ++ transaction.execute(True) ++ except FirewallError as msg: ++ log.warning("Applying rules for ipv6_rpfilter failed: %s", msg) ++ # Start new transaction ++ transaction.clear() + +- else: +- if use_transaction is None: +- transaction.execute(True) ++ if use_transaction is None: ++ transaction.execute(True) + + # flush and policy + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index d98ff2259087..ee02a161bcfb 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -1563,7 +1563,7 @@ class FirewallZone(object): + if rule.family is not None: + ipvs = [ rule.family ] + else: +- ipvs = [ "ipv4", "ipv6" ] ++ ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)] + + source_ipv = self._rule_source_ipv(rule.source) + if source_ipv is not None and source_ipv != "": +@@ -1806,6 +1806,8 @@ class FirewallZone(object): + # + backends_ipv = [] + for ipv in ["ipv4", "ipv6"]: ++ if not self._fw.is_ipv_enabled(ipv): ++ continue + backend = self._fw.get_backend_by_ipv(ipv) + if len(svc.destination) > 0: + if ipv in svc.destination: +-- +2.20.1 + diff --git a/SOURCES/0044-fix-direct-removeRules-was-mistakenly-removing-all-r.patch b/SOURCES/0044-fix-direct-removeRules-was-mistakenly-removing-all-r.patch deleted file mode 100644 index afd1bb0..0000000 --- a/SOURCES/0044-fix-direct-removeRules-was-mistakenly-removing-all-r.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 028e1c617b14cd67f025601f003aec63a75b3b1a Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 26 Jul 2019 13:32:44 -0400 -Subject: [PATCH 44/50] fix: direct: removeRules() was mistakenly removing all - rules - -Only remove the rules that match the specified criteria (ipv, table, -chain). - -Fixes: #385 -Fixes: rhbz 1723610 -(cherry picked from commit 174005b15059db054b2f8dcf3b35c23fcbaf44ec) -(cherry picked from commit 5b796871894bc2f4f973ef11dc9233b4d391dd63) ---- - src/firewall/server/config.py | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py -index 011052a9cabf..b2cebea9b4be 100644 ---- a/src/firewall/server/config.py -+++ b/src/firewall/server/config.py -@@ -1367,7 +1367,9 @@ class FirewallDConfig(slip.dbus.service.Object): - (ipv, table, chain, )) - self.accessCheck(sender) - settings = list(self.getSettings()) -- settings[1] = [] -+ for rule in settings[1]: -+ if (ipv, table, chain) == (rule[0], rule[1], rule[2]): -+ settings[1].remove(rule) - self.update(tuple(settings)) - - @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, --- -2.23.0 - diff --git a/SOURCES/0045-test-coverage-for-rhbz-1723610-and-gh-385.patch b/SOURCES/0045-test-coverage-for-rhbz-1723610-and-gh-385.patch deleted file mode 100644 index 10975d5..0000000 --- a/SOURCES/0045-test-coverage-for-rhbz-1723610-and-gh-385.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 396591e003cd912f6f614c56fc26410a1e97f568 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 26 Jul 2019 08:26:50 -0400 -Subject: [PATCH 45/50] test: coverage for rhbz 1723610 and gh #385 - -(cherry picked from commit 75fc4876dbfbdb1de09a67c48630fa8503ed152d) -(cherry picked from commit 9657d72ece2631aaab1aa1030658babe77c7f921) ---- - src/tests/regression.at | 1 + - src/tests/regression/rhbz1723610.at | 30 +++++++++++++++++++++++++++++ - 2 files changed, 31 insertions(+) - create mode 100644 src/tests/regression/rhbz1723610.at - -diff --git a/src/tests/regression.at b/src/tests/regression.at -index bbfcb65fe6e9..b2c8ba799d56 100644 ---- a/src/tests/regression.at -+++ b/src/tests/regression.at -@@ -17,3 +17,4 @@ m4_include([regression/rhbz1601610.at]) - m4_include([regression/gh303.at]) - m4_include([regression/gh335.at]) - m4_include([regression/rhbz1715977.at]) -+m4_include([regression/rhbz1723610.at]) -diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at -new file mode 100644 -index 000000000000..f020141e1808 ---- /dev/null -+++ b/src/tests/regression/rhbz1723610.at -@@ -0,0 +1,30 @@ -+FWD_START_TEST([direct remove-rules per family]) -+AT_KEYWORDS(direct rhbz1723610 gh385) -+ -+FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) -+FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl -+ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+]) -+FWD_RELOAD -+FWD_CHECK([--direct --get-all-rules], 0, [dnl -+ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+]) -+ -+FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter input]) -+FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) -+FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl -+ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+]) -+FWD_RELOAD -+FWD_CHECK([--direct --get-all-rules], 0, [dnl -+ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+]) -+FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) -+FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) -+FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) -+FWD_CHECK([--direct --get-all-rules], 0, [dnl -+ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT -+ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT -+]) -+ -+FWD_END_TEST --- -2.23.0 - diff --git a/SOURCES/0045-test-pass-IPTABLES-make-variables-down-to-autotest.patch b/SOURCES/0045-test-pass-IPTABLES-make-variables-down-to-autotest.patch new file mode 100644 index 0000000..0e5ae79 --- /dev/null +++ b/SOURCES/0045-test-pass-IPTABLES-make-variables-down-to-autotest.patch @@ -0,0 +1,90 @@ +From 66d724ebcec91ba653cfabbaa0ea8893f7cde875 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 14 May 2019 08:58:37 -0400 +Subject: [PATCH 45/73] test: pass IPTABLES make variables down to autotest + +(cherry picked from commit 8533c488a30de680769d61a08bc5f404716b04ee) +(cherry picked from commit 9de0a22a6046a162389617fd775a8c4a79ea6afa) +--- + src/tests/Makefile.am | 7 ++++++- + src/tests/functions.at | 4 ++-- + src/tests/regression/icmp_block_in_forward_chain.at | 4 ++-- + src/tests/regression/rhbz1514043.at | 2 +- + 4 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index a30ce4d5d607..2a5645ba81d8 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -15,7 +15,11 @@ $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec + echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ + echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ + echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ +- echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])'; \ ++ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' && \ ++ echo 'm4_define([IPTABLES],[$(IPTABLES)])' && \ ++ echo 'm4_define([IPTABLES_RESTORE],[$(IPTABLES_RESTORE)])' && \ ++ echo 'm4_define([IP6TABLES],[$(IP6TABLES)])' && \ ++ echo 'm4_define([IP6TABLES_RESTORE],[$(IP6TABLES_RESTORE)])' ; \ + } > "$@" + + check-local: atconfig $(TESTSUITE) +@@ -31,6 +35,7 @@ installcheck-local: atconfig $(TESTSUITE) + + clean-local: + test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean ++ -rm $(srcdir)/package.m4 + + AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te + AUTOTEST = $(AUTOM4TE) --language=autotest +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 0dcda6311a75..c246c08bc378 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -232,13 +232,13 @@ m4_define([EBTABLES_LIST_RULES], [ + + m4_define([IPTABLES_LIST_RULES], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([iptables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) + ]) + + m4_define([IP6TABLES_LIST_RULES], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ +- NS_CHECK([ip6tables -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ++ NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) + ]) + +diff --git a/src/tests/regression/icmp_block_in_forward_chain.at b/src/tests/regression/icmp_block_in_forward_chain.at +index 77f3f274bc5a..3c8766a2b23b 100644 +--- a/src/tests/regression/icmp_block_in_forward_chain.at ++++ b/src/tests/regression/icmp_block_in_forward_chain.at +@@ -2,8 +2,8 @@ FWD_START_TEST([ICMP block present FORWARD chain]) + + FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) + m4_if(iptables, FIREWALL_BACKEND, [ +- NS_CHECK([iptables -L IN_public_deny | grep "host-prohibited"], 0, ignore) +- NS_CHECK([iptables -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) ++ NS_CHECK([IPTABLES -L IN_public_deny | grep "host-prohibited"], 0, ignore) ++ NS_CHECK([IPTABLES -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) + ], [ + NS_CHECK([nft list chain inet firewalld filter_IN_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) + NS_CHECK([nft list chain inet firewalld filter_FWDI_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) +diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at +index a7368dbd9eeb..a9750a584898 100644 +--- a/src/tests/regression/rhbz1514043.at ++++ b/src/tests/regression/rhbz1514043.at +@@ -7,7 +7,7 @@ services: dhcpv6-client samba ssh + ]) + dnl check that log denied actually took effect + m4_if(iptables, FIREWALL_BACKEND, [ +- NS_CHECK([iptables -t filter -L | grep "FINAL_REJECT:"], 0, ignore) ++ NS_CHECK([IPTABLES -t filter -L | grep "FINAL_REJECT:"], 0, ignore) + ], [ + NS_CHECK([nft list chain inet firewalld filter_INPUT | grep "FINAL_REJECT"], 0, ignore) + NS_CHECK([nft list chain inet firewalld filter_FORWARD | grep "FINAL_REJECT"], 0, ignore) +-- +2.20.1 + diff --git a/SOURCES/0046-fix-tests-regression-rhbz1723610-make-output-reliabl.patch b/SOURCES/0046-fix-tests-regression-rhbz1723610-make-output-reliabl.patch deleted file mode 100644 index c73299d..0000000 --- a/SOURCES/0046-fix-tests-regression-rhbz1723610-make-output-reliabl.patch +++ /dev/null @@ -1,33 +0,0 @@ -From bb91a06a2f009f469d455523ff4f133a3c724b64 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 26 Jul 2019 13:56:54 -0400 -Subject: [PATCH 46/50] fix: tests/regression/rhbz1723610: make output reliable - -The rule listing is unordered, so lets make it reliable. - -Fixes: 75fc4876dbfb ("test: coverage for rhbz 1723610 and gh #385") -(cherry picked from commit 645fc816c09d2d5f767fcecf4bea3d61219780e9) -(cherry picked from commit c8b851866fd7a5731c9f2ef66f0052ac5e7d0497) ---- - src/tests/regression/rhbz1723610.at | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at -index f020141e1808..3eccc0436ed7 100644 ---- a/src/tests/regression/rhbz1723610.at -+++ b/src/tests/regression/rhbz1723610.at -@@ -19,11 +19,9 @@ FWD_RELOAD - FWD_CHECK([--direct --get-all-rules], 0, [dnl - ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT - ]) --FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) - FWD_CHECK([--direct --get-all-rules], 0, [dnl --ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT - ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT - ]) - --- -2.23.0 - diff --git a/SOURCES/0046-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch b/SOURCES/0046-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch new file mode 100644 index 0000000..5888f98 --- /dev/null +++ b/SOURCES/0046-test-add-macro-HOST_SUPPORTS_IP6TABLES.patch @@ -0,0 +1,41 @@ +From 9220b16807b4b22ff14072de9f85f8e0353e48a0 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 13 May 2019 13:52:56 -0400 +Subject: [PATCH 46/73] test: add macro HOST_SUPPORTS_IP6TABLES + +(cherry picked from commit 4d5c3f190dc309ab03543dc7a65e45ee52858bd9) +(cherry picked from commit ada120045f6a1d387edf02772e889717da68050b) +--- + src/tests/functions.at | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index c246c08bc378..05f517b01369 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -238,8 +238,10 @@ m4_define([IPTABLES_LIST_RULES], [ + + m4_define([IP6TABLES_LIST_RULES], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ ++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [ + NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) ++ ]) + ]) + + m4_define([NFT_LIST_RULES], [ +@@ -375,3 +377,11 @@ m4_ifnblank( + ) + + m4_define([NFT_NUMERIC_ARGS], m4_esyscmd([nft -h |grep "numeric-protocol" >/dev/null && echo -n "" || { echo -n "-" && echo -n "nn"; } ])) ++ ++m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd( ++ if IP6TABLES -L >/dev/null 2>&1; then ++ echo -n "yes" ++ else ++ echo -n "no" ++ fi ++)]) +-- +2.20.1 + diff --git a/SOURCES/0047-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch b/SOURCES/0047-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch deleted file mode 100644 index 7cc7cff..0000000 --- a/SOURCES/0047-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1032f4e815b296a7d0aa17363bf2693926095ef3 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 26 Jul 2019 14:17:28 -0400 -Subject: [PATCH 47/50] fix: tests/regression/rhbz1723610: avoid calling IPv6 - backend - -We support running without IPv6, so calling the backend in the test -case. - -Fixes: 75fc4876dbfb ("test: coverage for rhbz 1723610 and gh #385") -(cherry picked from commit 38978bfde28a3fea9fb4cc61d2bb30ee5474e341) -(cherry picked from commit c4b3c7ef2d2136992cd745ef7157f20e0e385665) ---- - src/tests/regression/rhbz1723610.at | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at -index 3eccc0436ed7..35feed2bda9f 100644 ---- a/src/tests/regression/rhbz1723610.at -+++ b/src/tests/regression/rhbz1723610.at -@@ -19,10 +19,10 @@ FWD_RELOAD - FWD_CHECK([--direct --get-all-rules], 0, [dnl - ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT - ]) --FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) -+FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) - FWD_CHECK([--direct --get-all-rules], 0, [dnl --ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT -+ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT - ]) - - FWD_END_TEST --- -2.23.0 - diff --git a/SOURCES/0047-test-add-macro-IF_IPV6_SUPPORTED.patch b/SOURCES/0047-test-add-macro-IF_IPV6_SUPPORTED.patch new file mode 100644 index 0000000..d1ba813 --- /dev/null +++ b/SOURCES/0047-test-add-macro-IF_IPV6_SUPPORTED.patch @@ -0,0 +1,29 @@ +From 0e6a3047de1f4e70926f71da3704cd41281ba91f Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 14 May 2019 18:30:12 -0400 +Subject: [PATCH 47/73] test: add macro IF_IPV6_SUPPORTED + +(cherry picked from commit d569d7239f23f443ac4c5dce843481223481ec96) +(cherry picked from commit 781fe1a49ab1d3fea3540742c38fe6633e65d700) +--- + src/tests/functions.at | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 05f517b01369..afd7917d7369 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -385,3 +385,10 @@ m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd( + echo -n "no" + fi + )]) ++ ++m4_define([IF_IPV6_SUPPORTED], [ ++ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ ++ m4_if(nftables, FIREWALL_BACKEND, [$1], [ ++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [$1], [$2]) ++ ])]) ++]) +-- +2.20.1 + diff --git a/SOURCES/0048-fix-direct-removeRules-not-removing-all-rules-in-cha.patch b/SOURCES/0048-fix-direct-removeRules-not-removing-all-rules-in-cha.patch deleted file mode 100644 index 5b4c0f7..0000000 --- a/SOURCES/0048-fix-direct-removeRules-not-removing-all-rules-in-cha.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a4f15aab7bbc9e4ea19682fc88b43e3501df58c7 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 30 Aug 2019 14:09:11 -0400 -Subject: [PATCH 48/50] fix: direct: removeRules() not removing all rules in - chain - -Fixes: 174005b15059 ("fix: direct: removeRules() was mistakenly removing all rules") -(cherry picked from commit 083d6527ad9c60442e424172e223b65132bc6d17) -(cherry picked from commit 55a639aed7a8b5f2d77d39b26dd78f51b20100ed) ---- - src/firewall/server/config.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py -index b2cebea9b4be..cd640ba881ca 100644 ---- a/src/firewall/server/config.py -+++ b/src/firewall/server/config.py -@@ -1367,7 +1367,7 @@ class FirewallDConfig(slip.dbus.service.Object): - (ipv, table, chain, )) - self.accessCheck(sender) - settings = list(self.getSettings()) -- for rule in settings[1]: -+ for rule in settings[1][:]: - if (ipv, table, chain) == (rule[0], rule[1], rule[2]): - settings[1].remove(rule) - self.update(tuple(settings)) --- -2.23.0 - diff --git a/SOURCES/0048-fix-tests-functions-ignore-warnings-about-missing-ip.patch b/SOURCES/0048-fix-tests-functions-ignore-warnings-about-missing-ip.patch new file mode 100644 index 0000000..a9bf4eb --- /dev/null +++ b/SOURCES/0048-fix-tests-functions-ignore-warnings-about-missing-ip.patch @@ -0,0 +1,32 @@ +From a6f7c28f573b52b77278eebf71534a6b4064a340 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 13 May 2019 10:27:07 -0400 +Subject: [PATCH 48/73] fix: tests/functions: ignore warnings about missing + ip6tables + +We allow running firewalld without ip6tables, as such it's not an error +for it to be missing during testsuite execution. + +(cherry picked from commit 3ac719c1908d4d86d344ebc7b1e105545471046a) +(cherry picked from commit 1e7e05ba07c78f6c21de818d1ab2f18d3c31534e) +--- + src/tests/functions.at | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index afd7917d7369..6cd4878a9f03 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -132,6 +132,9 @@ m4_define([FWD_START_TEST], [ + + m4_define([FWD_END_TEST], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ ++ IF_IPV6_SUPPORTED([], [ ++ sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log ++ ]) + if test x"$1" != x"ignore"; then + if test -n "$1"; then + sed -i $1 ./firewalld.log +-- +2.20.1 + diff --git a/SOURCES/0049-fix-tests-guard-occurrences-of-IPv6.patch b/SOURCES/0049-fix-tests-guard-occurrences-of-IPv6.patch new file mode 100644 index 0000000..f163bb7 --- /dev/null +++ b/SOURCES/0049-fix-tests-guard-occurrences-of-IPv6.patch @@ -0,0 +1,242 @@ +From 0921f0adac5fb1e880b506a31cb2ac37b6409a43 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 13 May 2019 14:00:21 -0400 +Subject: [PATCH 49/73] fix: tests: guard occurrences of IPv6 + +Since we can run without IPv6 support we need to skip test areas that +explicitly use IPv6. + +(cherry picked from commit bcb33e448abbf3a2a3a8721c257ad48bfc18dd9d) +(cherry picked from commit 9344ff8c7ce3e55a2296ca3d565b51d9a52065c4) +--- + src/tests/firewall-cmd.at | 30 +++++++++++++++++++++++++---- + src/tests/regression/gh335.at | 6 ++++++ + src/tests/regression/rhbz1594657.at | 2 ++ + 3 files changed, 34 insertions(+), 4 deletions(-) + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index bcbfe9639ef1..a3844151aeb3 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -199,8 +199,10 @@ sources: $1 + + check_zone_source([1.2.3.4]) + check_zone_source([192.168.1.0/24]) ++ IF_IPV6_SUPPORTED([ + check_zone_source([3ffe:501:ffff::/64]) + check_zone_source([dead:beef::babe]) ++ ]) + + m4_undefine([check_zone_source]) + +@@ -292,10 +294,12 @@ FWD_START_TEST([user services]) + FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address + FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore) + FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore) ++ IF_IPV6_SUPPORTED([ + FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) + FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) + FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore) + FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 1, ignore) ++ ]) + + FWD_CHECK([--permanent --zone=public --add-service=foobar], 0, ignore) + FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore) +@@ -447,10 +451,12 @@ FWD_START_TEST([forward ports]) + FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) + FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) + FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) ++ IF_IPV6_SUPPORTED([ + FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) + FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) + FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) + FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) ++ ]) + FWD_CHECK([--add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) + FWD_CHECK([--query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) + FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) +@@ -473,10 +479,12 @@ FWD_START_TEST([forward ports]) + FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) + FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) + FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) ++ IF_IPV6_SUPPORTED([ + FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) + FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) + FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) + FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) ++ ]) + FWD_CHECK([--permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) + FWD_CHECK([--permanent --query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) + FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) +@@ -592,12 +600,14 @@ FWD_START_TEST([ipset]) + FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) + FWD_RELOAD + ++ IF_IPV6_SUPPORTED([ + FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore) + FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore) + FWD_RELOAD + FWD_CHECK([--ipset=foobar --add-entry=12:34:56:78:90:ac], 0, ignore) + FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) + FWD_RELOAD ++ ]) + FWD_END_TEST([-e '/ERROR: INVALID_ENTRY: invalid address/d']) + + FWD_START_TEST([user helpers]) +@@ -733,11 +743,13 @@ FWD_START_TEST([direct passthrough]) + FWD_CHECK([--direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) + FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 1, ignore, ignore) + ++ m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl + FWD_CHECK([--direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore) + FWD_CHECK([--direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64"], 0, ignore) + FWD_CHECK([--direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64"], 0, ignore) + FWD_CHECK([--direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64"], 0, ignore) + FWD_CHECK([--direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore, ignore) ++ ]) + + FWD_CHECK([--direct --passthrough ipv5 -nvL], 111, ignore, ignore) + FWD_CHECK([--direct --passthrough ipv4], 2, ignore, ignore) +@@ -868,21 +880,25 @@ FWD_START_TEST([rich rules good]) + rich_rule_test([rule protocol value="sctp" log]) + rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept]) + rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop]) ++ IF_IPV6_SUPPORTED([ + rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"]) + rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop]) + rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"]) ++ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"]) ++ rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept]) ++ rich_rule_test([rule family="ipv6" masquerade]) ++ ]) + rich_rule_test([rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"]) + rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"]) +- rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"]) + rich_rule_test([rule family="ipv4" source address="192.168.1.0/24" masquerade]) + rich_rule_test([rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept]) +- rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept]) + rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade]) +- rich_rule_test([rule family="ipv6" masquerade]) + rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"]) + rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"]) ++ IF_IPV6_SUPPORTED([ + rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) + rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) ++ ]) + rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) + FWD_END_TEST + FWD_START_TEST([rich rules audit]) +@@ -897,7 +913,6 @@ FWD_START_TEST([rich rules bad]) + FWD_CHECK([--permanent --add-rich-rule='$1'], $2, ignore, ignore) + ]) + rich_rule_test([], 122) dnl empty +- rich_rule_test([family="ipv6" accept], 122) dnl no rule + rich_rule_test([name="dns" accept], 122) dnl no rule + rich_rule_test([protocol value="ah" reject], 122) dnl no rule + rich_rule_test([rule protocol value="ah" reject type="icmp-host-prohibited"], 122) dnl reject type needs specific family +@@ -911,8 +926,11 @@ FWD_START_TEST([rich rules bad]) + rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port + rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute + rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level ++ IF_IPV6_SUPPORTED([ ++ rich_rule_test([family="ipv6" accept], 122) dnl no rule + rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family + rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit ++ ]) + rich_rule_test([rule protocol value="esp"], 122) dnl no action/log/audit + rich_rule_test([rule family="ipv4" masquerade drop], 122) dnl masquerade & action + rich_rule_test([rule family="ipv4" icmp-block name="redirect" accept], 122) dnl icmp-block & action +@@ -1029,6 +1047,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90' + ]) + FWD_CHECK([--check-config], 111, ignore, ignore) + ++ IF_IPV6_SUPPORTED([ + AT_DATA([./helpers/foobar.xml], [dnl + + +@@ -1036,6 +1055,7 @@ WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90' + + ]) + FWD_CHECK([--check-config], 103, ignore, ignore) ++ ]) + AT_CHECK([rm ./helpers/foobar.xml]) + + dnl icmptype +@@ -1278,6 +1298,7 @@ WARNING: Invalid rule: Invalid log level + ]) + FWD_CHECK([--check-config], 28, ignore, ignore) + ++ IF_IPV6_SUPPORTED([ + AT_DATA([./zones/foobar.xml], [dnl + + +@@ -1292,6 +1313,7 @@ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl + WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept + WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept + ])]) ++ ]) + AT_CHECK([rm ./zones/foobar.xml]) + + FWD_END_TEST([-e '/ERROR:/d'dnl +diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at +index 901e2fa04f69..54cc4c66e163 100644 +--- a/src/tests/regression/gh335.at ++++ b/src/tests/regression/gh335.at +@@ -7,12 +7,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + FWD_RELOAD + ++IF_IPV6_SUPPORTED([ + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) + FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"]) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) + FWD_RELOAD ++]) + + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) +@@ -21,12 +23,14 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignor + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + FWD_RELOAD + ++IF_IPV6_SUPPORTED([ + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) + FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"']) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) + FWD_RELOAD ++]) + + dnl following tests should _not_ enable IP forwarding + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) +@@ -40,8 +44,10 @@ FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protoc + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + ++IF_IPV6_SUPPORTED([ + FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"']) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) ++]) + + FWD_END_TEST +diff --git a/src/tests/regression/rhbz1594657.at b/src/tests/regression/rhbz1594657.at +index c01a34012875..33b7bafe6b08 100644 +--- a/src/tests/regression/rhbz1594657.at ++++ b/src/tests/regression/rhbz1594657.at +@@ -6,7 +6,9 @@ FWD_CHECK([--direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT], 13, + FWD_CHECK([--direct --passthrough ipv4 -t filter -L dummy_chain], 13, [ignore], [ignore]) + FWD_CHECK([--direct --passthrough ipv4 -t filter -L INPUT], 0, [ignore]) + ++m4_if(yes, HOST_SUPPORTS_IP6TABLES, [dnl + FWD_CHECK([--direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore]) + FWD_CHECK([--direct --passthrough ipv6 -t filter -L dummy_chain], 13, [ignore], [ignore]) + FWD_CHECK([--direct --passthrough ipv6 -t filter -L INPUT], 0, [ignore]) ++]) + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0049-fix-tests-regression-rhbz1723610-better-coverage.patch b/SOURCES/0049-fix-tests-regression-rhbz1723610-better-coverage.patch deleted file mode 100644 index 315b53a..0000000 --- a/SOURCES/0049-fix-tests-regression-rhbz1723610-better-coverage.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2c7f33521ce980647978e46e490cb776befc27c3 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Fri, 30 Aug 2019 13:58:54 -0400 -Subject: [PATCH 49/50] fix: tests/regression/rhbz1723610: better coverage - -Add more coverage to make sure all rules in the given chain are deleted. - -(cherry picked from commit 0220c8584512328104bfc816c2daaee2059f6a21) -(cherry picked from commit a40aa5094387e457cfd4a789ef805dac46132b6e) ---- - src/tests/regression/rhbz1723610.at | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at -index 35feed2bda9f..70eb226cb6df 100644 ---- a/src/tests/regression/rhbz1723610.at -+++ b/src/tests/regression/rhbz1723610.at -@@ -2,15 +2,21 @@ FWD_START_TEST([direct remove-rules per family]) - AT_KEYWORDS(direct rhbz1723610 gh385) - - FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) -+FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) -+FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl - ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT - ]) - FWD_RELOAD - FWD_CHECK([--direct --get-all-rules], 0, [dnl - ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT -+ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT - ]) - --FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter input]) -+FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter INPUT]) - FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) - FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl - ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --- -2.23.0 - diff --git a/SOURCES/0050-fix-tests-regression-rhbz1723610-make-deterministic.patch b/SOURCES/0050-fix-tests-regression-rhbz1723610-make-deterministic.patch deleted file mode 100644 index 306bee6..0000000 --- a/SOURCES/0050-fix-tests-regression-rhbz1723610-make-deterministic.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 7c06edce03bcf408a4aa6a9d64b17dafcb951224 Mon Sep 17 00:00:00 2001 -From: Eric Garver -Date: Tue, 3 Sep 2019 12:57:29 -0400 -Subject: [PATCH 50/50] fix: tests/regression/rhbz1723610: make deterministic - -Use --query-rule. The --get-all-rules output is not necessarily in any -defined order. - -Fixes: 0220c8584512 ("fix: tests/regression/rhbz1723610: better coverage") -(cherry picked from commit 441a4ef405b869b4c68bbbac21f001814578df08) -(cherry picked from commit 3a634eb266f60bc8419f5e3d37abd425e2d4dff5) ---- - src/tests/regression/rhbz1723610.at | 35 +++++++++++++---------------- - 1 file changed, 16 insertions(+), 19 deletions(-) - -diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at -index 70eb226cb6df..0d0810cc8623 100644 ---- a/src/tests/regression/rhbz1723610.at -+++ b/src/tests/regression/rhbz1723610.at -@@ -4,31 +4,28 @@ AT_KEYWORDS(direct rhbz1723610 gh385) - FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT]) --FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl --ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT --]) -+FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) - FWD_RELOAD --FWD_CHECK([--direct --get-all-rules], 0, [dnl --ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT --]) -+FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) - - FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter INPUT]) - FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) --FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl --ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --]) -+FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) -+FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) - FWD_RELOAD --FWD_CHECK([--direct --get-all-rules], 0, [dnl --ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT --]) -+FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) - FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) - FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) --FWD_CHECK([--direct --get-all-rules], 0, [dnl --ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT --]) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT], 0) -+FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) -+FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) - - FWD_END_TEST --- -2.23.0 - diff --git a/SOURCES/0050-improvement-tests-Use-AT_KEYWORDS-for-backends.patch b/SOURCES/0050-improvement-tests-Use-AT_KEYWORDS-for-backends.patch new file mode 100644 index 0000000..2b5e2f4 --- /dev/null +++ b/SOURCES/0050-improvement-tests-Use-AT_KEYWORDS-for-backends.patch @@ -0,0 +1,33 @@ +From 102cc23034b595f6c02424f8a1ecb8b2df9f7aa0 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 12 Apr 2019 13:31:28 -0400 +Subject: [PATCH 50/73] improvement: tests: Use AT_KEYWORDS for backends + +This allows + + # make check TESTSUITEFLAGS="-k nftables" + +to test only the nftables backend. + +(cherry picked from commit 98b3dab053c7b8c0dd9bb3b9e31eaba919f0c666) +(cherry picked from commit 675fb78d629e499a27ba7b3a4301e828a990099f) +--- + src/tests/functions.at | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 6cd4878a9f03..161c66bea961 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -60,6 +60,8 @@ m4_define([FWD_START_TEST], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ + m4_define_default([FIREWALL_BACKEND], [nftables]) + ++ AT_KEYWORDS(FIREWALL_BACKEND) ++ + dnl don't unload modules or bother cleaning up, the namespace will be deleted + AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf]) + +-- +2.20.1 + diff --git a/SOURCES/0051-chore-tests-add-AT_KEYWORDS-for-firewall-offline-cmd.patch b/SOURCES/0051-chore-tests-add-AT_KEYWORDS-for-firewall-offline-cmd.patch new file mode 100644 index 0000000..9a23349 --- /dev/null +++ b/SOURCES/0051-chore-tests-add-AT_KEYWORDS-for-firewall-offline-cmd.patch @@ -0,0 +1,31 @@ +From b93b267060215178b928d2dce61ed3cdc1615298 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 16 Apr 2019 16:36:56 -0400 +Subject: [PATCH 51/73] chore: tests: add AT_KEYWORDS for firewall-offline-cmd + +We use the "offline" keyword. + +(cherry picked from commit 2d7fc9b9f42fc451769e63b44a6b97a0977fa794) +(cherry picked from commit 59b396b4da4ce580967e2175966fe04d0c5d8b3c) +--- + src/tests/functions.at | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 161c66bea961..4edc484ca402 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -57,7 +57,9 @@ m4_define([FWD_START_TEST], [ + AT_CHECK([if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi]) + fi + +- m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ ++ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ ++ AT_KEYWORDS(offline) ++ ], [ + m4_define_default([FIREWALL_BACKEND], [nftables]) + + AT_KEYWORDS(FIREWALL_BACKEND) +-- +2.20.1 + diff --git a/SOURCES/0052-chore-travis-split-test-matrix-by-keywords.patch b/SOURCES/0052-chore-travis-split-test-matrix-by-keywords.patch new file mode 100644 index 0000000..8dbba76 --- /dev/null +++ b/SOURCES/0052-chore-travis-split-test-matrix-by-keywords.patch @@ -0,0 +1,46 @@ +From 548ae4d0fe1484749560fcfa1f1d48bf339adb66 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 16 Apr 2019 16:43:29 -0400 +Subject: [PATCH 52/73] chore: travis: split test matrix by keywords + +This will cause the tests to be split up and each VM will run for less +time. This effectively decreases the CI time by running more in +parallel. + +(cherry picked from commit a833a4228fd14f78bb4320427b63ac51f84760f6) +(cherry picked from commit d357dd0fb904a1a4f31b329cb7dd1c4b41035661) +--- + .travis.yml | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/.travis.yml b/.travis.yml +index d5743e5c4ef6..e3410857599b 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -12,6 +12,13 @@ python: + - "2.7" + - "3.4" + ++# Use keywords to split the tests into smaller groups and therefore decrease ++# the time CI takes to run. ++env: ++ - TESTSUITEFLAGS="-k offline -j3" ++ - TESTSUITEFLAGS="-k nftables -j3" ++ - TESTSUITEFLAGS="-k iptables -j3" ++ + # Install necessary dependencies + before_install: + - sudo apt-get update -qq +@@ -52,7 +59,8 @@ script: + # Do a parallel build to spot potential dependency problems. + # No ebtables-restore in ubuntu 14.04 + - ./autogen.sh --with-ebtables-restore=/bin/false --sysconfdir=/etc && make -j32 +- - sudo env PATH="$PATH" make check TESTSUITEFLAGS="-j3" || ++ # Note: TESTSUITEFLAGS implicit from env above ++ - sudo env PATH="$PATH" make check || + sudo env PATH="$PATH" make check TESTSUITEFLAGS="--recheck --errexit -v -d" + + # uncomment to add IRC notifications +-- +2.20.1 + diff --git a/SOURCES/0053-test-travis-add-another-test-matrix-for-omitting-ip6.patch b/SOURCES/0053-test-travis-add-another-test-matrix-for-omitting-ip6.patch new file mode 100644 index 0000000..ac6be67 --- /dev/null +++ b/SOURCES/0053-test-travis-add-another-test-matrix-for-omitting-ip6.patch @@ -0,0 +1,31 @@ +From a6b043700abf15ff2c091e1669c2d76f345dad5c Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 13 May 2019 10:06:08 -0400 +Subject: [PATCH 53/73] test: travis: add another test matrix for omitting + ip6tables + +Users often run in environments with no ip6tables support. Let's add +this scenario to our CI matrix. + +(cherry picked from commit 00874143ea54f99a048e318dc1aae05141c59fe6) +(cherry picked from commit 1b206091af3830e5f1a6334a0e2b3e928f4c7d0a) +--- + .travis.yml | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/.travis.yml b/.travis.yml +index e3410857599b..71c3b9b7d4d1 100644 +--- a/.travis.yml ++++ b/.travis.yml +@@ -18,6 +18,8 @@ env: + - TESTSUITEFLAGS="-k offline -j3" + - TESTSUITEFLAGS="-k nftables -j3" + - TESTSUITEFLAGS="-k iptables -j3" ++ - TESTSUITEFLAGS="-k iptables -j3" ++ IP6TABLES="/bin/false" IP6TABLES_RESTORE="/bin/false" + + # Install necessary dependencies + before_install: +-- +2.20.1 + diff --git a/SOURCES/0054-treewide-fix-over-indentation-flake8-E117.patch b/SOURCES/0054-treewide-fix-over-indentation-flake8-E117.patch new file mode 100644 index 0000000..cdada0a --- /dev/null +++ b/SOURCES/0054-treewide-fix-over-indentation-flake8-E117.patch @@ -0,0 +1,43 @@ +From c20bf465f4689634d66fb157b5f52ecc15720e4c Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 31 Jan 2019 09:19:44 -0500 +Subject: [PATCH 54/73] treewide: fix over indentation (flake8 E117) + +(cherry picked from commit 161cdae8c1391bed05c70018ff24fe2e29ddc9b8) +(cherry picked from commit 3bf261aa9a312f65040810338f0efdb9ff9bc5af) +--- + src/firewall-config.in | 4 ++-- + src/firewall/functions.py | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/firewall-config.in b/src/firewall-config.in +index c19541b0ce82..0bb7b05abdad 100755 +--- a/src/firewall-config.in ++++ b/src/firewall-config.in +@@ -1628,8 +1628,8 @@ class FirewallConfig(object): + + def connection_changed(self): + if self.connection_timer: +- GLib.source_remove(self.connection_timer) +- self.connection_timer = None ++ GLib.source_remove(self.connection_timer) ++ self.connection_timer = None + if self.fw.connected: + self.fw.authorizeAll() + self.statusLabel.set_text(self.connected_label) +diff --git a/src/firewall/functions.py b/src/firewall/functions.py +index eb67ec4b73bb..5f54a59204b8 100644 +--- a/src/firewall/functions.py ++++ b/src/firewall/functions.py +@@ -148,7 +148,7 @@ def portInPortRange(port, range): + return _port == getPortID(_range[0]) + if len(_range) == 2 and \ + _port >= getPortID(_range[0]) and _port <= getPortID(_range[1]): +- return True ++ return True + + return False + +-- +2.20.1 + diff --git a/SOURCES/0055-chore-update-translations.patch b/SOURCES/0055-chore-update-translations.patch new file mode 100644 index 0000000..10fe364 --- /dev/null +++ b/SOURCES/0055-chore-update-translations.patch @@ -0,0 +1,9548 @@ +From 5f6a650636ebd3ade24ecbb111b1f9023ddabaf2 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 17 May 2019 12:53:33 -0400 +Subject: [PATCH 55/73] chore: update translations + +(cherry picked from commit f481e02e211fbb67b3ef7424913b6aa0e52f610c) +--- + po/ar.po | 46 +++++---- + po/as.po | 178 +++++++++++++++------------------ + po/bg.po | 20 ++-- + po/bn_IN.po | 182 +++++++++++++++------------------- + po/ca.po | 32 +++--- + po/cs.po | 29 +++--- + po/da.po | 23 ++--- + po/de.po | 35 ++++--- + po/el.po | 20 ++-- + po/en_GB.po | 23 +++-- + po/en_US.po | 2 +- + po/es.po | 36 ++++--- + po/et.po | 20 ++-- + po/eu.po | 20 ++-- + po/fi.po | 29 +++--- + po/fr.po | 29 +++--- + po/gl.po | 20 ++-- + po/gu.po | 164 ++++++++++++++---------------- + po/hi.po | 159 ++++++++++++++---------------- + po/hu.po | 30 +++--- + po/ia.po | 20 ++-- + po/id.po | 18 ++-- + po/it.po | 38 ++++--- + po/ja.po | 263 ++++++++++++++++++++++++++++++++----------------- + po/ka.po | 20 ++-- + po/kn.po | 191 +++++++++++++++++------------------ + po/ko.po | 212 ++++++++++++++++++++++++--------------- + po/lt.po | 28 +++--- + po/ml.po | 218 +++++++++++++++++----------------------- + po/mr.po | 172 +++++++++++++++----------------- + po/nl.po | 28 +++--- + po/or.po | 193 ++++++++++++++++-------------------- + po/pa.po | 160 ++++++++++++++---------------- + po/pl.po | 31 +++--- + po/pt.po | 23 +++-- + po/pt_BR.po | 33 +++---- + po/ru.po | 27 +++-- + po/sk.po | 21 ++-- + po/sq.po | 18 ++-- + po/sr.po | 29 +++--- + po/sr@latin.po | 25 +++-- + po/sv.po | 21 ++-- + po/ta.po | 197 +++++++++++++++++------------------- + po/te.po | 187 +++++++++++++++-------------------- + po/tr.po | 30 +++--- + po/uk.po | 49 +++++---- + po/zh_CN.po | 145 +++++++++++++++++---------- + po/zh_TW.po | 150 ++++++++++++++++++---------- + 48 files changed, 1806 insertions(+), 1838 deletions(-) + +diff --git a/po/ar.po b/po/ar.po +index 208a992375f3..5636041a056a 100644 +--- a/po/ar.po ++++ b/po/ar.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Abdalrahim Fakhouri , 2010 + # Abdalrahim Fakhouri , 2010 +@@ -17,15 +17,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:20+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Arabic (http://www.transifex.com/projects/p/firewalld/" + "language/ar/)\n" + "Language: ar\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " + "&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" + "X-Generator: Zanata 4.6.2\n" +@@ -211,8 +211,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "المنطقة '{zone}' نشطة للاتصال '{connection}' في الواجهة '{interface}'" + + #: ../src/firewall-applet.in:892 +@@ -655,7 +654,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "تعد إعادة التوجيه إلى نظام آخر مفيدة فقط إذا كانت الواجهة متنكرة.\n" +@@ -689,7 +689,8 @@ msgstr "الرجاء إدخال عنوان ipv4 أو ipv6 بعنوان نموذ + msgid "" + "The mask can be a network mask or a number for ipv4.\n" + "The mask is a number for ipv6." +-msgstr "قد يكون القناع، قناع شبكة أو رقمًا لـ ipv4.\n" ++msgstr "" ++"قد يكون القناع، قناع شبكة أو رقمًا لـ ipv4.\n" + "القناع رقم لـ ipv6." + + #: ../src/firewall-config.in:5776 +@@ -1181,9 +1182,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"يسمح لك التقنيع أن تعدّ مضيفاً أو موجّهاً ليوصل شبكتك المحلّية بالشبكة " +-"العالميّة. ستظهر جميع الأجهزة على هذه الشبكة كعنوان واحد على الإنترنت. " +-"التقنيع لـIPv4 فقط." ++"يسمح لك التقنيع أن تعدّ مضيفاً أو موجّهاً ليوصل شبكتك المحلّية بالشبكة العالميّة. " ++"ستظهر جميع الأجهزة على هذه الشبكة كعنوان واحد على الإنترنت. التقنيع لـIPv4 " ++"فقط." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1236,8 +1237,8 @@ msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"علّم أنواع ICMP التي سترفض في القائمة. كلّ أنواع ICMP الأخرى سيسمح لها " +-"بالمرور عبر الجدار الناريّ. المبدئيّ هو عدم وجود قيود." ++"علّم أنواع ICMP التي سترفض في القائمة. كلّ أنواع ICMP الأخرى سيسمح لها بالمرور " ++"عبر الجدار الناريّ. المبدئيّ هو عدم وجود قيود." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1365,7 +1366,6 @@ msgid "" + "all hosts or networks." + msgstr "" + "إضافة منافذ مصادر أو نطاقات منافذ يجب الوصول إليها من كل المضيفين أو الشبكات." +-"" + + #: ../src/firewall-config.glade.h:147 + msgid "Source Port" +@@ -1402,7 +1402,6 @@ msgid "" + "runtime configuration of services is fixed." + msgstr "" + "لا يمكن تغيير الخدمات إلا في عرض التكوين الدائم. تكوين وقت تشغيل الخدمة ثابت." +-"" + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1522,10 +1521,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"يوفر التكوين المباشر وصولاً أكثر مباشرة إلى الجدار الناري. تتطلب هذه " +-"الخيارات من المستخدم معرفة مفاهيم iptables الأساسية وهي الجداول والسلاسل " +-"والأوامر والمعلمات والأهداف. يجب استخدام التكوين المباشر كملاذ أخير فقط " +-"عندما لا يمكن استخدام ميزات firewalld الأخرى." ++"يوفر التكوين المباشر وصولاً أكثر مباشرة إلى الجدار الناري. تتطلب هذه الخيارات " ++"من المستخدم معرفة مفاهيم iptables الأساسية وهي الجداول والسلاسل والأوامر " ++"والمعلمات والأهداف. يجب استخدام التكوين المباشر كملاذ أخير فقط عندما لا يمكن " ++"استخدام ميزات firewalld الأخرى." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1603,8 +1602,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"الرجاء الحذر في التعامل مع قاعد المرور حتى لا يتم تدمير الجدار الناري." ++msgstr "الرجاء الحذر في التعامل مع قاعد المرور حتى لا يتم تدمير الجدار الناري." + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1907,8 +1905,8 @@ msgstr "معكوس" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "لتمكين هذا، يجب أن يكون الإجراء 'رفض' والعائلة إما 'ipv4' أو 'ipv6' (ليس " + "كلاهما)" +diff --git a/po/as.po b/po/as.po +index f26b59c83d99..dc5f69898d8c 100644 +--- a/po/as.po ++++ b/po/as.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Amitakhya Phukan , 2006 + # Amitakhya Phukan , 2007-2010 +@@ -13,15 +13,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:15+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Assamese (http://www.transifex.com/projects/p/firewalld/" + "language/as/)\n" + "Language: as\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -74,17 +74,15 @@ msgstr "শিল্ড আপ/ডাউন অঞ্চলবোৰ সংৰ + + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." +-msgstr "" +-"ইয়াত আপুনি শিল্ড আপ আৰু শিল্ড ডাউনৰ বাবে ব্যৱহৃত অঞ্চলবোৰ বাছিব পাৰিব।" ++msgstr "ইয়াত আপুনি শিল্ড আপ আৰু শিল্ড ডাউনৰ বাবে ব্যৱহৃত অঞ্চলবোৰ বাছিব পাৰিব।" + + #: ../src/firewall-applet.in:226 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"এই বৈশিষ্ট্য অবিকল্পিত অঞ্চলবোৰ ব্যৱহাৰ কৰা লোকৰ বাবে উপযোগী। " +-"ব্যৱহাৰকাৰীসকল, যিসকলে সংযোগসমূহৰ অঞ্চলসমূহ পৰিবৰ্তন কৰি আছে, ইয়াৰ ব্যৱহাৰ " +-"সীমিত হব।" ++"এই বৈশিষ্ট্য অবিকল্পিত অঞ্চলবোৰ ব্যৱহাৰ কৰা লোকৰ বাবে উপযোগী। ব্যৱহাৰকাৰীসকল, " ++"যিসকলে সংযোগসমূহৰ অঞ্চলসমূহ পৰিবৰ্তন কৰি আছে, ইয়াৰ ব্যৱহাৰ সীমিত হব।" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -206,8 +204,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে সক্ৰিয় অঞ্চল '{zone}'" + +@@ -263,13 +260,12 @@ msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে অঞ্চল '{zone}' " +-"{activated_deactivated}" ++"আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে অঞ্চল " ++"'{zone}' {activated_deactivated}" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +-msgstr "" +-"আন্তঃপৃষ্ঠ '{interface}' ৰ বাবে অঞ্চল '{zone}' {activated_deactivated}" ++msgstr "আন্তঃপৃষ্ঠ '{interface}' ৰ বাবে অঞ্চল '{zone}' {activated_deactivated}" + + #: ../src/firewall-applet.in:1070 + #, c-format +@@ -648,11 +644,12 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" +-"অন্য চিস্টেমলৈ ফৰৱাৰ্ড কৰাটো কেৱল তেতিয়াহে লাভদায়ক যেতিয়া আন্তঃপৃষ্ঠ " +-"মাস্কুৰেডেড থাকে।\n" ++"অন্য চিস্টেমলৈ ফৰৱাৰ্ড কৰাটো কেৱল তেতিয়াহে লাভদায়ক যেতিয়া আন্তঃপৃষ্ঠ মাস্কুৰেডেড " ++"থাকে।\n" + "আপুনি এই অঞ্চলটো মাস্কুৰেড কৰিব বিচাৰে নে?" + + #: ../src/firewall-config.in:5376 +@@ -837,8 +834,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"স্থানীয় ভাবে আগবঢ়োৱা সক্ৰিয় কৰিলে, আপুনি এটা প'ৰ্ট নিৰ্ধাৰিত কৰিব লাগিব ।এই " +-"প'ৰ্ট উৎসৰ প'ৰ্টৰ পৰা বেলেগ হ'ব লাগি ব ।" ++"স্থানীয় ভাবে আগবঢ়োৱা সক্ৰিয় কৰিলে, আপুনি এটা প'ৰ্ট নিৰ্ধাৰিত কৰিব লাগিব ।এই প'ৰ্ট " ++"উৎসৰ প'ৰ্টৰ পৰা বেলেগ হ'ব লাগি ব ।" + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -946,9 +943,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ফায়াৰৱাল নিয়মসমূহ পুনৰ ল'ড কৰে। বৰ্তমান চলনসময় সংৰূপ নতুন চলনসময় অংৰূপ হ'ব, " +-"অৰ্থাত পুনৰ ল'ড হোৱালৈ সকলো কেৱল চলনসময় পৰিবৰ্তনসমূহ পুনৰ ল'ডৰ সৈতে নহোৱা হব " +-"যদি সিহতো স্থায়ী সংৰূপত নাথাকিল হেতেন।" ++"ফায়াৰৱাল নিয়মসমূহ পুনৰ ল'ড কৰে। বৰ্তমান চলনসময় সংৰূপ নতুন চলনসময় অংৰূপ হ'ব, অৰ্থাত " ++"পুনৰ ল'ড হোৱালৈ সকলো কেৱল চলনসময় পৰিবৰ্তনসমূহ পুনৰ ল'ডৰ সৈতে নহোৱা হব যদি সিহতো " ++"স্থায়ী সংৰূপত নাথাকিল হেতেন।" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -980,8 +977,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +-msgstr "" +-"পেনিক অৱস্থাৰ অৰ্থ সকলো অন্তৰগামী আৰু বহিৰ্গামী পেকেটসমূহ ড্ৰপ কৰা হব।" ++msgstr "পেনিক অৱস্থাৰ অৰ্থ সকলো অন্তৰগামী আৰু বহিৰ্গামী পেকেটসমূহ ড্ৰপ কৰা হব।" + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -992,8 +988,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"লকডাউনে ফায়াৰৱাল সংৰূপ লক কৰে যাতে কেৱল লকডাউন হোৱাইটলিস্টত থকা " +-"এপ্লিকেচনসমূহে ইয়াক পৰিবৰ্তন কৰিব পাৰে।" ++"লকডাউনে ফায়াৰৱাল সংৰূপ লক কৰে যাতে কেৱল লকডাউন হোৱাইটলিস্টত থকা এপ্লিকেচনসমূহে " ++"ইয়াক পৰিবৰ্তন কৰিব পাৰে।" + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1067,8 +1063,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"বৰ্তমানে দৃশ্য সংৰূপ। চলনসময় সংৰূপ হল প্ৰকৃত সক্ৰিয় সংৰূপ। স্থায়ী সংৰূপ " +-"সেৱাৰ পিছত অথবা চিস্টেম পুনৰ ল'ড অথবা পুনাৰম্ভৰ পিছত সক্ৰিয় হব।" ++"বৰ্তমানে দৃশ্য সংৰূপ। চলনসময় সংৰূপ হল প্ৰকৃত সক্ৰিয় সংৰূপ। স্থায়ী সংৰূপ সেৱাৰ পিছত অথবা " ++"চিস্টেম পুনৰ ল'ড অথবা পুনাৰম্ভৰ পিছত সক্ৰিয় হব।" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1078,11 +1074,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"এটা firewalld অঞ্চলে নেটৱাৰ্ক সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু অঞ্চলৰ সৈতে " +-"সংযুক্ত উৎস ঠিকনাসমূহৰ বাবে ভৰষাৰ স্তৰৰ বিৱৰণ দিয়ে। অঞ্চলে সেৱাসমূহ, " +-"পৰ্টসমূহ, প্ৰটোকলসমূহ, ছদ্মবেশ, পৰ্ট/পেকেট ফৰৱাৰ্ডিং, icmp, ফিল্টাৰসমূহ আৰু " +-"সমৃদ্ধ নিয়মসমূহ একত্ৰিত কৰে। অঞ্চলক আন্তঃপৃষ্ঠসমূহ আৰু উৎস ঠিকনাসমূহলৈ " +-"সংযুক্ত কৰিব পাৰি।" ++"এটা firewalld অঞ্চলে নেটৱাৰ্ক সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু অঞ্চলৰ সৈতে সংযুক্ত উৎস " ++"ঠিকনাসমূহৰ বাবে ভৰষাৰ স্তৰৰ বিৱৰণ দিয়ে। অঞ্চলে সেৱাসমূহ, পৰ্টসমূহ, প্ৰটোকলসমূহ, " ++"ছদ্মবেশ, পৰ্ট/পেকেট ফৰৱাৰ্ডিং, icmp, ফিল্টাৰসমূহ আৰু সমৃদ্ধ নিয়মসমূহ একত্ৰিত কৰে। " ++"অঞ্চলক আন্তঃপৃষ্ঠসমূহ আৰু উৎস ঠিকনাসমূহলৈ সংযুক্ত কৰিব পাৰি।" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1107,9 +1102,8 @@ msgid "" + "connections, interfaces and sources bound to this zone." + msgstr "" + "ইয়াত আপুনি বিৱৰণ দিব পাৰিব কোন সেৱাসমূহ অঞ্চলত ভৰষা কৰিব পাৰি। সকলো হস্ট আৰু " +-"নেটৱাৰ্কসমূহ যিসমূহে মেনিচক এই অঞ্চলৰ সৈতে সংযুক্ত সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ " +-"আৰু উৎসসমূহৰ পৰা প্ৰাপ্ত কৰিব পাৰে সেইসমূহে ভৰষাবান সেৱাসমূহ অভিগম কৰিব " +-"পাৰে।" ++"নেটৱাৰ্কসমূহ যিসমূহে মেনিচক এই অঞ্চলৰ সৈতে সংযুক্ত সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু উৎসসমূহৰ " ++"পৰা প্ৰাপ্ত কৰিব পাৰে সেইসমূহে ভৰষাবান সেৱাসমূহ অভিগম কৰিব পাৰে।" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1120,8 +1114,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"অতিৰিক্ত পৰ্ট অথবা পৰ্ট বিস্তাৰসমূহ যোগ কৰক, যি মেচিনৰ সৈতে সংযোগ কৰিব পৰা " +-"সকলো হস্ট অথবা নেটৱাৰ্কৰ বাবে অভিগম্য হব লাগে।" ++"অতিৰিক্ত পৰ্ট অথবা পৰ্ট বিস্তাৰসমূহ যোগ কৰক, যি মেচিনৰ সৈতে সংযোগ কৰিব পৰা সকলো " ++"হস্ট অথবা নেটৱাৰ্কৰ বাবে অভিগম্য হব লাগে।" + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1175,10 +1169,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"স্থানীয় নেটৱৰ্ক, ইন্টাৰনেটেৰ সৈতে সংযুক্ত কৰাৰ বাবে গৃহস্থ অথবা ৰাউটাৰ " +-"প্ৰস্তুতিৰ সময় Masquerading সহয়াক । আপোনাৰ স্থানীয় নেটৱৰ্ক প্ৰকাশিত নহ'ব আৰু " +-"ইন্টাৰনেটে এটা গৃহস্থ ৰূপে প্ৰস্তুত কৰা হ'ব । Masquerading অকল IPv4-ৰ " +-"ক্ষেত্ৰত প্ৰযোজ্য ।" ++"স্থানীয় নেটৱৰ্ক, ইন্টাৰনেটেৰ সৈতে সংযুক্ত কৰাৰ বাবে গৃহস্থ অথবা ৰাউটাৰ প্ৰস্তুতিৰ সময় " ++"Masquerading সহয়াক । আপোনাৰ স্থানীয় নেটৱৰ্ক প্ৰকাশিত নহ'ব আৰু ইন্টাৰনেটে এটা গৃহস্থ " ++"ৰূপে প্ৰস্তুত কৰা হ'ব । Masquerading অকল IPv4-ৰ ক্ষেত্ৰত প্ৰযোজ্য ।" + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1203,9 +1196,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ফৰৱাৰ্ড পৰ্টসমূহলৈ প্ৰৱিষ্টি স্থানীয় চিস্টেমত অথবা স্থানীয় চিস্টেমৰ পৰা অন্য " +-"চিস্টেমলৈ এটা পৰ্টৰ পৰা অন্যলৈ যোগ কৰক। আন্তঃপৃষ্ঠ মাস্কুৰেইডেড থাকিলে অন্য " +-"চিস্টেমলৈ ফৰৱাৰ্ডিং উপযোগী হয়। পৰ্ট ফৰৱাৰ্ডিং কেৱল IPv4।" ++"ফৰৱাৰ্ড পৰ্টসমূহলৈ প্ৰৱিষ্টি স্থানীয় চিস্টেমত অথবা স্থানীয় চিস্টেমৰ পৰা অন্য চিস্টেমলৈ " ++"এটা পৰ্টৰ পৰা অন্যলৈ যোগ কৰক। আন্তঃপৃষ্ঠ মাস্কুৰেইডেড থাকিলে অন্য চিস্টেমলৈ ফৰৱাৰ্ডিং " ++"উপযোগী হয়। পৰ্ট ফৰৱাৰ্ডিং কেৱল IPv4।" + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1225,9 +1218,9 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল (ICMP) মূখ্যভাৱে নেটৱাৰ্ক কমপিউটাৰসমূহৰ " +-"মাজত ত্ৰুটি বাৰ্তাসমূহ পঠাবলৈ ব্যৱহাৰ কৰা হয়, কিন্তু অতিৰিক্তভাৱে তথ্যমূলক " +-"বাৰ্তাসমূহ যেনে ping অনুৰোধ আৰু উত্তৰৰ বাবেও ব্যৱহাৰ কৰা হয়।" ++"ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল (ICMP) মূখ্যভাৱে নেটৱাৰ্ক কমপিউটাৰসমূহৰ মাজত ত্ৰুটি " ++"বাৰ্তাসমূহ পঠাবলৈ ব্যৱহাৰ কৰা হয়, কিন্তু অতিৰিক্তভাৱে তথ্যমূলক বাৰ্তাসমূহ যেনে ping " ++"অনুৰোধ আৰু উত্তৰৰ বাবেও ব্যৱহাৰ কৰা হয়।" + + #: ../src/firewall-config.glade.h:117 + msgid "" +@@ -1276,9 +1269,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"অঞ্চলৰ সৈতে আন্তহপৃষ্ঠসমূহ সংযুক্ত কৰিবলৈ প্ৰৱিষ্টিসমূহ যোগ কৰক। যদি " +-"আন্তঃপৃষ্ঠক এটা সংযোগে ব্যৱহাৰ কৰিব, অঞ্চলক সংযোগত ধাৰ্য্য কৰা অঞ্চললৈ সংহতি " +-"কৰা হব।" ++"অঞ্চলৰ সৈতে আন্তহপৃষ্ঠসমূহ সংযুক্ত কৰিবলৈ প্ৰৱিষ্টিসমূহ যোগ কৰক। যদি আন্তঃপৃষ্ঠক এটা " ++"সংযোগে ব্যৱহাৰ কৰিব, অঞ্চলক সংযোগত ধাৰ্য্য কৰা অঞ্চললৈ সংহতি কৰা হব।" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1320,8 +1312,8 @@ msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." + msgstr "" +-"এটা firewalld সেৱা হল পৰ্টসমূহ, প্ৰটোকলসমূহ, মডিউলসমূহ আৰু গন্তব্য " +-"ঠিকনাসমূহৰ এটা সংযুক্তি।" ++"এটা firewalld সেৱা হল পৰ্টসমূহ, প্ৰটোকলসমূহ, মডিউলসমূহ আৰু গন্তব্য ঠিকনাসমূহৰ এটা " ++"সংযুক্তি।" + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1377,9 +1369,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"যদি আপুনি গন্তব্য ঠিকনাসমূহ ধাৰ্য্য কৰে, সেৱা প্ৰৱিষ্টি গন্তব্য ঠিকনা আৰু " +-"ধৰণলৈ সীমিত থাকিব। যদি দুয়োটা প্ৰৱিষ্টি ৰিক্ত থাকে, তেন্তে কোনো সীমা " +-"নাথাকিব।" ++"যদি আপুনি গন্তব্য ঠিকনাসমূহ ধাৰ্য্য কৰে, সেৱা প্ৰৱিষ্টি গন্তব্য ঠিকনা আৰু ধৰণলৈ সীমিত " ++"থাকিব। যদি দুয়োটা প্ৰৱিষ্টি ৰিক্ত থাকে, তেন্তে কোনো সীমা নাথাকিব।" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1394,8 +1385,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"সেৱাসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। সেৱাসমূহৰ চলনসময় " +-"সংৰূপ নিৰ্দিষ্ট কৰা আছে।" ++"সেৱাসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। সেৱাসমূহৰ চলনসময় সংৰূপ " ++"নিৰ্দিষ্ট কৰা আছে।" + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1455,8 +1446,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"এটা firewalld icmptype এ firewalld ৰ বাবে এটা ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা " +-"প্ৰটোকল (ICMP) ধৰণৰ তথ্য প্ৰদান কৰে।" ++"এটা firewalld icmptype এ firewalld ৰ বাবে এটা ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল " ++"(ICMP) ধৰণৰ তথ্য প্ৰদান কৰে।" + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1483,8 +1474,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP ধৰণসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। ICMP ধৰণসমূহৰ " +-"চলনসময় সংৰূপ নিৰ্দিষ্ট কৰা আছে।" ++"ICMP ধৰণসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। ICMP ধৰণসমূহৰ চলনসময় " ++"সংৰূপ নিৰ্দিষ্ট কৰা আছে।" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1505,11 +1496,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"প্ৰত্যক্ষ সংৰূপে ফায়াৰৱাললৈ এটা অধিক প্ৰত্যক্ষ অভিগম প্ৰদান কৰে। এই " +-"বিকল্পসমূহৰ বাবে ব্যৱহাৰকাৰী জনে মৌলিক iptables ধাৰণাবোৰ জানিব লাগিব, অৰ্থাত " +-"টেবুলসমূহ, শৃংখলসমূহ, কমান্ডসমূহ, প্ৰাচলসমূহ আৰু লক্ষ্যবোৰ। প্ৰত্যক্ষ সংৰূপক " +-"কেৱল শেষ উপায় হিচাপে ব্যৱহাৰ কৰিব লাগে যেতিয়া অন্য firewalld বৈশিষ্ট্যসমূহ " +-"ব্যৱহাৰ কৰা সম্ভব নহয়।" ++"প্ৰত্যক্ষ সংৰূপে ফায়াৰৱাললৈ এটা অধিক প্ৰত্যক্ষ অভিগম প্ৰদান কৰে। এই বিকল্পসমূহৰ বাবে " ++"ব্যৱহাৰকাৰী জনে মৌলিক iptables ধাৰণাবোৰ জানিব লাগিব, অৰ্থাত টেবুলসমূহ, শৃংখলসমূহ, " ++"কমান্ডসমূহ, প্ৰাচলসমূহ আৰু লক্ষ্যবোৰ। প্ৰত্যক্ষ সংৰূপক কেৱল শেষ উপায় হিচাপে ব্যৱহাৰ কৰিব " ++"লাগে যেতিয়া অন্য firewalld বৈশিষ্ট্যসমূহ ব্যৱহাৰ কৰা সম্ভব নহয়।" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1517,8 +1507,8 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"প্ৰত্যকটো বিকল্পৰ বাবে ipv তৰ্ক ipv4 অথবা ipv6 অথবা eb হব লাগিব। ipv4 ৰ সৈতে " +-"ই iptables ৰ বাবে হব, ipv6 ৰ সৈতে ip6tables ৰ বাবে হব আৰু eb ৰ সৈতে ইথাৰনেট " ++"প্ৰত্যকটো বিকল্পৰ বাবে ipv তৰ্ক ipv4 অথবা ipv6 অথবা eb হব লাগিব। ipv4 ৰ সৈতে ই " ++"iptables ৰ বাবে হব, ipv6 ৰ সৈতে ip6tables ৰ বাবে হব আৰু eb ৰ সৈতে ইথাৰনেট " + "ব্ৰিজবোৰ (ebtables) ৰ বাবে হব।" + + #: ../src/firewall-config.glade.h:177 +@@ -1545,8 +1535,7 @@ msgstr "শৃংখলসমূহ" + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." + msgstr "" +-"এটা প্ৰাথমিকতাৰ সৈতে এটা টেবুলৰ শৃংখললৈ তৰ্কসমূহ args ৰ সৈতে এটা নিয়ম যোগ " +-"কৰক।" ++"এটা প্ৰাথমিকতাৰ সৈতে এটা টেবুলৰ শৃংখললৈ তৰ্কসমূহ args ৰ সৈতে এটা নিয়ম যোগ কৰক।" + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1557,12 +1546,11 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"প্ৰাথমিকতাক নিয়মসমূহক ক্ৰম কৰিবলৈ ব্যৱহাৰ কৰা হয়। প্ৰাথমিকতা 0 ৰ অৰ্থ হল " +-"শৃংখলৰ ওপৰত নিময় যোগ কৰা, উচ্চ প্ৰাথমিকতাৰ সৈতে নিয়মক তলত যোগ কৰা হব। একে " +-"প্ৰাথমিকতাৰ সৈতে নিয়মসমূহ একেটা স্তৰত থাকে আৰু এই নিয়মসমূহৰ ক্ৰম নিৰ্দিষ্ট " +-"নহয় আৰু সলনি হব পাৰে। যদি আপুনি সুনিশ্চিত কৰিব বিচাৰে যে এটা নিয়ম অন্য এটাৰ " +-"পিছত যোগ কৰা হব, প্ৰথমটোৰ বাবে এটা নিম্ন প্ৰাথমিকতা ব্যৱহাৰ কৰক আৰু " +-"নিম্নলিখিতৰ বাবে এটা উচ্চ ব্যৱহাৰ কৰক:" ++"প্ৰাথমিকতাক নিয়মসমূহক ক্ৰম কৰিবলৈ ব্যৱহাৰ কৰা হয়। প্ৰাথমিকতা 0 ৰ অৰ্থ হল শৃংখলৰ " ++"ওপৰত নিময় যোগ কৰা, উচ্চ প্ৰাথমিকতাৰ সৈতে নিয়মক তলত যোগ কৰা হব। একে প্ৰাথমিকতাৰ " ++"সৈতে নিয়মসমূহ একেটা স্তৰত থাকে আৰু এই নিয়মসমূহৰ ক্ৰম নিৰ্দিষ্ট নহয় আৰু সলনি হব পাৰে। " ++"যদি আপুনি সুনিশ্চিত কৰিব বিচাৰে যে এটা নিয়ম অন্য এটাৰ পিছত যোগ কৰা হব, প্ৰথমটোৰ " ++"বাবে এটা নিম্ন প্ৰাথমিকতা ব্যৱহাৰ কৰক আৰু নিম্নলিখিতৰ বাবে এটা উচ্চ ব্যৱহাৰ কৰক:" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1586,15 +1574,13 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"পাছথ্ৰু নিয়মসমূহ ফায়াৰৱাললৈ প্ৰত্যক্ষভাৱে প্ৰেৰণ কৰা হয় আৰু বিশেষ শৃংখলত " +-"স্থাপন কৰা নহয়। সকলো iptables, ip6tables আৰু ebtables বিকল্পসমূহ ব্যৱহাৰ " +-"কৰিব পাৰি।" ++"পাছথ্ৰু নিয়মসমূহ ফায়াৰৱাললৈ প্ৰত্যক্ষভাৱে প্ৰেৰণ কৰা হয় আৰু বিশেষ শৃংখলত স্থাপন কৰা " ++"নহয়। সকলো iptables, ip6tables আৰু ebtables বিকল্পসমূহ ব্যৱহাৰ কৰিব পাৰি।" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." + msgstr "" +-"অনুগ্ৰহ কৰি পাছথ্ৰু নিয়মসমূহ ব্যৱহাৰ কৰোতে সাৱধান হব যাতে ফায়াৰৱাল " +-"ক্ষতিগ্ৰস্থ নহয়।" ++"অনুগ্ৰহ কৰি পাছথ্ৰু নিয়মসমূহ ব্যৱহাৰ কৰোতে সাৱধান হব যাতে ফায়াৰৱাল ক্ষতিগ্ৰস্থ নহয়।" + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1618,10 +1604,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"লকডাউন বৈশিষ্ট্য firewalld ৰ বাবে ব্যৱহাৰকাৰী আৰু এপ্লিকেচন নীতিসমূহৰ এটা " +-"লঘু সংস্কৰণ। ই ফায়াৰৱাললৈ কৰা পৰিবৰ্তনসমূহ সীমিত কৰে। লকডাউন হোৱাইটলিস্টত " +-"কমান্ডসমূহ, পৰিপ্ৰেক্ষতিত, ব্যৱহাৰকাৰীসকল আৰু ব্যৱহাৰকাৰী আইডিসমূহ থাকিব " +-"পাৰে।" ++"লকডাউন বৈশিষ্ট্য firewalld ৰ বাবে ব্যৱহাৰকাৰী আৰু এপ্লিকেচন নীতিসমূহৰ এটা লঘু " ++"সংস্কৰণ। ই ফায়াৰৱাললৈ কৰা পৰিবৰ্তনসমূহ সীমিত কৰে। লকডাউন হোৱাইটলিস্টত কমান্ডসমূহ, " ++"পৰিপ্ৰেক্ষতিত, ব্যৱহাৰকাৰীসকল আৰু ব্যৱহাৰকাৰী আইডিসমূহ থাকিব পাৰে।" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1652,9 +1637,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"যদি ৱোহাইটলিস্টত এটা কমান্ড প্ৰৱিষ্টি এটা একস্টেৰিক্স '*' ৰ সৈতে অন্ত হয়, " +-"তেন্তে কমান্ডৰ সৈতে আৰম্ভ হোৱা সকলো কমান্ড শাৰী মিল খাব। যদি '*' নাই " +-"সম্পূৰ্ণ কমান্ড অন্তৰ্ভুক্ত তৰ্কসমূহ মিল খাব লাগিব।" ++"যদি ৱোহাইটলিস্টত এটা কমান্ড প্ৰৱিষ্টি এটা একস্টেৰিক্স '*' ৰ সৈতে অন্ত হয়, তেন্তে " ++"কমান্ডৰ সৈতে আৰম্ভ হোৱা সকলো কমান্ড শাৰী মিল খাব। যদি '*' নাই সম্পূৰ্ণ কমান্ড " ++"অন্তৰ্ভুক্ত তৰ্কসমূহ মিল খাব লাগিব।" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1868,8 +1853,7 @@ msgstr "অনুগ্ৰহ কৰি এটা সমৃদ্ধ নিয় + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"হস্ট অথবা নেটৱাৰ্ক হোৱাইট অথবা ব্লেকলিস্টিংৰ বাবে উপাদানক নিষ্ক্ৰিয় কৰক।" ++msgstr "হস্ট অথবা নেটৱাৰ্ক হোৱাইট অথবা ব্লেকলিস্টিংৰ বাবে উপাদানক নিষ্ক্ৰিয় কৰক।" + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1897,11 +1881,11 @@ msgstr "উলোটা" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"ইয়াক সামৰ্থবান কৰিবলৈ কাৰ্য্য 'reject' আৰু পৰিয়াল 'ipv4' অথবা 'ipv6' হব " +-"লাগিব (দুয়ো নহয়)।" ++"ইয়াক সামৰ্থবান কৰিবলৈ কাৰ্য্য 'reject' আৰু পৰিয়াল 'ipv4' অথবা 'ipv6' হব লাগিব " ++"(দুয়ো নহয়)।" + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/bg.po b/po/bg.po +index 81d14c4e748a..80491853e12d 100644 +--- a/po/bg.po ++++ b/po/bg.po +@@ -1,22 +1,22 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Valentin Laskov , 2012-2014 + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:43+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Bulgarian (http://www.transifex.com/projects/p/firewalld/" + "language/bg/)\n" + "Language: bg\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -200,8 +200,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Зона '{zone}' е активна за връзка '{connection}' на интерфейс '{interface}'" + +@@ -641,7 +640,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1831,8 +1831,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/bn_IN.po b/po/bn_IN.po +index 8b5a6269ae4a..7ec6f44257c3 100644 +--- a/po/bn_IN.po ++++ b/po/bn_IN.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Saibal Ray, 2014 + # Jamil Ahmed , 2003 +@@ -13,15 +13,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:43+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Bengali (India) (http://www.transifex.com/projects/p/" + "firewalld/language/bn_IN/)\n" + "Language: bn_IN\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -75,8 +75,7 @@ msgstr "শিল্ড ঊর্ধ্বে/নিম্নে অঞ্চল + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." + msgstr "" +-"শিল্ড ঊর্ধ্ব এবং শিল্ড নিম্নের জন্য ব্যবহৃত অঞ্চলগুলি অাপনি এখানে নির্বাচন " +-"করতে পারবেন।" ++"শিল্ড ঊর্ধ্ব এবং শিল্ড নিম্নের জন্য ব্যবহৃত অঞ্চলগুলি অাপনি এখানে নির্বাচন করতে পারবেন।" + + #: ../src/firewall-applet.in:226 + msgid "" +@@ -84,8 +83,7 @@ msgid "" + "that are changing zones of connections, it might be of limited use." + msgstr "" + "অধিকাংশ ক্ষেত্রে ডিফল্ট অঞ্চল ব্যবহারকারীদের কাছে এই বৈশিষ্টটি উপযোগী। " +-"ব্যবহারকারীদের জন্য, যা সংযোগের পরিবর্তনশীল অঞ্চল, ব্যবহার সীমাবদ্ধ হতে " +-"পারে।" ++"ব্যবহারকারীদের জন্য, যা সংযোগের পরিবর্তনশীল অঞ্চল, ব্যবহার সীমাবদ্ধ হতে পারে।" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -207,8 +205,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "অঞ্চল '{zone}' '{connection}' সংযোগের জন্য সক্রিয়, '{interface}' ইন্টারফেসে" + +@@ -648,7 +645,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "ইন্টারফেস ছদ্মবেশ ধারণ করলে শুধুমাত্র তখনই অন্য সিস্টেমে ফরোয়ার্ডিং উপযোগী।\n" +@@ -813,8 +811,7 @@ msgstr "পোর্ট ফরওয়ার্ডিং" + #: ../src/firewall-config.glade.h:23 + msgid "" + "Please select the source and destination options according to your needs." +-msgstr "" +-"প্রয়োজন অনুসারে উৎস ও গন্তব্য সংক্রান্ত বিবিধ বিকল্পগুলি নির্বাচন করুন।" ++msgstr "প্রয়োজন অনুসারে উৎস ও গন্তব্য সংক্রান্ত বিবিধ বিকল্পগুলি নির্বাচন করুন।" + + #: ../src/firewall-config.glade.h:24 + msgid "Port / Port Range:" +@@ -837,8 +834,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"স্থানীয়রূপে ফরওয়ার্ডিং করতে ইচ্ছুক হলে, একটি পোর্ট নির্দেশ করা আবশ্যক। " +-"উদ্দিষ্ট পোর্টটি উৎস পোর্টের থেকে পৃথক হওয়া আবশ্যক।" ++"স্থানীয়রূপে ফরওয়ার্ডিং করতে ইচ্ছুক হলে, একটি পোর্ট নির্দেশ করা আবশ্যক। উদ্দিষ্ট পোর্টটি " ++"উৎস পোর্টের থেকে পৃথক হওয়া আবশ্যক।" + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -946,10 +943,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ফায়ারওয়াল নিয়ম পুনঃলোড করে। বর্তমান স্থায়ী কনফিগারেশন নতুন রানটাইম " +-"কনফিগারেশন হবে। অর্থাৎ, পুনঃলোড পর্যন্ত হওয়া সমস্ত শুধুমাত্র রানটাইম " +-"পরিবর্তনগুলি পুনঃলোডের সাথে নষ্ট হয়ে যায়। যদি না তারা স্থায়ী কনফিগারেশনেও " +-"থেকে থাকে।" ++"ফায়ারওয়াল নিয়ম পুনঃলোড করে। বর্তমান স্থায়ী কনফিগারেশন নতুন রানটাইম কনফিগারেশন " ++"হবে। অর্থাৎ, পুনঃলোড পর্যন্ত হওয়া সমস্ত শুধুমাত্র রানটাইম পরিবর্তনগুলি পুনঃলোডের সাথে " ++"নষ্ট হয়ে যায়। যদি না তারা স্থায়ী কনফিগারেশনেও থেকে থাকে।" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -981,8 +977,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +-msgstr "" +-"প্যানিক মোডের অর্থ হল, সকল ইনকামিং এবং অাউটগোয়িং প্যাকেট ড্রপ করা হয়।" ++msgstr "প্যানিক মোডের অর্থ হল, সকল ইনকামিং এবং অাউটগোয়িং প্যাকেট ড্রপ করা হয়।" + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -993,8 +988,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"Lockdown ফায়ারওয়াল কনফিগারেশন লক করে, যাতে কিনা শুধুমাত্র lockdown " +-"whitelist এ অ্যাপ্লিকেশন তার পরিবর্তন করতে পারে।" ++"Lockdown ফায়ারওয়াল কনফিগারেশন লক করে, যাতে কিনা শুধুমাত্র lockdown whitelist এ " ++"অ্যাপ্লিকেশন তার পরিবর্তন করতে পারে।" + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1068,9 +1063,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"বর্তমানে দৃশ্যমান কনফিগারেশন। রানটাইম কনফিগারেশন হল প্রকৃত সক্রিয় " +-"কনফিগারেশন। স্থায়ী কনফিগারেশন পরিষেবা বা সিস্টেম পুনঃলোড বা বন্ধ হয়ে চালু " +-"হওয়ার পরে সক্রিয় হবে।" ++"বর্তমানে দৃশ্যমান কনফিগারেশন। রানটাইম কনফিগারেশন হল প্রকৃত সক্রিয় কনফিগারেশন। " ++"স্থায়ী কনফিগারেশন পরিষেবা বা সিস্টেম পুনঃলোড বা বন্ধ হয়ে চালু হওয়ার পরে সক্রিয় হবে।" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1080,11 +1074,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"একটি ফায়ারওয়াল দিয়ে ঘেরা অঞ্চল তার মধ্যস্ত নেটওয়ার্ক সংযোগ, ইন্টারফেস " +-"এবং সোর্স ঠিকানার বিশ্বস্তের স্তরকে নির্ধারণ করে। অঞ্চলের মধ্যে অন্তর্ভুক্ত " +-"হল পরিষেবাদি, পোর্ট, প্রোটোকল, ম্যাসকোয়ারডিং, পোর্ট/প্যাকেট ফরোয়ার্ডিং, " +-"icmp ফিল্টার এবং রিচ রুল। অঞ্চল ইন্টারফেস এবং সোর্স ঠিকানার মধ্যে অাবদ্ধ " +-"থাকতে পারে।" ++"একটি ফায়ারওয়াল দিয়ে ঘেরা অঞ্চল তার মধ্যস্ত নেটওয়ার্ক সংযোগ, ইন্টারফেস এবং সোর্স " ++"ঠিকানার বিশ্বস্তের স্তরকে নির্ধারণ করে। অঞ্চলের মধ্যে অন্তর্ভুক্ত হল পরিষেবাদি, পোর্ট, " ++"প্রোটোকল, ম্যাসকোয়ারডিং, পোর্ট/প্যাকেট ফরোয়ার্ডিং, icmp ফিল্টার এবং রিচ রুল। অঞ্চল " ++"ইন্টারফেস এবং সোর্স ঠিকানার মধ্যে অাবদ্ধ থাকতে পারে।" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1108,9 +1101,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"অঞ্চলে কোন পরিষেবাগুলি বিশ্বস্ত তা অাপনি এখানে নির্দিষ্ট করতে পারবেন। এই " +-"অঞ্চলের সংযোগ, ইন্টারফেস এবং সোর্স থেকে মেশিনে পৌঁছাতে পারে এমন সকল হোস্ট " +-"এবং নেটওয়ার্ক থেকে বিশ্বস্ত পরিষেবাগুলি অ্যাক্সেসযোগ্য।" ++"অঞ্চলে কোন পরিষেবাগুলি বিশ্বস্ত তা অাপনি এখানে নির্দিষ্ট করতে পারবেন। এই অঞ্চলের " ++"সংযোগ, ইন্টারফেস এবং সোর্স থেকে মেশিনে পৌঁছাতে পারে এমন সকল হোস্ট এবং নেটওয়ার্ক " ++"থেকে বিশ্বস্ত পরিষেবাগুলি অ্যাক্সেসযোগ্য।" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1121,8 +1114,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"অতিরিক্ত পোর্ট বা পোর্ট রেঞ্জ যোগ করুন, যা মেশিনের সংগে সংযুক্ত করা যায় এমন " +-"সকল হোস্ট বা নেটওয়ার্কের জন্য অ্যাক্সেস হওয়া প্রয়োজন।" ++"অতিরিক্ত পোর্ট বা পোর্ট রেঞ্জ যোগ করুন, যা মেশিনের সংগে সংযুক্ত করা যায় এমন সকল " ++"হোস্ট বা নেটওয়ার্কের জন্য অ্যাক্সেস হওয়া প্রয়োজন।" + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1176,10 +1169,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"স্থানীয় নেটওয়ার্ক, ইন্টারনেটের সাথে সংযুক্ত করার জন্য হোস্ট অথবা রাউটার " +-"প্রস্তুতির সময় Masquerading সহয়াক। আপনার স্থানীয় নেটওয়ার্ক প্রকাশিত হবে না ও " +-"ইন্টারনেটে একটি হোস্ট রূপে প্রস্তুত করা হবে। Masquerading শুধুমাত্র IPv4-র " +-"ক্ষেত্রে প্রযোজ্য।" ++"স্থানীয় নেটওয়ার্ক, ইন্টারনেটের সাথে সংযুক্ত করার জন্য হোস্ট অথবা রাউটার প্রস্তুতির সময় " ++"Masquerading সহয়াক। আপনার স্থানীয় নেটওয়ার্ক প্রকাশিত হবে না ও ইন্টারনেটে একটি " ++"হোস্ট রূপে প্রস্তুত করা হবে। Masquerading শুধুমাত্র IPv4-র ক্ষেত্রে প্রযোজ্য।" + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1190,8 +1182,8 @@ msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." + msgstr "" +-"অাপনি ম্যাসকিউরেডিং সক্রিয় করলে, IP ফরোয়ার্ডিং অাপনার IPv4 নেটওয়ার্কগুলির " +-"জন্য সক্রিয় করা হবে।" ++"অাপনি ম্যাসকিউরেডিং সক্রিয় করলে, IP ফরোয়ার্ডিং অাপনার IPv4 নেটওয়ার্কগুলির জন্য " ++"সক্রিয় করা হবে।" + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1204,10 +1196,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"স্থানীয় সিস্টেমের মধ্যে অন্য পোর্টে অথবা স্থানীয় সিস্টেম থেকে অন্য সিস্টেমে " +-"পোর্ট ফরওয়ার্ড করার জন্য মান লিখুন। ইন্টারফেস masquerade করা থাকলে পৃথক " +-"সিস্টেমে পোর্ট ফরওয়ার্ড করা উপকারী হবে। পোর্ট ফরওয়ার্ডিং ব্যবস্থা শুধুমাত্র " +-"IPv4-র ক্ষেত্রে প্রযোজ্য।" ++"স্থানীয় সিস্টেমের মধ্যে অন্য পোর্টে অথবা স্থানীয় সিস্টেম থেকে অন্য সিস্টেমে পোর্ট " ++"ফরওয়ার্ড করার জন্য মান লিখুন। ইন্টারফেস masquerade করা থাকলে পৃথক সিস্টেমে পোর্ট " ++"ফরওয়ার্ড করা উপকারী হবে। পোর্ট ফরওয়ার্ডিং ব্যবস্থা শুধুমাত্র IPv4-র ক্ষেত্রে প্রযোজ্য।" + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1228,17 +1219,17 @@ msgid "" + "messages like ping requests and replies." + msgstr "" + "ইন্টারনেট কন্ট্রোল মেসেজ প্রোটকল (ICMP) প্রয়োগ করে নেটওয়ার্কের মধ্যে উপস্থিত " +-"কম্পিউটারগুলির মধ্যে ত্রুটি বার্তা আদান প্রদান করা হয়। উপরন্তু, বিবিধ তথ্য " +-"যেমন ping-র অনুরোধ ও উত্তর প্রভৃতিও বিনিময় করার জন্য এটি ব্যবহৃত হয়।" ++"কম্পিউটারগুলির মধ্যে ত্রুটি বার্তা আদান প্রদান করা হয়। উপরন্তু, বিবিধ তথ্য যেমন ping-র " ++"অনুরোধ ও উত্তর প্রভৃতিও বিনিময় করার জন্য এটি ব্যবহৃত হয়।" + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"প্রত্যাখ্যানের উদ্দেশ্যে, তালিকার মধ্যে ICMP-র ধরনগুলি চিহ্নিত করুন। " +-"অন্যান্য সকল ICMP-র ধরনগুলি ফায়ারওয়ালের মধ্যে প্রবেশ করতে সক্ষম হবে। " +-"ডিফল্টরূপে কোনো প্রতিরোধ করা হয় না।" ++"প্রত্যাখ্যানের উদ্দেশ্যে, তালিকার মধ্যে ICMP-র ধরনগুলি চিহ্নিত করুন। অন্যান্য সকল ICMP-" ++"র ধরনগুলি ফায়ারওয়ালের মধ্যে প্রবেশ করতে সক্ষম হবে। ডিফল্টরূপে কোনো প্রতিরোধ করা হয় " ++"না।" + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1279,9 +1270,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"অঞ্চলে ইন্টারফেসগুলি অাবদ্ধ করতে এন্ট্রিগুলি যোগ করুন। ইন্টারফেস একটি " +-"সংযোগের দ্বারা ব্যবহৃত হলে, অঞ্চল সংযোগের দ্বারা নির্দিষ্ট অঞ্চলে নির্দিষ্ট " +-"হবে।" ++"অঞ্চলে ইন্টারফেসগুলি অাবদ্ধ করতে এন্ট্রিগুলি যোগ করুন। ইন্টারফেস একটি সংযোগের দ্বারা " ++"ব্যবহৃত হলে, অঞ্চল সংযোগের দ্বারা নির্দিষ্ট অঞ্চলে নির্দিষ্ট হবে।" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1323,8 +1313,7 @@ msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." + msgstr "" +-"একটি firewalld পরিষেবা হল পোর্ট, প্রোটোকল, মডিউল এবং গন্তব্য ঠিকানার " +-"সমন্বয়।" ++"একটি firewalld পরিষেবা হল পোর্ট, প্রোটোকল, মডিউল এবং গন্তব্য ঠিকানার সমন্বয়।" + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1380,9 +1369,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"অাপনি গন্তব্য ঠিকানাগুলি নির্দিষ্ট করলে, পরিষেবা এন্ট্রি গন্তব্য ঠিকানা এবং " +-"ধরনের মধ্যেই সীমাবদ্ধ থাকবে। উভয় এন্ট্রিই খালি থাকলে, কোনো সীমাবদ্ধতা থাকে " +-"না।" ++"অাপনি গন্তব্য ঠিকানাগুলি নির্দিষ্ট করলে, পরিষেবা এন্ট্রি গন্তব্য ঠিকানা এবং ধরনের " ++"মধ্যেই সীমাবদ্ধ থাকবে। উভয় এন্ট্রিই খালি থাকলে, কোনো সীমাবদ্ধতা থাকে না।" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1397,8 +1385,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"পরিষেবাগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। " +-"পরিষেবাগুলির রানটাইম কনফিগারেশন নির্দিষ্ট।" ++"পরিষেবাগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। পরিষেবাগুলির " ++"রানটাইম কনফিগারেশন নির্দিষ্ট।" + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1458,8 +1446,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"একটি firewalld icmptype, firewalld এর জন্য একটি ইন্টারনেট কন্ট্রোল মেসেজ " +-"প্রোটোকল (ICMP) ধরনের জন্য তথ্য প্রদান করে।" ++"একটি firewalld icmptype, firewalld এর জন্য একটি ইন্টারনেট কন্ট্রোল মেসেজ প্রোটোকল " ++"(ICMP) ধরনের জন্য তথ্য প্রদান করে।" + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1486,8 +1474,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP ধরনগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। ICMP " +-"ধরনগুলির রানটাইম কনফিগারেশন নির্দিষ্ট।" ++"ICMP ধরনগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। ICMP ধরনগুলির " ++"রানটাইম কনফিগারেশন নির্দিষ্ট।" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1508,11 +1496,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"ডাইরেক্ট কনফিগারেশন ফায়ারওয়ালে অারো সরাসারি অ্যাক্সেস দেয়। এই বিকল্পের " +-"ক্ষেত্রে ব্যবহারকারীকে প্রাথমিক iptables কনসেপ্ট, অর্থাৎ সারণী, চেন, " +-"কম্যান্ড, প্যারামিটার এবং টার্গেট জানতে হবে। অন্যান্য firewalld বৈশিষ্ট্য " +-"ব্যবহার করা সম্ভব না হলে, শুধুমাত্র তখনই শেষ মাধ্যম হিসাবে ডাইরেক্ট " +-"কনফিগারেশন ব্যবহার করা হবে।" ++"ডাইরেক্ট কনফিগারেশন ফায়ারওয়ালে অারো সরাসারি অ্যাক্সেস দেয়। এই বিকল্পের ক্ষেত্রে " ++"ব্যবহারকারীকে প্রাথমিক iptables কনসেপ্ট, অর্থাৎ সারণী, চেন, কম্যান্ড, প্যারামিটার " ++"এবং টার্গেট জানতে হবে। অন্যান্য firewalld বৈশিষ্ট্য ব্যবহার করা সম্ভব না হলে, " ++"শুধুমাত্র তখনই শেষ মাধ্যম হিসাবে ডাইরেক্ট কনফিগারেশন ব্যবহার করা হবে।" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1520,9 +1507,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"প্রত্যেক বিকল্পের ipv অার্গুমেন্ট ipv4 বা ipv6 বা eb হতে হবে। ipv4 এর " +-"ক্ষেত্রে এটি হবে iptables, ipv6 এর ক্ষেত্রে ip6tables এবং eb এর ক্ষেত্রে " +-"ইথারনেট ব্রিজ (ebtables)।" ++"প্রত্যেক বিকল্পের ipv অার্গুমেন্ট ipv4 বা ipv6 বা eb হতে হবে। ipv4 এর ক্ষেত্রে এটি " ++"হবে iptables, ipv6 এর ক্ষেত্রে ip6tables এবং eb এর ক্ষেত্রে ইথারনেট ব্রিজ " ++"(ebtables)।" + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1548,8 +1535,7 @@ msgstr "চেন" + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." + msgstr "" +-"অগ্রাধিকার বিশিষ্ট একটি সারণীতে একটি চেনে অার্গুমেন্ট args সমেত একটি নিয়ম " +-"যোগ করুন।" ++"অগ্রাধিকার বিশিষ্ট একটি সারণীতে একটি চেনে অার্গুমেন্ট args সমেত একটি নিয়ম যোগ করুন।" + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1560,12 +1546,12 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"অগ্রাধিকার নিয়ম অর্ডার করতে ব্যবহার করা হয়। অগ্রাধিকার 0 এর অর্থ হল, চেনের " +-"উপরে নিয়ম যোগ করুন, অপেক্ষাকৃত বেশি অগ্রাধিকারের ক্ষেত্রে নিয়ম অারো নীচের " +-"দিকে যোগ হতে থাকবে। একই অগ্রাধিকারের নিয়মগুলি একই লেবেলে থাকে এবং এই " +-"নিয়মগুলির ক্রম নির্দিষ্ট নয় এবং পরিবর্তিত হতে পারে। একটির পরে অার একটি " +-"নিয়ম যোগ হোক তা অাপনি নিশ্চিত করতে চাইলে, প্রথমটির জন্য একটি কম অগ্রাধিকার " +-"ব্যবহার করুন এবং নিম্নলিখিতের জন্য অপেক্ষাকৃত বেশি।" ++"অগ্রাধিকার নিয়ম অর্ডার করতে ব্যবহার করা হয়। অগ্রাধিকার 0 এর অর্থ হল, চেনের উপরে " ++"নিয়ম যোগ করুন, অপেক্ষাকৃত বেশি অগ্রাধিকারের ক্ষেত্রে নিয়ম অারো নীচের দিকে যোগ হতে " ++"থাকবে। একই অগ্রাধিকারের নিয়মগুলি একই লেবেলে থাকে এবং এই নিয়মগুলির ক্রম নির্দিষ্ট " ++"নয় এবং পরিবর্তিত হতে পারে। একটির পরে অার একটি নিয়ম যোগ হোক তা অাপনি নিশ্চিত " ++"করতে চাইলে, প্রথমটির জন্য একটি কম অগ্রাধিকার ব্যবহার করুন এবং নিম্নলিখিতের জন্য " ++"অপেক্ষাকৃত বেশি।" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1589,15 +1575,14 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"passthrough নিয়ম ফায়ারওয়াল দিয়ে সরাসারি চালনা করা হয় এবং বিশেষ চেনে " +-"রাখা হয় না। সকল iptables, ip6tables এবং ebtables বিকল্প ব্যবহার করা যেতে " +-"পারে।" ++"passthrough নিয়ম ফায়ারওয়াল দিয়ে সরাসারি চালনা করা হয় এবং বিশেষ চেনে রাখা হয় " ++"না। সকল iptables, ip6tables এবং ebtables বিকল্প ব্যবহার করা যেতে পারে।" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." + msgstr "" +-"ফায়ারওয়াল যাতে ক্ষতিগস্থ না হয় তার জন্য অনুগ্রহ করে passthrough নিয়মের " +-"ক্ষেত্রে যত্নবান হোন।" ++"ফায়ারওয়াল যাতে ক্ষতিগস্থ না হয় তার জন্য অনুগ্রহ করে passthrough নিয়মের ক্ষেত্রে " ++"যত্নবান হোন।" + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1621,10 +1606,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"লকডাউন বৈশিষ্ট্য firewalld এর জন্য ব্যবহারকারী এবং অ্যাপ্লিকেশন নীতির একটি " +-"ক্ষুদ্র সংস্করণ। এটি ফায়ারওয়ালের পরিবর্তনগুলিকে সীমাবদ্ধ করে। লকডাউন " +-"হোয়াইটলিস্টের মধ্যে কম্যান্ড, কনটেক্স, ব্যবহারকারী এবং ব্যবহারকারী অাইডি " +-"থাকতে পারে।" ++"লকডাউন বৈশিষ্ট্য firewalld এর জন্য ব্যবহারকারী এবং অ্যাপ্লিকেশন নীতির একটি ক্ষুদ্র " ++"সংস্করণ। এটি ফায়ারওয়ালের পরিবর্তনগুলিকে সীমাবদ্ধ করে। লকডাউন হোয়াইটলিস্টের মধ্যে " ++"কম্যান্ড, কনটেক্স, ব্যবহারকারী এবং ব্যবহারকারী অাইডি থাকতে পারে।" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1655,9 +1639,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"whitelist এ কোনো কম্যান্ড এন্ট্রি তারকা চিহ্ন '*' দিয়ে সমাপ্ত হলে, কম্যান্ড " +-"দিয়ে শুরু হওয়া সমস্ত কম্যান্ড লাইন মিলবে। '*' উপস্থিত না থাকলে, " +-"অার্গুমেন্ট সমেত চরম কম্যান্ড অবশ্যই মিলতে হবে।" ++"whitelist এ কোনো কম্যান্ড এন্ট্রি তারকা চিহ্ন '*' দিয়ে সমাপ্ত হলে, কম্যান্ড দিয়ে শুরু " ++"হওয়া সমস্ত কম্যান্ড লাইন মিলবে। '*' উপস্থিত না থাকলে, অার্গুমেন্ট সমেত চরম কম্যান্ড " ++"অবশ্যই মিলতে হবে।" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1848,8 +1832,7 @@ msgstr "ডাইরেক্ট নিয়ম" + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." + msgstr "" +-"অনুগ্রহ করে ipv এবং সারণী, চেন অগ্রাধিকার নির্বাচন করুন এবং args প্রবেশ " +-"করান।" ++"অনুগ্রহ করে ipv এবং সারণী, চেন অগ্রাধিকার নির্বাচন করুন এবং args প্রবেশ করান।" + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1874,8 +1857,7 @@ msgstr "অনুগ্রহ করে একটি সমৃদ্ধ নি + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." + msgstr "" +-"হোস্ট বা নেটওয়ার্ক হোয়াইট বা কালো তালিকাভুক্তকরণের ক্ষেত্রে উপাদান " +-"নিষ্ক্রিয় করুন।" ++"হোস্ট বা নেটওয়ার্ক হোয়াইট বা কালো তালিকাভুক্তকরণের ক্ষেত্রে উপাদান নিষ্ক্রিয় করুন।" + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1903,8 +1885,8 @@ msgstr "উল্টানো" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "এটিকে সক্ষম করতে হলে, অ্যাকশন 'রিজেক্ট' হতে হবে এবং ফ্যামিলি হয় 'ipv4' বা " + "'ipv6' (উভয়ই নয়) হতে হবে।" +diff --git a/po/ca.po b/po/ca.po +index 885cc55685ff..46e1b6e6f6da 100644 +--- a/po/ca.po ++++ b/po/ca.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Angels Sala , 2004 + # Josep Puigdemont , 2004-2006 +@@ -19,15 +19,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-08-20 10:43+0000\n" + "Last-Translator: Robert Antoni Buj Gelonch \n" + "Language-Team: Catalan (http://www.transifex.com/projects/p/firewalld/" + "language/ca/)\n" + "Language: ca\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -216,8 +216,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "La zona '{zone}' es troba activa per a la connexió '{connection}' en la " + "interfície '{interface}'" +@@ -663,7 +662,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "El reenviament a un altre sistema tan sols és útil si la interfície de xarxa " +@@ -1443,8 +1443,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"Els serveis es poden canviar únicament en la vista de configuració permanent." +-" La configuració en temps d'execució dels serveis és fixa." ++"Els serveis es poden canviar únicament en la vista de configuració " ++"permanent. La configuració en temps d'execució dels serveis és fixa." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1485,7 +1485,6 @@ msgstr "" + "no estiguin utilitzant l'opció de temps d'expiració, i també únicament " + "aquelles entrades que hagin estat afegides amb firewalld. Aquí no es " + "llistaran aquelles entrades que s'hagin afegit directament amb l'ordre ipset." +-"" + + #: ../src/firewall-config.glade.h:161 + msgid "" +@@ -1536,8 +1535,7 @@ msgstr "Carrega els valor predeterminats d'ICMP" + + #: ../src/firewall-config.glade.h:171 + msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." +-msgstr "" +-"Especifiqueu si aquest tipus d'ICMP està disponible per IPv4 i/o IPv6." ++msgstr "Especifiqueu si aquest tipus d'ICMP està disponible per IPv4 i/o IPv6." + + #: ../src/firewall-config.glade.h:172 + msgid "" +@@ -1970,11 +1968,11 @@ msgstr "inverteix" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"Per habilitar-ho l'acció ha de ser «rebutja» i la família «ipv4» o «ipv6» " +-"(no ambdós)." ++"Per habilitar-ho l'acció ha de ser «rebutja» i la família «ipv4» o " ++"«ipv6» (no ambdós)." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/cs.po b/po/cs.po +index f8949f5438c0..1e7123ab1396 100644 +--- a/po/cs.po ++++ b/po/cs.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Adam Pribyl , 2007-2010 + # zdenek , 2013 +@@ -26,15 +26,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:21+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Czech (http://www.transifex.com/projects/p/firewalld/language/" + "cs/)\n" + "Language: cs\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -219,8 +219,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zóna '{zone}' aktivní pro spojení '{connection}' přes rozhraní '{interface}'" + +@@ -664,11 +663,12 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" +-"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní maškarádované." +-"\n" ++"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní " ++"maškarádované.\n" + "Přejete si zamaškarádovat tuto zónu?" + + #: ../src/firewall-config.in:5376 +@@ -967,7 +967,6 @@ msgstr "" + "Aktualizuje pravidla firewallu. Současná trvalá konfigurace se stane novou " + "běžící konfigurací. Tj. všechny změny provedeny v běžící konfiguraci budou " + "po této aktualizaci ztraceny, pokud již v trvalé konfiguraci předtím nebyly." +-"" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -1225,8 +1224,8 @@ msgid "" + msgstr "" + "Přidat záznamy pro přeposílání portů buď z jednoho portu na druhý na " + "lokálním systému nebo z lokálního portu do portu na jiném systému. " +-"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní maškarádované." +-" Přeposílání portů funguje pouze na IPv4." ++"Přeposílání na jiný systém je užitečné pouze pokud je rozhraní " ++"maškarádované. Přeposílání portů funguje pouze na IPv4." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1936,8 +1935,8 @@ msgstr "obrácený" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "K povolení tohoto musí být Akce nastavena na 'odmítnout' a Rodina buď 'IPv4' " + "nebo 'IPv6' (ne obojí)." +diff --git a/po/da.po b/po/da.po +index 8c5f0972e051..e3960c562b98 100644 +--- a/po/da.po ++++ b/po/da.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Christian Rose , 2002 + # Keld Simonsen , 2002-2005 +@@ -13,15 +13,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-09-20 10:43+0000\n" + "Last-Translator: scootergrisen \n" + "Language-Team: Danish (http://www.transifex.com/projects/p/firewalld/" + "language/da/)\n" + "Language: da\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -207,8 +207,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zone '{zone}' aktiv for forbindelse '{connection}' på grænseflade " + "'{interface}'" +@@ -653,7 +652,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Videresending til et andet system er kun nyttigt hvis grænsefladen er " +@@ -1155,7 +1155,6 @@ msgstr "Porte" + msgid "Add protocols, which need to be accessible for all hosts or networks." + msgstr "" + "Tilføj protokoller som skal være tilgængelig for alle værter eller netværker." +-"" + + #: ../src/firewall-config.glade.h:102 + msgid "Add Protocol" +@@ -1484,7 +1483,6 @@ msgid "" + "IPSets can only be created or deleted in the permanent configuration view." + msgstr "" + "IP-sæt kan kun oprettes eller slettes i den permanente konfigurationsvisning." +-"" + + #: ../src/firewall-config.glade.h:166 + msgid "" +@@ -1910,7 +1908,6 @@ msgstr "Indtast venligst en rigregel." + msgid "For host or network white or blacklisting deactivate the element." + msgstr "" + "For værts- eller netværkshvidlistning eller -sortlisting deaktivér elementet." +-"" + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1938,8 +1935,8 @@ msgstr "omvendt" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "For at aktivere, skal denne handling være 'afvis' og familje skal enten være " + "'ipv4' eller 'ipv6' (ikke begge)." +diff --git a/po/de.po b/po/de.po +index 57f88852ead8..64cc4ff14c59 100644 +--- a/po/de.po ++++ b/po/de.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Andreas Müller , 2003 + # Bernd Bartmann , 2004 +@@ -40,15 +40,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:22+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: German (http://www.transifex.com/projects/p/firewalld/" + "language/de/)\n" + "Language: de\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -236,8 +236,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "'{zone}'-Zone aktiv für '{connection}'-Verbindung auf '{interface}'-" + "Schnittstelle" +@@ -682,7 +681,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Die Weiterleitung an ein anderes System ist nur dann sinnvoll, wenn die " +@@ -938,8 +938,7 @@ msgstr "Grundlegende ICMP Typ-Einstellungen" + + #: ../src/firewall-config.glade.h:47 + msgid "Please configure base ICMP type settings:" +-msgstr "" +-"Bitte konfigurieren Sie die grundlegenden Einstellungen des ICMP-Typs:" ++msgstr "Bitte konfigurieren Sie die grundlegenden Einstellungen des ICMP-Typs:" + + #: ../src/firewall-config.glade.h:48 + msgid "ICMP Type" +@@ -1155,9 +1154,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"Hier können Sie definieren, welche Dienste in der Zone vertrauenswürdig sind." +-" Vertrauenswürdige Dienste sind zugänglich von allen Hosts und Netzwerken, " +-"die den Rechner über mit dieser Zone verbundenen Verbindungen, " ++"Hier können Sie definieren, welche Dienste in der Zone vertrauenswürdig " ++"sind. Vertrauenswürdige Dienste sind zugänglich von allen Hosts und " ++"Netzwerken, die den Rechner über mit dieser Zone verbundenen Verbindungen, " + "Schnittstellen und Quellen erreichen können." + + #: ../src/firewall-config.glade.h:95 +@@ -1706,9 +1705,9 @@ msgid "" + "contain commands, contexts, users and user ids." + msgstr "" + "Die Sperroption ist eine einfache Version von Benutzer- und " +-"Anwendungsrichtlinien für firewalld. Sie begrenzt Änderungen an der Firewall." +-" Die Sperr-Positivliste kann Befehle, Kontexte, Benutzer und Benutzer-IDs " +-"enthalten." ++"Anwendungsrichtlinien für firewalld. Sie begrenzt Änderungen an der " ++"Firewall. Die Sperr-Positivliste kann Befehle, Kontexte, Benutzer und " ++"Benutzer-IDs enthalten." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1990,8 +1989,8 @@ msgstr "invertiert" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Zum Aktivieren muss diese Aktion 'reject' sein und die Familie muss entweder " + "'ipv4' oder 'ipv6' sein (nicht beides)." +diff --git a/po/el.po b/po/el.po +index a90df214e121..71b35d8d79ac 100644 +--- a/po/el.po ++++ b/po/el.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # ioza1964, 2013 + # ioza1964, 2013 +@@ -16,15 +16,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:27+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Greek (http://www.transifex.com/projects/p/firewalld/language/" + "el/)\n" + "Language: el\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -210,8 +210,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Ζώνη '{zone}' ενεργή για σύνδεση '{connection}' στην διεπαφή '{interface}'" + +@@ -651,7 +650,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1845,8 +1845,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/en_GB.po b/po/en_GB.po +index 7fa66856c515..434e9303dd41 100644 +--- a/po/en_GB.po ++++ b/po/en_GB.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Automatically generated, 2004 + # Bruce Cowan , 2010 +@@ -11,15 +11,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:44+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" + "firewalld/language/en_GB/)\n" + "Language: en_GB\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -202,11 +202,9 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -644,7 +642,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1840,8 +1839,8 @@ msgstr "inverted" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/en_US.po b/po/en_US.po +index f136f77afae8..feb171d1f9ca 100644 +--- a/po/en_US.po ++++ b/po/en_US.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: firewalld\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2014-10-15 14:24+0000\n" + "Last-Translator: Jiří Popelka \n" + "Language-Team: English (United States) (http://www.transifex.com/projects/p/" +diff --git a/po/es.po b/po/es.po +index ec804cc9924f..7216b2fe4449 100644 +--- a/po/es.po ++++ b/po/es.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # beckerde , 2013 + # Claudio Rodrigo Pereyra Diaz , 2012-2013 +@@ -31,15 +31,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:22+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Spanish (http://www.transifex.com/projects/p/firewalld/" + "language/es/)\n" + "Language: es\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -226,8 +226,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zona '{zone}' activa para conexión '{connection}' en interfaz '{interface}'" + +@@ -671,7 +670,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "El reenvío a otro sistema sólo es útil si la interfaz es enmascarada.\n" +@@ -1180,7 +1180,6 @@ msgstr "Puertos" + msgid "Add protocols, which need to be accessible for all hosts or networks." + msgstr "" + "Añadir protocolos que deben ser accesibles para todos los servidores o redes." +-"" + + #: ../src/firewall-config.glade.h:102 + msgid "Add Protocol" +@@ -1444,8 +1443,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"Los servicios sólo se pueden cambiar en la vista de configuración permanente." +-" La configuración de tiempo de ejecución de los servicios es fija." ++"Los servicios sólo se pueden cambiar en la vista de configuración " ++"permanente. La configuración de tiempo de ejecución de los servicios es fija." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1555,10 +1554,10 @@ msgid "" + "therefore blocked by the firewall without the helper." + msgstr "" + "Hay un agente de seguimiento de conexiones ayudando con los protocolos que " +-"usan diferentes flujos para la señalización y para la transferencia de datos." +-" Los datos se envían por puertos que no están relacionados con la conexión " +-"de control y el cortafuegos los bloquearía sin la ayuda del agente de " +-"seguimiento." ++"usan diferentes flujos para la señalización y para la transferencia de " ++"datos. Los datos se envían por puertos que no están relacionados con la " ++"conexión de control y el cortafuegos los bloquearía sin la ayuda del agente " ++"de seguimiento." + + #: ../src/firewall-config.glade.h:174 + msgid "Define ports or port ranges, which are monitored by the helper." +@@ -1656,8 +1655,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"Tenga cuidado con las reglas passthrough para no dañar el cortafuegos." ++msgstr "Tenga cuidado con las reglas passthrough para no dañar el cortafuegos." + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1962,8 +1960,8 @@ msgstr "invertido" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Para activar ésto, Acción debe ser 'reject' y Family 'ipv4' o 'ipv6' (no " + "ambas)." +diff --git a/po/et.po b/po/et.po +index 7290cf63c57d..7a106c897674 100644 +--- a/po/et.po ++++ b/po/et.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # mihkel , 2012 + # mihkel , 2012 +@@ -10,15 +10,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:21+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Estonian (http://www.transifex.com/projects/p/firewalld/" + "language/et/)\n" + "Language: et\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -199,8 +199,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -637,7 +636,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1805,8 +1805,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/eu.po b/po/eu.po +index 5da623fbe0ac..213d2d0b01be 100644 +--- a/po/eu.po ++++ b/po/eu.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Asier Iturralde Sarasola , 2012 + # Mikel Olasagasti Uranga , 2013 +@@ -10,15 +10,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:43+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Basque (http://www.transifex.com/projects/p/firewalld/" + "language/eu/)\n" + "Language: eu\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -199,8 +199,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -637,7 +636,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1805,8 +1805,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/fi.po b/po/fi.po +index 878d63462a07..c0a1480ece0f 100644 +--- a/po/fi.po ++++ b/po/fi.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Juhani Numminen , 2012-2013 + # Lauri Nurmi , 2004 +@@ -15,15 +15,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-08-19 12:28+0000\n" + "Last-Translator: Jiri Grönroos \n" + "Language-Team: Finnish (http://www.transifex.com/projects/p/firewalld/" + "language/fi/)\n" + "Language: fi\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -43,7 +43,8 @@ msgstr "Palomuuriasetukset" + #: ../config/firewall-config.desktop.in.h:4 + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" +-"palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;netfilter;" ++"palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;" ++"netfilter;" + + #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 + #, c-format +@@ -207,11 +208,9 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" +-"Alue '{zone}' aktiivisena yhteydelle '{connection}' liitännällä " +-"'{interface}'" ++"Alue '{zone}' aktiivisena yhteydelle '{connection}' liitännällä '{interface}'" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -649,7 +648,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Välittäminen toiseen järjestelmään on hyödyllistä vain jos verkkoliitäntä on " +@@ -683,7 +683,8 @@ msgstr "Syötä ipv4- tai ipv6-osoite muodossa osoite[/maski]." + msgid "" + "The mask can be a network mask or a number for ipv4.\n" + "The mask is a number for ipv6." +-msgstr "Ipv4:n maski voi olla verkkomaski tai numero.\n" ++msgstr "" ++"Ipv4:n maski voi olla verkkomaski tai numero.\n" + "Ipv6:n maski on numero." + + #: ../src/firewall-config.in:5776 +@@ -1857,8 +1858,8 @@ msgstr "käänteinen" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/fr.po b/po/fr.po +index b6e99b05adb2..05e514edc076 100644 +--- a/po/fr.po ++++ b/po/fr.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # <>, 2006 + # Alain PORTAL , 2007 +@@ -34,15 +34,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:23+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: French (http://www.transifex.com/projects/p/firewalld/" + "language/fr/)\n" + "Language: fr\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n > 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -95,8 +95,7 @@ msgstr "Configurer des zones à protection active/inactive" + + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." +-msgstr "" +-"Vous pouvez choisir ici les zones avec protections active ou inactive." ++msgstr "Vous pouvez choisir ici les zones avec protections active ou inactive." + + #: ../src/firewall-applet.in:226 + msgid "" +@@ -229,8 +228,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zone « {zone} » active pour la connexion  « {connection} » sur l'interface " + "« {interface} »" +@@ -676,7 +674,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Rediriger vers un autre système est utile seulement si l'interface est " +@@ -689,8 +688,7 @@ msgstr "Service intégré, le renommage n'est pas pris en charge." + + #: ../src/firewall-config.in:5585 + msgid "Please enter an ipv4 address with the form address[/mask]." +-msgstr "" +-"Veuillez saisir une adresse ipv4 avec l'adresse du formulaire [/mask]." ++msgstr "Veuillez saisir une adresse ipv4 avec l'adresse du formulaire [/mask]." + + #: ../src/firewall-config.in:5586 + msgid "The mask can be a network mask or a number." +@@ -698,8 +696,7 @@ msgstr "Le masque peut être un masque de réseau ou un numéro" + + #: ../src/firewall-config.in:5588 + msgid "Please enter an ipv6 address with the form address[/mask]." +-msgstr "" +-"Veuillez saisir une adresse ipv6 avec l'adresse du formulaire [/mask]." ++msgstr "Veuillez saisir une adresse ipv6 avec l'adresse du formulaire [/mask]." + + #: ../src/firewall-config.in:5589 + msgid "The mask is a number." +@@ -1984,8 +1981,8 @@ msgstr "inversé" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Pour activer ceci, Action doit être paramétré sur « reject » et Famille soit " + "sur « Ipv4 » ou « Ipv6 » (pas les deux)." +diff --git a/po/gl.po b/po/gl.po +index 67244dfa5921..e064815023b1 100644 +--- a/po/gl.po ++++ b/po/gl.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Xosé , 2013 + # Xosé , 2013 +@@ -9,15 +9,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Galician (http://www.transifex.com/projects/p/firewalld/" + "language/gl/)\n" + "Language: gl\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -201,8 +201,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "A zona «{zone}» está activa para a conexión «{connection}» na interface " + "«{interface}»" +@@ -644,7 +643,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1827,8 +1827,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/gu.po b/po/gu.po +index 8abe70304032..3cfcaa73dde4 100644 +--- a/po/gu.po ++++ b/po/gu.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Ankit Patel , 2014 + # Ankit Patel , 2004-2008 +@@ -14,15 +14,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Gujarati (http://www.transifex.com/projects/p/firewalld/" + "language/gu/)\n" + "Language: gu\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -75,16 +75,15 @@ msgstr "શીલ્ડ અપ/ડાઉન વિસ્તારોને ર + + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." +-msgstr "" +-"શીલ્ડ અપ અને શીલ્ડ ડાઉન માટે વાપરેલ વિસ્તારોને તમે અહિંયા પસંદ કરી શકો છો." ++msgstr "શીલ્ડ અપ અને શીલ્ડ ડાઉન માટે વાપરેલ વિસ્તારોને તમે અહિંયા પસંદ કરી શકો છો." + + #: ../src/firewall-applet.in:226 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"આ લક્ષણ મોટેભાગે મૂળભૂત વિસ્તારોની મદદથી લોકો માટે ઉપયોગી છે. વપરાશકર્તાઓ " +-"માટે, જોડાણો માટે વિસ્તારોને બદલી રહ્યા છે, તે મર્યાદિત વપરાશ હોઇ શકે છે." ++"આ લક્ષણ મોટેભાગે મૂળભૂત વિસ્તારોની મદદથી લોકો માટે ઉપયોગી છે. વપરાશકર્તાઓ માટે, જોડાણો " ++"માટે વિસ્તારોને બદલી રહ્યા છે, તે મર્યાદિત વપરાશ હોઇ શકે છે." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -206,10 +205,8 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "" +-"ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' સક્રિય" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' સક્રિય" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -263,8 +260,8 @@ msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' " +-"{activated_deactivated}" ++"ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર " ++"'{zone}' {activated_deactivated}" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -647,7 +644,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "ફોર્વડીંગ એ ફક્ત બીજી સિસ્ટમ માટે ઉપયોગી છે જો ઇન્ટરફેસ માસ્કરેડ છે. " + +@@ -810,8 +808,7 @@ msgstr "પોર્ટ ફોરવર્ડીંગ" + #: ../src/firewall-config.glade.h:23 + msgid "" + "Please select the source and destination options according to your needs." +-msgstr "" +-"મહેરબાની કરીને તમારી જરૂરીયાત અનુસાર સ્રોત અને અંતિમ મુકામ વિકલ્પો પસંદ કરો." ++msgstr "મહેરબાની કરીને તમારી જરૂરીયાત અનુસાર સ્રોત અને અંતિમ મુકામ વિકલ્પો પસંદ કરો." + + #: ../src/firewall-config.glade.h:24 + msgid "Port / Port Range:" +@@ -834,8 +831,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"જો તમે સ્થાનિય આગળ ધપાવવાનું સક્રિય કરો, તો તમારે પોર્ટ સ્પષ્ટ કરવો પડે. આ " +-"પોર્ટ સ્રોત પોર્ટથી અલગ હોવો જોઈએ." ++"જો તમે સ્થાનિય આગળ ધપાવવાનું સક્રિય કરો, તો તમારે પોર્ટ સ્પષ્ટ કરવો પડે. આ પોર્ટ સ્રોત " ++"પોર્ટથી અલગ હોવો જોઈએ." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -943,10 +940,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ફાયરવોલ નિયમોને પુન:લાવો. વર્તમાન કાયમી રૂપરેખાંકન એ નવી રનટાઇમ રૂપરેખાંકન " +-"બનાવશે. એટલે કે બધી રનટાઇમ એ ફક્ત ફેરફારો પૂર્ણ કર્યા જ્યાં સુધી ફરી " +-"લાવવાનું એ ફરી લાવવા સાથે ગુમ થઇ જાય જો તેઓ કાયમી રૂપરેખાંકનમાં પણ ન આવ્યા " +-"હોય." ++"ફાયરવોલ નિયમોને પુન:લાવો. વર્તમાન કાયમી રૂપરેખાંકન એ નવી રનટાઇમ રૂપરેખાંકન બનાવશે. એટલે " ++"કે બધી રનટાઇમ એ ફક્ત ફેરફારો પૂર્ણ કર્યા જ્યાં સુધી ફરી લાવવાનું એ ફરી લાવવા સાથે ગુમ થઇ " ++"જાય જો તેઓ કાયમી રૂપરેખાંકનમાં પણ ન આવ્યા હોય." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -989,8 +985,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"લૉકડાઉન ફાયરવોલ રૂપરેખાંકનને તાળુ મારે છે તેથી ફક્ત લૉકડાઉન સફેદયાદી પર ફક્ત " +-"કાર્યક્રમો એ તેને બદલવા સક્ષમ છે." ++"લૉકડાઉન ફાયરવોલ રૂપરેખાંકનને તાળુ મારે છે તેથી ફક્ત લૉકડાઉન સફેદયાદી પર ફક્ત કાર્યક્રમો એ " ++"તેને બદલવા સક્ષમ છે." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1064,8 +1060,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"હાલમાં દૃશ્યમાન રૂપરેખાંકન. રનટાઇમ રૂપરેખાંકન એ ચોક્કસ સક્રિય રૂપરેખાંકન છે. " +-"કાયમી રૂપરેખાંકન સેવા પછી સક્રિય થશે અથવા સિસ્ટમ રિલોડ અથવા પુન:શરૂ થાય છે." ++"હાલમાં દૃશ્યમાન રૂપરેખાંકન. રનટાઇમ રૂપરેખાંકન એ ચોક્કસ સક્રિય રૂપરેખાંકન છે. કાયમી રૂપરેખાંકન " ++"સેવા પછી સક્રિય થશે અથવા સિસ્ટમ રિલોડ અથવા પુન:શરૂ થાય છે." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1075,11 +1071,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld વિસ્તાર એ નેટવર્ક જોડાણો, ઇન્ટરફેસ અને વિસ્તારમાં સરનામાં બાઉન્ડ " +-"માટે વિસ્તારનાં સ્તરને વ્યાખ્યાયિત કરે છે. વિસ્તાર એ સેવાઓ, પોર્ટ, " +-"પ્રોટોકોલ, માસ્કરેડીંગ, પોર્ટ/પેકેટ ફોર્વડીંગ, icmp ફિલ્ટરો અને કિંમતી " +-"નિયમોને બેગુ કરે છે. વિસ્તાર ઇન્ટરફેસ અને સ્ત્રોત સરનામાંને બાઉન્ડ કરી શકે " +-"છે." ++"firewalld વિસ્તાર એ નેટવર્ક જોડાણો, ઇન્ટરફેસ અને વિસ્તારમાં સરનામાં બાઉન્ડ માટે " ++"વિસ્તારનાં સ્તરને વ્યાખ્યાયિત કરે છે. વિસ્તાર એ સેવાઓ, પોર્ટ, પ્રોટોકોલ, માસ્કરેડીંગ, પોર્ટ/" ++"પેકેટ ફોર્વડીંગ, icmp ફિલ્ટરો અને કિંમતી નિયમોને બેગુ કરે છે. વિસ્તાર ઇન્ટરફેસ અને સ્ત્રોત " ++"સરનામાંને બાઉન્ડ કરી શકે છે." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1103,9 +1098,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"અહિંયા તમે વ્યાખ્યાયત કરી શકો છો કે જે સેવાઓ વિસ્તારમાં વિશ્ર્વાસપાત્ર છે. " +-"વિશ્ર્વાસપાત્ર સેવાઓ બધા યજમાનો અને નેટવર્કોમાંથી વાપરી શકાય છે કે જે " +-"જોડાણો, ઇન્ટરફેસ અને આ વિસ્તારમાં સ્ત્રોત બાઉન્ડ સુધી પહોંચી શકાય છે." ++"અહિંયા તમે વ્યાખ્યાયત કરી શકો છો કે જે સેવાઓ વિસ્તારમાં વિશ્ર્વાસપાત્ર છે. વિશ્ર્વાસપાત્ર " ++"સેવાઓ બધા યજમાનો અને નેટવર્કોમાંથી વાપરી શકાય છે કે જે જોડાણો, ઇન્ટરફેસ અને આ વિસ્તારમાં " ++"સ્ત્રોત બાઉન્ડ સુધી પહોંચી શકાય છે." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1116,8 +1111,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"વધારાનાં પોર્ટ અને પોર્ટ સીમાઓને ઉમેરો, કે જે બધા યજમાનો અથવા નેટવર્કો માટે " +-"વાપરવાની જરૂર છે કે જે મશીન માટે જોડાઇ શકે છે." ++"વધારાનાં પોર્ટ અને પોર્ટ સીમાઓને ઉમેરો, કે જે બધા યજમાનો અથવા નેટવર્કો માટે વાપરવાની " ++"જરૂર છે કે જે મશીન માટે જોડાઇ શકે છે." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1171,10 +1166,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"માસ્કરેડીંગ તમને યજમાન અથવા રાઉટર સુયોજીત કરવા માટે પરવાનગી આપે છે કે જે " +-"તમારા સ્થાનિક નેટવર્કને ઈન્ટરનેટ સાથે જોડે. તમારું સ્થાનિક નેટવર્ક દૃશ્યમાન " +-"હશે નહિં અને ઈન્ટરનેટ માટે એક યજમાન તરીકે દેખાશે. માસ્કરેડીંગ એ માત્ર IPv4 " +-"હોય છે." ++"માસ્કરેડીંગ તમને યજમાન અથવા રાઉટર સુયોજીત કરવા માટે પરવાનગી આપે છે કે જે તમારા સ્થાનિક " ++"નેટવર્કને ઈન્ટરનેટ સાથે જોડે. તમારું સ્થાનિક નેટવર્ક દૃશ્યમાન હશે નહિં અને ઈન્ટરનેટ માટે એક " ++"યજમાન તરીકે દેખાશે. માસ્કરેડીંગ એ માત્ર IPv4 હોય છે." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1185,8 +1179,7 @@ msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." + msgstr "" +-"જો તમે માસ્કરેડીંગને સક્રિય કરો તો, IP ફોર્વડીંગ એ તમારાં IPv4 નેટવર્કો " +-"માટે સક્રિય થશે." ++"જો તમે માસ્કરેડીંગને સક્રિય કરો તો, IP ફોર્વડીંગ એ તમારાં IPv4 નેટવર્કો માટે સક્રિય થશે." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1199,10 +1192,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"સ્થાનિક સિસ્ટમ પર એક પોર્ટમાંથી અન્ય પર પોર્ટો આગળ ધપાવવા માટે કે સ્થાનિક " +-"સિસ્ટમમાંથી અન્ય સિસ્ટમ પર આગળ ધપાવવા માટે પ્રવેશો ઉમેરો. અન્ય સિસ્ટમમાં આગળ " +-"ધપાવવાનું એ માત્ર ત્યારે જ ઉપયોગી છે જો ઈન્ટરફેસ માસ્કરેડ થયેલ હોય. પોર્ટ " +-"આગળ ધપાવવાનું એ માત્ર IPv4 છે." ++"સ્થાનિક સિસ્ટમ પર એક પોર્ટમાંથી અન્ય પર પોર્ટો આગળ ધપાવવા માટે કે સ્થાનિક સિસ્ટમમાંથી " ++"અન્ય સિસ્ટમ પર આગળ ધપાવવા માટે પ્રવેશો ઉમેરો. અન્ય સિસ્ટમમાં આગળ ધપાવવાનું એ માત્ર ત્યારે " ++"જ ઉપયોગી છે જો ઈન્ટરફેસ માસ્કરેડ થયેલ હોય. પોર્ટ આગળ ધપાવવાનું એ માત્ર IPv4 છે." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1222,17 +1214,17 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"Internet Control Message Protocol (ICMP) એ મુખ્યત્વે નેટવર્ક કમ્પ્યૂટરો " +-"વચ્ચે ભૂલ સંદેશાઓ મોકલવા માટે વપરાય છે, પરંતુ વધુમાં જાણકારી સંદેશાઓ માટે " +-"જેમ કે પીંગ અરજીઓ અને પ્રત્યુત્તરો માટે." ++"Internet Control Message Protocol (ICMP) એ મુખ્યત્વે નેટવર્ક કમ્પ્યૂટરો વચ્ચે ભૂલ સંદેશાઓ " ++"મોકલવા માટે વપરાય છે, પરંતુ વધુમાં જાણકારી સંદેશાઓ માટે જેમ કે પીંગ અરજીઓ અને પ્રત્યુત્તરો " ++"માટે." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"ICMP પ્રકારોને યાદીમાં ચિહ્નિત કરો, કે જેઓ નકારાવા જોઈએ. બાકીના બધા ICMP " +-"પ્રકારો ફાયરવોલ પસાર કરવા માટે માન્ય છે. મૂળભૂત એ કોઈ મર્યાદા નથી." ++"ICMP પ્રકારોને યાદીમાં ચિહ્નિત કરો, કે જેઓ નકારાવા જોઈએ. બાકીના બધા ICMP પ્રકારો " ++"ફાયરવોલ પસાર કરવા માટે માન્ય છે. મૂળભૂત એ કોઈ મર્યાદા નથી." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1273,8 +1265,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"વિસ્તારમાં ઇન્ટરફેસને બાઇન્ડ કરવા માટે નોંધણીને ઉમેરો. જો ઇન્ટરફેસ એ જોડાણ " +-"દ્દારા વાપરેલ હશે, વિસ્તાર એ જોડાણનાં ખાસ વિસ્તારમાં સુયોજિત હશે." ++"વિસ્તારમાં ઇન્ટરફેસને બાઇન્ડ કરવા માટે નોંધણીને ઉમેરો. જો ઇન્ટરફેસ એ જોડાણ દ્દારા વાપરેલ " ++"હશે, વિસ્તાર એ જોડાણનાં ખાસ વિસ્તારમાં સુયોજિત હશે." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1315,9 +1307,7 @@ msgstr "વિસ્તારો" + msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." +-msgstr "" +-"firewalld સેવા એર પોર્ટ, પ્રોટોકોલ, મોડ્યુલો અને લક્ષ્ય સરનામાંનું સંયોજન છે." +-"" ++msgstr "firewalld સેવા એર પોર્ટ, પ્રોટોકોલ, મોડ્યુલો અને લક્ષ્ય સરનામાંનું સંયોજન છે." + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1373,8 +1363,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"જો તમે લક્ષ્ય સરનામાંને સ્પષ્ટ કરો તો, સેવા પ્રવેશ એ લક્ષ્ય સરનામાં અને " +-"પ્રકારને મર્યાદિત કરશે. જો બંને નોંધણી ખાલી હોય તો, ત્યાં મર્યાદા નથી." ++"જો તમે લક્ષ્ય સરનામાંને સ્પષ્ટ કરો તો, સેવા પ્રવેશ એ લક્ષ્ય સરનામાં અને પ્રકારને મર્યાદિત " ++"કરશે. જો બંને નોંધણી ખાલી હોય તો, ત્યાં મર્યાદા નથી." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1389,8 +1379,7 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"સેવાઓ ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. સેવાઓની રનટાઇમ રૂપરેખાંકન " +-"સુધારેલ છે." ++"સેવાઓ ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. સેવાઓની રનટાઇમ રૂપરેખાંકન સુધારેલ છે." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1478,8 +1467,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP પ્રકારો ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. ICMP પ્રકારોની " +-"રનટાઇમ રૂપરેખાંકન સુધારેલ છે." ++"ICMP પ્રકારો ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. ICMP પ્રકારોની રનટાઇમ " ++"રૂપરેખાંકન સુધારેલ છે." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1500,10 +1489,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"સીધુ રૂપરેખાંકન એ firewall માં સીધો વપરાશ આપે છે. આ વિકલ્પો એ મૂળ iptables " +-"ખ્યાલોને જાણવા વપરાશકર્તાને જરૂરી છે એટલે કે કોષ્ટકો, કતારો, આદેશો, પરિમાણો " +-"અને લક્ષ્યો. સીધુ રૂપરેખાંકન એ છેલ્લા પુન:ક્રમાંકિત તરીકે ફક્ત વાપરવુ જોઇએ " +-"જ્યારે તે બીજા firewalld લક્ષણોને વાપરવા શક્ય નથી." ++"સીધુ રૂપરેખાંકન એ firewall માં સીધો વપરાશ આપે છે. આ વિકલ્પો એ મૂળ iptables ખ્યાલોને " ++"જાણવા વપરાશકર્તાને જરૂરી છે એટલે કે કોષ્ટકો, કતારો, આદેશો, પરિમાણો અને લક્ષ્યો. સીધુ " ++"રૂપરેખાંકન એ છેલ્લા પુન:ક્રમાંકિત તરીકે ફક્ત વાપરવુ જોઇએ જ્યારે તે બીજા firewalld લક્ષણોને " ++"વાપરવા શક્ય નથી." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1512,8 +1501,8 @@ msgid "" + "bridges (ebtables)." + msgstr "" + "દરેક વિકલ્પની ipv દલીલ એ ipv4 અથવા ipv6 અથવા eb હોવી જ જોઇએ. ipv4 સાથે તે " +-"iptables માટે હશે, ipv6 સાથે ip6tables માટે હશે અને eb સાથે ઇથરનેટ બ્રિજ " +-"માટે હશે (ebtables)." ++"iptables માટે હશે, ipv6 સાથે ip6tables માટે હશે અને eb સાથે ઇથરનેટ બ્રિજ માટે હશે " ++"(ebtables)." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1549,11 +1538,10 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"પ્રાધાન્ય નિયમોને ક્રમાંકિત કરવા વાપરેલ છે. પ્રાધાન્ય 0 નો મતલબ થાય કે " +-"કતારની ટોચ પર નિયમને ઉમેરો, ઉચ્ચ પ્રાધાન્ય સાથે નિયમ આગળ ઉમેરાશે. એજ " +-"પ્રાધાન્ય સાથે નિયમો એજ સ્તર પર છે અને આ નિયમોનો ક્રમ સુધારેલ નથી અને બદલી " +-"શકાય છે. જો તમે ખાતરી કરવા માંગો તો નિયમ બીજા એક પછી ઉમેરાશે, પહેલી માટે " +-"નીચા પ્રાધાન્યને વાપરો અને નીચેનાં માટે ઉચ્ચ." ++"પ્રાધાન્ય નિયમોને ક્રમાંકિત કરવા વાપરેલ છે. પ્રાધાન્ય 0 નો મતલબ થાય કે કતારની ટોચ પર " ++"નિયમને ઉમેરો, ઉચ્ચ પ્રાધાન્ય સાથે નિયમ આગળ ઉમેરાશે. એજ પ્રાધાન્ય સાથે નિયમો એજ સ્તર પર છે " ++"અને આ નિયમોનો ક્રમ સુધારેલ નથી અને બદલી શકાય છે. જો તમે ખાતરી કરવા માંગો તો નિયમ " ++"બીજા એક પછી ઉમેરાશે, પહેલી માટે નીચા પ્રાધાન્યને વાપરો અને નીચેનાં માટે ઉચ્ચ." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1577,13 +1565,12 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"પાસથ્રુ નિયમો એ સીધુ firewall મારફતે પસાર થયેલ છે અને ખાસ કતારોમાં સ્થિત " +-"થયેલ છે. બધા iptables, ip6tables અને ebtables વિકલ્પોને વાપરી શકાય છે." ++"પાસથ્રુ નિયમો એ સીધુ firewall મારફતે પસાર થયેલ છે અને ખાસ કતારોમાં સ્થિત થયેલ છે. બધા " ++"iptables, ip6tables અને ebtables વિકલ્પોને વાપરી શકાય છે." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"મહેરબાની કરીને પાસથ્રુ નિયમો એ ફાયરવોલને ઇજા પહોંચાડે નહિં તે રીતે સાચવો." ++msgstr "મહેરબાની કરીને પાસથ્રુ નિયમો એ ફાયરવોલને ઇજા પહોંચાડે નહિં તે રીતે સાચવો." + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1607,9 +1594,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"લોકડાઉન લક્ષણ એ firewalld માટે વપરાશકર્તા અને કાર્યક્રમ પોલિસીઓની આવૃત્તિ " +-"છે. તે ફાયરવોલ માટે ફેરફારોને મર્યાદિત કરે છે. લોકડાઉન વાઇટલીસ્ટ એ આદેશો, " +-"સંદર્ભો, વપરાશકર્તા અને વપરાશકર્તા ids ને સમાવે છે." ++"લોકડાઉન લક્ષણ એ firewalld માટે વપરાશકર્તા અને કાર્યક્રમ પોલિસીઓની આવૃત્તિ છે. તે " ++"ફાયરવોલ માટે ફેરફારોને મર્યાદિત કરે છે. લોકડાઉન વાઇટલીસ્ટ એ આદેશો, સંદર્ભો, વપરાશકર્તા " ++"અને વપરાશકર્તા ids ને સમાવે છે." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1640,9 +1627,8 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"જો વાઇટલીસેટ પર આદેશ પ્રવેશ એ એસ્ટ્રીંક '*' સાથે અંત થાય તો, પછી બધા આદેશ " +-"સાથે શરૂ થતા આદેશ વાક્યો એ બંધબેસશે. જો '*' ત્યાં ન હોય તો ખાસ આદેશ સમાવતી " +-"દલીલો બંધબેસવી જ જોઇએ." ++"જો વાઇટલીસેટ પર આદેશ પ્રવેશ એ એસ્ટ્રીંક '*' સાથે અંત થાય તો, પછી બધા આદેશ સાથે શરૂ થતા " ++"આદેશ વાક્યો એ બંધબેસશે. જો '*' ત્યાં ન હોય તો ખાસ આદેશ સમાવતી દલીલો બંધબેસવી જ જોઇએ." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1832,9 +1818,7 @@ msgstr "સીધો નિયમ" + + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." +-msgstr "" +-"મહેરબાની કરીને ipv અને કોષ્ટકને પસંદ કરો, કતાર પ્રાધાન્ય અને દલીલોને દાખલ " +-"કરો." ++msgstr "મહેરબાની કરીને ipv અને કોષ્ટકને પસંદ કરો, કતાર પ્રાધાન્ય અને દલીલોને દાખલ કરો." + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1886,8 +1870,8 @@ msgstr "ઉલટુ કરાયેલું" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "આને સક્રિય કરવા માટે ક્રિયા 'રદ કરો' હોવી જોઇએ અને પરિવાર પ્રકાર 'ipv4' અથવા " + "'ipv6' (બંને નહિ) હોવો જોઇએ." +diff --git a/po/hi.po b/po/hi.po +index 00fcda4f1a25..4922de0e1b4f 100644 +--- a/po/hi.po ++++ b/po/hi.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Rajesh Ranjan , 2009 + # Rajesh Ranjan , 2004-2010,2014 +@@ -10,15 +10,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:28+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Hindi (http://www.transifex.com/projects/p/firewalld/language/" + "hi/)\n" + "Language: hi\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -78,9 +78,8 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"यह फीचर उन लोगों के लिए उपयोगी है जो तयशुदा क्षेत्र अधिकतर उपयोग करते हैं. " +-"उपयोक्ताओं के लिए, वह कनेक्शन का बदलता क्षेत्र है, यह सीमित उपयोग का हो सकता " +-"है." ++"यह फीचर उन लोगों के लिए उपयोगी है जो तयशुदा क्षेत्र अधिकतर उपयोग करते हैं. उपयोक्ताओं के " ++"लिए, वह कनेक्शन का बदलता क्षेत्र है, यह सीमित उपयोग का हो सकता है." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -202,11 +201,9 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" +-"क्षेत्र '{zone}' सक्रिय है '{connection}' कनेक्शन के लिए '{interface}' " +-"अंतरफलक पर" ++"क्षेत्र '{zone}' सक्रिय है '{connection}' कनेक्शन के लिए '{interface}' अंतरफलक पर" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -265,8 +262,7 @@ msgstr "" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +-msgstr "" +-"क्षेत्र '{zone}' {activated_deactivated} है '{interface}' अंतरफलक के लिए" ++msgstr "क्षेत्र '{zone}' {activated_deactivated} है '{interface}' अंतरफलक के लिए" + + #: ../src/firewall-applet.in:1070 + #, c-format +@@ -645,7 +641,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "किसी दूसरे तंत्र में अग्रसारण तभी उपयोगी है जब अंतरफलक छद्म होता है.\n" +@@ -833,8 +830,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"यदि आप स्थानीय अग्रसारण सक्रिय करते हैं, आपको एक पोर्ट को निर्दिष्ट करना है. " +-"इस पोर्ट को स्रोत पोर्ट से भिन्न होना है." ++"यदि आप स्थानीय अग्रसारण सक्रिय करते हैं, आपको एक पोर्ट को निर्दिष्ट करना है. इस पोर्ट " ++"को स्रोत पोर्ट से भिन्न होना है." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -943,8 +940,7 @@ msgid "" + "lost with reload if they have not been also in permanent configuration." + msgstr "" + "फायरवॉल नियम फिर लोड करता है. मौजूदा स्थायी विन्यास एक नया रनटाइम विन्यास बन " +-"जाएगा. यानी सभी रनटाइम केवल तभी लोड होता है जब वे स्थायी विन्यास में होते " +-"हैं." ++"जाएगा. यानी सभी रनटाइम केवल तभी लोड होता है जब वे स्थायी विन्यास में होते हैं." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -976,8 +972,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +-msgstr "" +-"पैनिक अवस्था का अर्थ है कि सभी इनकमिंग और आउटगोइंग पैकेट छोड़े जाते हैं." ++msgstr "पैनिक अवस्था का अर्थ है कि सभी इनकमिंग और आउटगोइंग पैकेट छोड़े जाते हैं." + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -988,8 +983,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"लॉकडाउन फ़ायरवॉल विन्यास लॉक करता है ताकि लॉकडाउन ह्वाइटलिस्ट पर केवल " +-"अनुप्रयोग इसे बदल सकें." ++"लॉकडाउन फ़ायरवॉल विन्यास लॉक करता है ताकि लॉकडाउन ह्वाइटलिस्ट पर केवल अनुप्रयोग इसे " ++"बदल सकें." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1063,8 +1058,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"मौजूदा दृश्य विन्यास. रनटाइम विन्यास एक वास्तविक विन्यास है. स्थायी विन्यास " +-"सेवा या तंत्र रिलोड या फिर आरंभ करने के बाद सक्रिय होगा." ++"मौजूदा दृश्य विन्यास. रनटाइम विन्यास एक वास्तविक विन्यास है. स्थायी विन्यास सेवा या तंत्र " ++"रिलोड या फिर आरंभ करने के बाद सक्रिय होगा." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1074,10 +1069,9 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld क्षेत्र संजाल कनेक्शन, अंतरफलक, और क्षेत्र से जुड़ा स्रोत पता के " +-"लिए भरोसे का स्तर परिभाषित करता है. यह क्षेत्र सेवा, पोर्ट, प्रोटोकॉल, " +-"प्रच्छन्न, पोर्ट/पैकेट अग्रसारण, icmp फिल्टर और रिच नियम को एकीकृत करता है. " +-"यह क्षेत्र अंतरफलक और स्रोत पता से बंधा रहता है." ++"firewalld क्षेत्र संजाल कनेक्शन, अंतरफलक, और क्षेत्र से जुड़ा स्रोत पता के लिए भरोसे का स्तर " ++"परिभाषित करता है. यह क्षेत्र सेवा, पोर्ट, प्रोटोकॉल, प्रच्छन्न, पोर्ट/पैकेट अग्रसारण, icmp " ++"फिल्टर और रिच नियम को एकीकृत करता है. यह क्षेत्र अंतरफलक और स्रोत पता से बंधा रहता है." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1101,9 +1095,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"यहां आप परिभाषित कर सकते हैं कि कौन सी सेवाएँ इस क्षेत्र के लिए विश्वसनीय " +-"हैं. विश्वसनीय सेवाओं को सभी मेजबान या संजाल से अभिगम योग्य होता है जो मशीन " +-"तक इस क्षेत्र में कनेक्शन, अंतरफलक और स्रोत बाउंड से पहुँच सकता है." ++"यहां आप परिभाषित कर सकते हैं कि कौन सी सेवाएँ इस क्षेत्र के लिए विश्वसनीय हैं. विश्वसनीय " ++"सेवाओं को सभी मेजबान या संजाल से अभिगम योग्य होता है जो मशीन तक इस क्षेत्र में कनेक्शन, " ++"अंतरफलक और स्रोत बाउंड से पहुँच सकता है." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1114,8 +1108,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"अतिरिक्त पोर्ट व पोर्ट परिसर को जोड़ें, जो सभी मेजबान या संजाल के लिए अभिगम " +-"योग्य होना चाहिए दो मशीन से कनेक्ट कर सकता है." ++"अतिरिक्त पोर्ट व पोर्ट परिसर को जोड़ें, जो सभी मेजबान या संजाल के लिए अभिगम योग्य होना " ++"चाहिए दो मशीन से कनेक्ट कर सकता है." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1169,9 +1163,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"मुखौटा आपको एक मेजबान या रॉटर सेटअप करने की स्वीकृति देता है जो इंटरनेट से " +-"अपने स्थानीय संजाल को कनेक्ट करता है. आपका स्थानीय संजाल दृश्य नहीं होगा और " +-"इंटरनेट के लिए एक मेजबान के रूप में प्रकट होगा. मुखौटा सिर्फ IPv4 है." ++"मुखौटा आपको एक मेजबान या रॉटर सेटअप करने की स्वीकृति देता है जो इंटरनेट से अपने स्थानीय " ++"संजाल को कनेक्ट करता है. आपका स्थानीय संजाल दृश्य नहीं होगा और इंटरनेट के लिए एक मेजबान के " ++"रूप में प्रकट होगा. मुखौटा सिर्फ IPv4 है." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1181,9 +1175,7 @@ msgstr "प्रच्छन्न क्षेत्र" + msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." +-msgstr "" +-"यदि आप प्रच्छन्न सक्रिय कर रहे हैं, IP को आपको IPv4 के लिए सक्रिय किया जाएगा." +-"" ++msgstr "यदि आप प्रच्छन्न सक्रिय कर रहे हैं, IP को आपको IPv4 के लिए सक्रिय किया जाएगा." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1196,10 +1188,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"एक पोर्ट से दूसरे से पोर्ट को अग्रसारित करने के लिए प्रविष्टि जोड़ें स्थानीय " +-"सिस्टम पर या स्थानीय सिस्टम से दूसरे सिस्टम में. दूसरे सिस्टम में अग्रसारण " +-"सिर्फ तभी उपयोगी है यदि अंतरफलक को मुखौटा दिया जाता है. पोर्ट अग्रसारण सिर्फ " +-"IPv4 है." ++"एक पोर्ट से दूसरे से पोर्ट को अग्रसारित करने के लिए प्रविष्टि जोड़ें स्थानीय सिस्टम पर या " ++"स्थानीय सिस्टम से दूसरे सिस्टम में. दूसरे सिस्टम में अग्रसारण सिर्फ तभी उपयोगी है यदि अंतरफलक " ++"को मुखौटा दिया जाता है. पोर्ट अग्रसारण सिर्फ IPv4 है." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1219,17 +1210,17 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) को त्रुटि संदेश भेजने के लिए प्रयुक्त " +-"किया जाता है संजालित कंप्यूटर के बीच, लेकिन सूचनात्मक संदेश के लिए अतिरिक्त " +-"रूप से जैसे कि पिंग आग्रह और जवाब के लिए." ++"इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) को त्रुटि संदेश भेजने के लिए प्रयुक्त किया जाता है " ++"संजालित कंप्यूटर के बीच, लेकिन सूचनात्मक संदेश के लिए अतिरिक्त रूप से जैसे कि पिंग आग्रह और " ++"जवाब के लिए." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"सूची में ICMP प्रकार चिह्नित करें, जो अस्वीकृत किया जाना चाहिए. सभी दूसरे " +-"ICMP प्रकार को फायरवाल भेज देने की स्वीकृति है. तयशुदा में कोई सीमा नहीं है." ++"सूची में ICMP प्रकार चिह्नित करें, जो अस्वीकृत किया जाना चाहिए. सभी दूसरे ICMP प्रकार को " ++"फायरवाल भेज देने की स्वीकृति है. तयशुदा में कोई सीमा नहीं है." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1270,9 +1261,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"क्षेत्र में अंतरफलक बाइंड करने के लिए प्रविष्टि बाइंड करें. यदि अंतरफलक किसी " +-"कनेक्शन के द्वारा प्रयोग किया जाता है, तो इस क्षेत्र को निर्दिष्ट क्षेत्र " +-"में कनेक्शन में सेट किया जाएगा." ++"क्षेत्र में अंतरफलक बाइंड करने के लिए प्रविष्टि बाइंड करें. यदि अंतरफलक किसी कनेक्शन के द्वारा " ++"प्रयोग किया जाता है, तो इस क्षेत्र को निर्दिष्ट क्षेत्र में कनेक्शन में सेट किया जाएगा." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1369,8 +1359,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"यदि आप गंतव्य पता को निर्दिष्ट करते हैं, तो सेवा प्रविष्ट गंतव्य पता और " +-"प्रकार में सीमित होगी. यदि दोनों प्रविष्टि रिक्त है, तो कोई सीमा नहीं है." ++"यदि आप गंतव्य पता को निर्दिष्ट करते हैं, तो सेवा प्रविष्ट गंतव्य पता और प्रकार में सीमित " ++"होगी. यदि दोनों प्रविष्टि रिक्त है, तो कोई सीमा नहीं है." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1385,8 +1375,7 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"सेवा को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. सेवा का रनटाइम " +-"विन्यास फिक्स्ड है." ++"सेवा को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. सेवा का रनटाइम विन्यास फिक्स्ड है." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1446,8 +1435,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld icmptype इंटरनेट कंट्रोल मैसेज प्रोटोकॉल (ICMP) प्रकार के लिए " +-"firewalld के लिए सूचना प्रदान करता है." ++"firewalld icmptype इंटरनेट कंट्रोल मैसेज प्रोटोकॉल (ICMP) प्रकार के लिए firewalld के " ++"लिए सूचना प्रदान करता है." + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1474,8 +1463,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP प्रकार को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. ICMP प्रकार का " +-"रनटाइम विन्यास फिक्स्ड है." ++"ICMP प्रकार को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. ICMP प्रकार का रनटाइम " ++"विन्यास फिक्स्ड है." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1496,10 +1485,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"सीधा विन्यास फायरवॉल में सीधा पहुँच देता है. ये विकल्प मौलिक iptables संबोध, " +-"यानी सारणी, शृंखला, कमांड, पैरामीटर और लक्ष्य को उपयोक्ता जाने इसकी जरूरत " +-"बताता है. सीधा विन्यास केवल अंतिम हल के रूप में प्रयोग किया जा सकता है जबकि " +-"दूसरे फ़ायरवॉल किए फीचर संभव नहीं हैं." ++"सीधा विन्यास फायरवॉल में सीधा पहुँच देता है. ये विकल्प मौलिक iptables संबोध, यानी " ++"सारणी, शृंखला, कमांड, पैरामीटर और लक्ष्य को उपयोक्ता जाने इसकी जरूरत बताता है. सीधा " ++"विन्यास केवल अंतिम हल के रूप में प्रयोग किया जा सकता है जबकि दूसरे फ़ायरवॉल किए फीचर संभव " ++"नहीं हैं." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1534,9 +1523,7 @@ msgstr "शृंखला" + #: ../src/firewall-config.glade.h:182 + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." +-msgstr "" +-"args वितर्क के साथ कोई नियम शृंखला में जोड़ें प्राथमिकता के साथ एक सारणी में." +-"" ++msgstr "args वितर्क के साथ कोई नियम शृंखला में जोड़ें प्राथमिकता के साथ एक सारणी में." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1547,13 +1534,12 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"प्राथमिकता नियम को आदेश देने के लिए प्रयोग किया जा सकता है. प्राथमिकता 0 का " +-"अर्थ है शृंखला के शीर्ष पर नियम को जोड़ना, उच्चतर प्राथमिकता के साथ नियम फिर " +-"और जोड़े जाएँगे. समान प्राथमिकता के साथ नियम समान स्तर पर हैं और इन नियमों " +-"का क्रम स्थिर नहीं है और बदल सकता है. यदि आप पक्का करना चाहते हैं कि कोई " +-"नियम किसी के बाद जोड़े जाएँगे, पहले कम प्राथमिकता का जोड़ें कि एक नियम एक के " +-"बाद एक जोड़े जाएँगे, पहले से कम प्राथमिकता का उपयोग करें और निम्नलिखित के " +-"लिए उच्चतर जोड़े जाएँगे." ++"प्राथमिकता नियम को आदेश देने के लिए प्रयोग किया जा सकता है. प्राथमिकता 0 का अर्थ है " ++"शृंखला के शीर्ष पर नियम को जोड़ना, उच्चतर प्राथमिकता के साथ नियम फिर और जोड़े जाएँगे. " ++"समान प्राथमिकता के साथ नियम समान स्तर पर हैं और इन नियमों का क्रम स्थिर नहीं है और बदल " ++"सकता है. यदि आप पक्का करना चाहते हैं कि कोई नियम किसी के बाद जोड़े जाएँगे, पहले कम " ++"प्राथमिकता का जोड़ें कि एक नियम एक के बाद एक जोड़े जाएँगे, पहले से कम प्राथमिकता का " ++"उपयोग करें और निम्नलिखित के लिए उच्चतर जोड़े जाएँगे." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1577,9 +1563,8 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"पासथ्रू नियम सीधे फायरवॉल के द्वारा भेजा जा सकता है और विशेष शृंखला में " +-"स्थापित नहीं है. सभी iptables, ip6tables और ebtables विकल्प का उपयोग किया जा " +-"सकता है." ++"पासथ्रू नियम सीधे फायरवॉल के द्वारा भेजा जा सकता है और विशेष शृंखला में स्थापित नहीं है. " ++"सभी iptables, ip6tables और ebtables विकल्प का उपयोग किया जा सकता है." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1607,9 +1592,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"lockdown विशेषता उपयोक्ता और अनुप्रयोग नीति के हल्के संस्करण के लिए " +-"firewalld है. यह फ़ायरवॉल में परिवर्तन परिसीमित करता है. लॉकडाउन ह्वाइटलिस्च " +-"में कमांड, संदर्भ, उपयोक्ता और उपयोक्ता आईडी समाहित है." ++"lockdown विशेषता उपयोक्ता और अनुप्रयोग नीति के हल्के संस्करण के लिए firewalld है. यह " ++"फ़ायरवॉल में परिवर्तन परिसीमित करता है. लॉकडाउन ह्वाइटलिस्च में कमांड, संदर्भ, उपयोक्ता " ++"और उपयोक्ता आईडी समाहित है." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1640,9 +1625,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"यदि ह्वाइटलिस्ट पर किसी कमांड प्रविष्ट का अंत तारांकन '*' से होता है, तो सभी " +-"कमांड लाइन जो कमांड से आरंभ होता है मेल खाएगा. यदि '*' वहाँ नहीं है, तो " +-"निरपेक्ष कमांड अंतर्निवेशित तर्क को जरूर मेल खाना चाहिए." ++"यदि ह्वाइटलिस्ट पर किसी कमांड प्रविष्ट का अंत तारांकन '*' से होता है, तो सभी कमांड " ++"लाइन जो कमांड से आरंभ होता है मेल खाएगा. यदि '*' वहाँ नहीं है, तो निरपेक्ष कमांड " ++"अंतर्निवेशित तर्क को जरूर मेल खाना चाहिए." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1884,11 +1869,11 @@ msgstr "उल्टा" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"इसे सक्रिय करने के लिए क्रिया को 'अस्वीकार' करने की जरूरत है और फैमिली को " +-"'ipv4' या 'ipv6' (दोनों नहीं) होना चाहिए." ++"इसे सक्रिय करने के लिए क्रिया को 'अस्वीकार' करने की जरूरत है और फैमिली को 'ipv4' या " ++"'ipv6' (दोनों नहीं) होना चाहिए." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/hu.po b/po/hu.po +index 6effc0801e08..55b0e0ff3e82 100644 +--- a/po/hu.po ++++ b/po/hu.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Arpad Biro , 2004,2006,2008 + # teknos.ferenc , 2013 +@@ -24,15 +24,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:24+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Hungarian (http://www.transifex.com/projects/p/firewalld/" + "language/hu/)\n" + "Language: hu\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -73,8 +73,7 @@ msgstr "Zóna kiválasztása a(z) „%s” kapcsolathoz" + #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 + msgid "Failed to set zone {zone} for connection {connection_name}" + msgstr "" +-"Nem sikerült beállítani a(z) {zone} zónát a(z) {connection_name} " +-"kapcsolathoz" ++"Nem sikerült beállítani a(z) {zone} zónát a(z) {connection_name} kapcsolathoz" + + #: ../src/firewall-applet.in:190 + #, c-format +@@ -222,8 +221,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "A(z) „{zone}” zóna aktív a(z) „{connection}” kapcsolatnál ezen a csatolón: " + "„{interface}”" +@@ -669,7 +667,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "A továbbítás egy másik rendszerbe csak akkor hasznos, ha a csatoló maszkolva " +@@ -1243,8 +1242,8 @@ msgid "" + msgstr "" + "Bejegyzések hozzáadása portok továbbításához vagy egy portról egy másikra a " + "helyi rendszeren, vagy a helyi rendszerről egy másik rendszerre. Egy másik " +-"rendszerre történő továbbítás csak akkor hasznos, ha a csatoló maszkolva van." +-" A port továbbítás csak IPv4 esetén használható." ++"rendszerre történő továbbítás csak akkor hasznos, ha a csatoló maszkolva " ++"van. A port továbbítás csak IPv4 esetén használható." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1658,8 +1657,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"Legyen óvatos az áteresztő szabályokkal, hogy ne károsítsa a tűzfalat." ++msgstr "Legyen óvatos az áteresztő szabályokkal, hogy ne károsítsa a tűzfalat." + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1970,8 +1968,8 @@ msgstr "fordított" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "A művelet engedélyezéséhez „elutasítás” értékűnek, a családnak pedig vagy " + "„IPv4”-nek, vagy „IPv6”-nak (nem mindkettő) kell lennie." +diff --git a/po/ia.po b/po/ia.po +index ad26658fb67a..605b47b46cdc 100644 +--- a/po/ia.po ++++ b/po/ia.po +@@ -1,22 +1,22 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Nik Kalach , 2012-2013 + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:58+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Interlingua (http://www.transifex.com/projects/p/firewalld/" + "language/ia/)\n" + "Language: ia\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -197,8 +197,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -635,7 +634,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1803,8 +1803,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/id.po b/po/id.po +index 68f9ab52c169..8912e6fe22d6 100644 +--- a/po/id.po ++++ b/po/id.po +@@ -3,14 +3,14 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-05-22 09:00+0000\n" + "Last-Translator: Ferdi Saptanera \n" + "Language-Team: Indonesian\n" + "Language: id\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "X-Generator: Zanata 4.6.2\n" + "Plural-Forms: nplurals=1; plural=0\n" + +@@ -196,8 +196,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -634,7 +633,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1802,8 +1802,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/it.po b/po/it.po +index 0387750b62c4..ea9222222f06 100644 +--- a/po/it.po ++++ b/po/it.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Andrea La Fauci , 2010 + # antonio montagnani , 2013 +@@ -36,15 +36,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:24+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Italian (http://www.transifex.com/projects/p/firewalld/" + "language/it/)\n" + "Language: it\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -106,9 +106,9 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"Questa funzione è utile per coloro che usano soprattutto le zone predefinite." +-" Per gli utenti che modificano le zone delle connessioni, potrebbe essere " +-"limitata." ++"Questa funzione è utile per coloro che usano soprattutto le zone " ++"predefinite. Per gli utenti che modificano le zone delle connessioni, " ++"potrebbe essere limitata." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -232,8 +232,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zona '{zone}' attiva per la connessione '{connection}' sull'interfaccia " + "'{interface}'" +@@ -678,7 +677,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "L'inoltro ad un altro sistema è utile solo se l'interfaccia è nattata.\n" +@@ -895,8 +895,7 @@ msgstr "Configurare le impostazioni di base per gli helper:" + + #: ../src/firewall-config.glade.h:34 + msgid "Bold entries are mandatory, all others are optional." +-msgstr "" +-"Le voci in grassetto sono obbligatorie, tutte le altre sono opzionali." ++msgstr "Le voci in grassetto sono obbligatorie, tutte le altre sono opzionali." + + #: ../src/firewall-config.glade.h:35 + msgid "Name:" +@@ -1504,8 +1503,8 @@ msgid "" + "This IPSet uses the timeout option, therefore no entries are visible here. " + "The entries should be taken care directly with the ipset command." + msgstr "" +-"Questo IPSet usa l'opzione timeout, perciò nessuna delle voci è visibile qui." +-" Le voci dovrebbero essere prese in considerazione direttamente con il " ++"Questo IPSet usa l'opzione timeout, perciò nessuna delle voci è visibile " ++"qui. Le voci dovrebbero essere prese in considerazione direttamente con il " + "comando ipset." + + #: ../src/firewall-config.glade.h:162 +@@ -1556,8 +1555,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"E' possibile cambiare i tipi ICMP solo nella vista configurazione permanente." +-" La configurazione runtime dei tipi ICMP è fissa." ++"E' possibile cambiare i tipi ICMP solo nella vista configurazione " ++"permanente. La configurazione runtime dei tipi ICMP è fissa." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1576,7 +1575,6 @@ msgstr "" + msgid "Define ports or port ranges, which are monitored by the helper." + msgstr "" + "Definire le porte o intervalli di porte, che sono monitorati dall'assistente." +-"" + + #: ../src/firewall-config.glade.h:175 + msgid "" +@@ -1982,8 +1980,8 @@ msgstr "invertito" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Per abilitarlo, Action deve essere 'reject' e Family 'ipv4' o 'ipv6' (non " + "entrambi)." +diff --git a/po/ja.po b/po/ja.po +index 230a38a0bec5..0a220a6ca4a5 100644 +--- a/po/ja.po ++++ b/po/ja.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Aiko Sasaki , 2014 + # Copyright (C) Red Hat Inc. 2010, 2011 +@@ -22,15 +22,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:25+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Japanese (http://www.transifex.com/projects/p/firewalld/" + "language/ja/)\n" + "Language: ja\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -83,13 +83,17 @@ msgstr "シールド・アップ/ダウン・ゾーンの設定" + + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." +-msgstr "ここからシールド・アップおよびシールド・ダウンに対して使用するゾーンを選択できます。" ++msgstr "" ++"ここからシールド・アップおよびシールド・ダウンに対して使用するゾーンを選択で" ++"きます。" + + #: ../src/firewall-applet.in:226 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." +-msgstr "この機能はたいてい標準のゾーンを使用する人々にとって有用です。接続のゾーンを変更しているユーザーに対して、限定的に使用できます。" ++msgstr "" ++"この機能はたいてい標準のゾーンを使用する人々にとって有用です。接続のゾーンを" ++"変更しているユーザーに対して、限定的に使用できます。" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -208,13 +212,15 @@ msgid "" + "Default Zone '{default_zone}' active for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 '{connection}' に対して有効化" ++"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 " ++"'{connection}' に対して有効化" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対して有効化" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "" ++"ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対し" ++"て有効化" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -262,21 +268,22 @@ msgid "" + "Default zone '{default_zone}' {activated_deactivated} for connection " + "'{connection}' on interface '{interface}'" + msgstr "" +-"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 '{connection}' に対して " +-"{activated_deactivated} " ++"デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 " ++"'{connection}' に対して {activated_deactivated} " + + #: ../src/firewall-applet.in:1042 + msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対して " +-"{activated_deactivated}" ++"ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対し" ++"て {activated_deactivated}" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" + msgstr "" +-"インターフェース '{interface}' に対してゾーン '{zone}' を {activated_deactivated} しました" ++"インターフェース '{interface}' に対してゾーン '{zone}' を " ++"{activated_deactivated} しました" + + #: ../src/firewall-applet.in:1070 + #, c-format +@@ -285,7 +292,8 @@ msgstr "ゾーン '%s' をインターフェース '%s' に対して有効化し + + #: ../src/firewall-applet.in:1087 + msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" +-msgstr "ゾーン '{zone}' を送信元 '{source}' に対して {activated_deactivated} しました" ++msgstr "" ++"ゾーン '{zone}' を送信元 '{source}' に対して {activated_deactivated} しました" + + #: ../src/firewall-applet.in:1111 + #, c-format +@@ -304,7 +312,9 @@ msgstr "firewalld への接続を試行しています。お待ちください.. + msgid "" + "Failed to connect to firewalld. Please make sure that the service has been " + "started correctly and try again." +-msgstr "firewalldへの接続に失敗しました。サービスが正常に開始していることを確認して、再度接続を試行してください。" ++msgstr "" ++"firewalldへの接続に失敗しました。サービスが正常に開始していることを確認して、" ++"再度接続を試行してください。" + + #: ../src/firewall-config.in:95 + msgid "Changes applied." +@@ -655,9 +665,12 @@ msgstr "IPv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" +-msgstr "他のシステムへの転送は、インターフェースがマスカレードされている場合のみ有用です。\n" ++msgstr "" ++"他のシステムへの転送は、インターフェースがマスカレードされている場合のみ有用" ++"です。\n" + "このゾーンをマスカレードしたいですか ?" + + #: ../src/firewall-config.in:5376 +@@ -682,13 +695,16 @@ msgstr "mask は数字で指定します。" + + #: ../src/firewall-config.in:5591 + msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." +-msgstr "IPv4 もしくは IPv6 アドレスを address[/mask] の形式で入力してください。" ++msgstr "" ++"IPv4 もしくは IPv6 アドレスを address[/mask] の形式で入力してください。" + + #: ../src/firewall-config.in:5592 + msgid "" + "The mask can be a network mask or a number for ipv4.\n" + "The mask is a number for ipv6." +-msgstr "mask は、IPv4 の場合ネットワークマスクが指定できます。IPv6 の場合には数字で指定してください。" ++msgstr "" ++"mask は、IPv4 の場合ネットワークマスクが指定できます。IPv6 の場合には数字で指" ++"定してください。" + + #: ../src/firewall-config.in:5776 + msgid "Built-in ipset, rename not supported." +@@ -841,7 +857,9 @@ msgstr "送信先" + msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." +-msgstr "ローカル転送を有効にする場合、ポートを指定する必要があります。これはソースポートと異なる必要があります。" ++msgstr "" ++"ローカル転送を有効にする場合、ポートを指定する必要があります。これはソース" ++"ポートと異なる必要があります。" + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -949,7 +967,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ファイアウォールルールを再読み込みします。現在の永続的な設定が新しい実行時の設定になります。つまり、永続的な設定に存在しない、再読み込みするまでに行われた実行時の変更はすべて失われます。" ++"ファイアウォールルールを再読み込みします。現在の永続的な設定が新しい実行時の" ++"設定になります。つまり、永続的な設定に存在しない、再読み込みするまでに行われ" ++"た実行時の変更はすべて失われます。" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -991,7 +1011,9 @@ msgstr "パニックモード" + msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." +-msgstr "ロックダウンにより、ロックダウン・ホワイトリストにあるアプリケーションのみがファイアウォール設定を変更できるようにロックします。" ++msgstr "" ++"ロックダウンにより、ロックダウン・ホワイトリストにあるアプリケーションのみが" ++"ファイアウォール設定を変更できるようにロックします。" + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1048,12 +1070,16 @@ msgstr "バインディングのゾーンを変更" + #: ../src/firewall-config.glade.h:84 + msgid "" + "Hide active runtime bindings of connections, interfaces and sources to zones" +-msgstr "接続のアクティブなランタイムバインディング、インターフェースおよびソースをゾーンに対して非表示にします" ++msgstr "" ++"接続のアクティブなランタイムバインディング、インターフェースおよびソースを" ++"ゾーンに対して非表示にします" + + #: ../src/firewall-config.glade.h:85 + msgid "" + "Show active runtime bindings of connections, interfaces and sources to zones" +-msgstr "接続のアクティブなランタイムバインディング、インターフェースおよびソースをゾーンに対して表示します" ++msgstr "" ++"接続のアクティブなランタイムバインディング、インターフェースおよびソースを" ++"ゾーンに対して表示します" + + #: ../src/firewall-config.glade.h:86 + msgid "Configuration:" +@@ -1065,7 +1091,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"現在利用可能な設定。実行時の設定が実際に有効な設定です。永続的な設定は、サービスまたはシステムが再読み込みまたは再起動した後、有効になります。" ++"現在利用可能な設定。実行時の設定が実際に有効な設定です。永続的な設定は、サー" ++"ビスまたはシステムが再読み込みまたは再起動した後、有効になります。" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1075,9 +1102,11 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld " +-"ゾーンではゾーンに結び付けられているネットワーク接続、インターフェースおよび送信元アドレスの信頼レベルを定義します。サービス、ポート、プロトコル、マスカレード、ポートとパケット転送、ICMP " +-"フィルター、高度なルールを組み合わせます。ゾーンはインターフェースや送信元アドレスに結び付けることができます。" ++"firewalld ゾーンではゾーンに結び付けられているネットワーク接続、インター" ++"フェースおよび送信元アドレスの信頼レベルを定義します。サービス、ポート、プロ" ++"トコル、マスカレード、ポートとパケット転送、ICMP フィルター、高度なルールを組" ++"み合わせます。ゾーンはインターフェースや送信元アドレスに結び付けることができ" ++"ます。" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1101,7 +1130,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"このゾーンで信頼できるサービスを定義することができます。このゾーンに結び付けられている接続、インターフェース、送信元からこのマシンに到達できるホストやネットワークならいずれでも信頼できるサービスへのアクセスが可能になります。" ++"このゾーンで信頼できるサービスを定義することができます。このゾーンに結び付け" ++"られている接続、インターフェース、送信元からこのマシンに到達できるホストや" ++"ネットワークならいずれでも信頼できるサービスへのアクセスが可能になります。" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1111,7 +1142,9 @@ msgstr "サービス" + msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." +-msgstr "このマシンに接続できるホストやネットワークがアクセスできなければならないポートまたはポート範囲を追加します。" ++msgstr "" ++"このマシンに接続できるホストやネットワークがアクセスできなければならないポー" ++"トまたはポート範囲を追加します。" + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1131,7 +1164,9 @@ msgstr "ポート" + + #: ../src/firewall-config.glade.h:101 + msgid "Add protocols, which need to be accessible for all hosts or networks." +-msgstr "すべてのホストやネットワークがアクセスできなければならないプロトコルを追加します。" ++msgstr "" ++"すべてのホストやネットワークがアクセスできなければならないプロトコルを追加し" ++"ます。" + + #: ../src/firewall-config.glade.h:102 + msgid "Add Protocol" +@@ -1153,7 +1188,9 @@ msgstr "プロトコル" + msgid "" + "Add additional source ports or port ranges, which need to be accessible for " + "all hosts or networks that can connect to the machine." +-msgstr "このマシンに接続できるすべてのホストやネットワークがアクセスできなければならないソースポートまたはポート範囲を追加します。" ++msgstr "" ++"このマシンに接続できるすべてのホストやネットワークがアクセスできなければなら" ++"ないソースポートまたはポート範囲を追加します。" + + #: ../src/firewall-config.glade.h:107 + msgid "Source Ports" +@@ -1165,8 +1202,10 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"マスカレード機能を使用するとローカルネットワークをインターネットに繋げるルーターまたはホストをセットアップすることができます。ローカルネットワークはインターネット上からは見えなくなり、インターネット上ではホストが " +-"1 つのアドレスとして表示されます。マスカレード機能は IPv4 限定です。" ++"マスカレード機能を使用するとローカルネットワークをインターネットに繋げるルー" ++"ターまたはホストをセットアップすることができます。ローカルネットワークはイン" ++"ターネット上からは見えなくなり、インターネット上ではホストが 1 つのアドレスと" ++"して表示されます。マスカレード機能は IPv4 限定です。" + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1176,7 +1215,9 @@ msgstr "マスカレードゾーン" + msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." +-msgstr "マスカレード機能を有効にすると、IPv4 ネットワークで IP フォワーディングが有効になります。" ++msgstr "" ++"マスカレード機能を有効にすると、IPv4 ネットワークで IP フォワーディングが有効" ++"になります。" + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1189,8 +1230,10 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ローカルシステム上の任意のポートから別のポートへポート転送、ローカルシステムから別のシステムへのポート転送を行うためのエントリーを追加します。別のシステムへのポート転送についてはインターフェースがマスカレードされている場合にのみ有効です。ポート転送は " +-"IPv4 限定です。" ++"ローカルシステム上の任意のポートから別のポートへポート転送、ローカルシステム" ++"から別のシステムへのポート転送を行うためのエントリーを追加します。別のシステ" ++"ムへのポート転送についてはインターフェースがマスカレードされている場合にのみ" ++"有効です。ポート転送は IPv4 限定です。" + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1210,24 +1253,27 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ICMP (Internet Control Message Protocol) は、主にネットワーク上の " +-"コンピュータ間でエラーメッセージを送信するのに使用されますが、更には ping の要求や応答などの情報メッセージにも使用されます。" ++"ICMP (Internet Control Message Protocol) は、主にネットワーク上の コンピュー" ++"タ間でエラーメッセージを送信するのに使用されますが、更には ping の要求や応答" ++"などの情報メッセージにも使用されます。" + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"一覧内の拒否されるべき ICMP タイプをマークします。 その他すべての ICMP タイプはファイアーウォールの通過が許可されます。 " +-"デフォルトでは無制限になっています。" ++"一覧内の拒否されるべき ICMP タイプをマークします。 その他すべての ICMP タイプ" ++"はファイアーウォールの通過が許可されます。 デフォルトでは無制限になっていま" ++"す。" + + #: ../src/firewall-config.glade.h:118 + msgid "" + "If Invert Filter is enabled, marked ICMP entries are accepted and the others " + "are rejected. In a zone with the target DROP, they are dropped." + msgstr "" +-"反転フィルターが有効にされている場合、マークされた ICMP エントリーは受け入れられ、それ以外は拒否されます。ターゲットが DROP " +-"のゾーンでは、それらは破棄されます。" ++"反転フィルターが有効にされている場合、マークされた ICMP エントリーは受け入れ" ++"られ、それ以外は拒否されます。ターゲットが DROP のゾーンでは、それらは破棄さ" ++"れます。" + + #: ../src/firewall-config.glade.h:119 + msgid "Invert Filter" +@@ -1262,7 +1308,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"インターフェースをゾーンに割り当てるための項目を追加します。インターフェースが接続により使用される場合、ゾーンが接続で指定されたゾーンが設定されます。" ++"インターフェースをゾーンに割り当てるための項目を追加します。インターフェース" ++"が接続により使用される場合、ゾーンが接続で指定されたゾーンが設定されます。" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1282,9 +1329,10 @@ msgid "" + "to a MAC source address, but with limitations. Port forwarding and " + "masquerading will not work for MAC source bindings." + msgstr "" +-"ゾーンに送信元アドレスもしくはエリアをバインドするためにエントリーを追加します。送信元の MAC " +-"アドレスをバインドすることもできます。しかし、その場合に制約があります。ポートフォアーディングおよびマスカレーディングには、送信元 MAC " +-"アドレスのバインディングは機能しません。" ++"ゾーンに送信元アドレスもしくはエリアをバインドするためにエントリーを追加しま" ++"す。送信元の MAC アドレスをバインドすることもできます。しかし、その場合に制約" ++"があります。ポートフォアーディングおよびマスカレーディングには、送信元 MAC ア" ++"ドレスのバインディングは機能しません。" + + #: ../src/firewall-config.glade.h:132 + msgid "Add Source" +@@ -1306,7 +1354,9 @@ msgstr "ゾーン" + msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." +-msgstr "firewalld サービスとはポートやプロトコル、モジュール、送信先アドレスなどの組み合わせを指します。" ++msgstr "" ++"firewalld サービスとはポートやプロトコル、モジュール、送信先アドレスなどの組" ++"み合わせを指します。" + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1328,7 +1378,9 @@ msgstr "サービスの標準の読み込み" + msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks." +-msgstr "すべてのホストやネットワークからアクセスできることが必要な追加のポートか、ポートの範囲を追加します。" ++msgstr "" ++"すべてのホストやネットワークからアクセスできることが必要な追加のポートか、" ++"ポートの範囲を追加します。" + + #: ../src/firewall-config.glade.h:144 + msgid "Edit Entry" +@@ -1342,7 +1394,9 @@ msgstr "エントリーの削除" + msgid "" + "Add additional source ports or port ranges, which need to be accessible for " + "all hosts or networks." +-msgstr "すべてのホストやネットワークがアクセスできなければならないソースポートまたはポート範囲を追加します。" ++msgstr "" ++"すべてのホストやネットワークがアクセスできなければならないソースポートまたは" ++"ポート範囲を追加します。" + + #: ../src/firewall-config.glade.h:147 + msgid "Source Port" +@@ -1361,7 +1415,9 @@ msgid "" + "If you specify destination addresses, the service entry will be limited to " + "the destination address and type. If both entries are empty, there is no " + "limitation." +-msgstr "送信先アドレスを指定すると、サービスの項目が送信先アドレスとタイプに制限されます。どちらの項目も空の場合、制限がありません。" ++msgstr "" ++"送信先アドレスを指定すると、サービスの項目が送信先アドレスとタイプに制限され" ++"ます。どちらの項目も空の場合、制限がありません。" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1375,13 +1431,17 @@ msgstr "IPv6:" + msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." +-msgstr "サービスは永続的な設定の表示画面だけで変更できます。サービスの実行時の設定が変更されます。" ++msgstr "" ++"サービスは永続的な設定の表示画面だけで変更できます。サービスの実行時の設定が" ++"変更されます。" + + #: ../src/firewall-config.glade.h:154 + msgid "" + "An IPSet can be used to create white or black lists and is able to store for " + "example IP addresses, port numbers or MAC addresses. " +-msgstr "IPSet はホワイトリストもしくはブラックリストを作成でき、その中に、IPアドレスやポート番号、MAC アドレスの情報を格納できます。" ++msgstr "" ++"IPSet はホワイトリストもしくはブラックリストを作成でき、その中に、IPアドレス" ++"やポート番号、MAC アドレスの情報を格納できます。" + + #: ../src/firewall-config.glade.h:155 + msgid "IPSet" +@@ -1410,16 +1470,17 @@ msgid "" + "added by firewalld. Entries, that have been directly added with the ipset " + "command wil not be listed here." + msgstr "" +-"IPSet エントリーの一覧では、タイムアウトオプションを使用していない IPSet のエントリー、firewalld " +-"によって追加されたエントリーのみを確認することができます。ipset コマンドを直接実行して追加したエントリーは表示されません。" ++"IPSet エントリーの一覧では、タイムアウトオプションを使用していない IPSet のエ" ++"ントリー、firewalld によって追加されたエントリーのみを確認することができま" ++"す。ipset コマンドを直接実行して追加したエントリーは表示されません。" + + #: ../src/firewall-config.glade.h:161 + msgid "" + "This IPSet uses the timeout option, therefore no entries are visible here. " + "The entries should be taken care directly with the ipset command." + msgstr "" +-"この IPSet はタイムアウトオプションを使っています。従って、ここにはエントリーが表示されません。エントリーは ipset " +-"コマンドを直接実行する必要があります。" ++"この IPSet はタイムアウトオプションを使っています。従って、ここにはエントリー" ++"が表示されません。エントリーは ipset コマンドを直接実行する必要があります。" + + #: ../src/firewall-config.glade.h:162 + msgid "Add" +@@ -1439,8 +1500,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld の ICMP タイプは firewalld 用の Internet Control Message Protocol (ICMP) " +-"タイプの情報を提供します。" ++"firewalld の ICMP タイプは firewalld 用の Internet Control Message Protocol " ++"(ICMP) タイプの情報を提供します。" + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1460,13 +1521,16 @@ msgstr "ICMP タイプの初期値の読み込み" + + #: ../src/firewall-config.glade.h:171 + msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." +-msgstr "この ICMP タイプが IPv4 と IPv6 に対して利用可能であるかどうかを指定します。" ++msgstr "" ++"この ICMP タイプが IPv4 と IPv6 に対して利用可能であるかどうかを指定します。" + + #: ../src/firewall-config.glade.h:172 + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." +-msgstr "ICMP タイプは永続的な設定の表示画面だけで変更できます。ICMP タイプの実行時の設定は変更されます。" ++msgstr "" ++"ICMP タイプは永続的な設定の表示画面だけで変更できます。ICMP タイプの実行時の" ++"設定は変更されます。" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1475,11 +1539,16 @@ msgid "" + "are using ports that are unrelated to the signaling connection and are " + "therefore blocked by the firewall without the helper." + msgstr "" +-"コネクショントラッキングヘルパーは、シグナルとデータ転送との異なるフローで利用されるプロトコルが動作するよう支援します。データ転送は、シグナル接続と無関係なポートを利用するため、ヘルパーがないとファイアウォールによってブロックされてしまいます。" ++"コネクショントラッキングヘルパーは、シグナルとデータ転送との異なるフローで利" ++"用されるプロトコルが動作するよう支援します。データ転送は、シグナル接続と無関" ++"係なポートを利用するため、ヘルパーがないとファイアウォールによってブロックさ" ++"れてしまいます。" + + #: ../src/firewall-config.glade.h:174 + msgid "Define ports or port ranges, which are monitored by the helper." +-msgstr "ポートもしくはポートの範囲を定義し、それをヘルパーによってモニタリングされます。" ++msgstr "" ++"ポートもしくはポートの範囲を定義し、それをヘルパーによってモニタリングされま" ++"す。" + + #: ../src/firewall-config.glade.h:175 + msgid "" +@@ -1488,8 +1557,11 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"ダイレクト設定により、ファイアウォールにより直接アクセスできます。これらのオプションは、ユーザーが iptables " +-"の基本的な概念、つまりテーブル、チェイン、コマンド、パラメーター、ターゲットに関する知識を有していることを前提にしています。ダイレクト設定は、他のファイアウォール機能を使用できない場合に、最終手段としてのみ使用すべきです。" ++"ダイレクト設定により、ファイアウォールにより直接アクセスできます。これらのオ" ++"プションは、ユーザーが iptables の基本的な概念、つまりテーブル、チェイン、コ" ++"マンド、パラメーター、ターゲットに関する知識を有していることを前提にしていま" ++"す。ダイレクト設定は、他のファイアウォール機能を使用できない場合に、最終手段" ++"としてのみ使用すべきです。" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1497,9 +1569,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"各オプションの ipv 引数は ipv4, ipv6, eb のどれかである必要があります。ipv4 を指定すると、iptables " +-"が使用されます。ipv6 を指定すると、ip6tables が使用されます。eb を指定すると、イーサネットブリッジ (ebtables) " +-"が使用されます。" ++"各オプションの ipv 引数は ipv4, ipv6, eb のどれかである必要があります。ipv4 " ++"を指定すると、iptables が使用されます。ipv6 を指定すると、ip6tables が使用さ" ++"れます。eb を指定すると、イーサネットブリッジ (ebtables) が使用されます。" + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1524,7 +1596,9 @@ msgstr "チェイン" + #: ../src/firewall-config.glade.h:182 + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." +-msgstr "ルールを args 引数とともに、テーブルにあるチェインに優先度を付けて追加します。" ++msgstr "" ++"ルールを args 引数とともに、テーブルにあるチェインに優先度を付けて追加しま" ++"す。" + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1535,8 +1609,11 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"優先度はルールの順序をつけるために使用されます。優先度 0 " +-"はルールをチェインの最初に追加します。より高い優先度を持つルールがさらに下に追加されます。同じ優先度を持つルールは同じレベルになります。これらのルールの順序は固定されず、変更されるかもしれません。ルールを確実に他のルールの後ろに追加したい場合、最初に低い優先度を使用し、次により高い優先度を使用します。" ++"優先度はルールの順序をつけるために使用されます。優先度 0 はルールをチェインの" ++"最初に追加します。より高い優先度を持つルールがさらに下に追加されます。同じ優" ++"先度を持つルールは同じレベルになります。これらのルールの順序は固定されず、変" ++"更されるかもしれません。ルールを確実に他のルールの後ろに追加したい場合、最初" ++"に低い優先度を使用し、次により高い優先度を使用します。" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1560,12 +1637,15 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"パススルールールは直接ファイアウォールに渡されるルールです。特別なチェインに置かれません。iptables, ip6tables, ebtables " +-"のすべてのオプションが使用できます。" ++"パススルールールは直接ファイアウォールに渡されるルールです。特別なチェインに" ++"置かれません。iptables, ip6tables, ebtables のすべてのオプションが使用できま" ++"す。" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "パススルールールを追加する場合、ファイアウォールを壊さないよう注意してください。" ++msgstr "" ++"パススルールールを追加する場合、ファイアウォールを壊さないよう注意してくださ" ++"い。" + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1589,9 +1669,10 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"ロックダウン機能はユーザーとアプリケーションのポリシーの firewalld " +-"向け軽量バージョンです。これにより、ファイアウォールへの変更が制限されます。ロックダウン・ホワイトリストは、コマンド、コンテキスト、ユーザーおよびユーザー " +-"ID を含められます。" ++"ロックダウン機能はユーザーとアプリケーションのポリシーの firewalld 向け軽量" ++"バージョンです。これにより、ファイアウォールへの変更が制限されます。ロックダ" ++"ウン・ホワイトリストは、コマンド、コンテキスト、ユーザーおよびユーザー ID を" ++"含められます。" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1599,8 +1680,9 @@ msgid "" + "service. To get the context of a running application use ps -e --" + "context." + msgstr "" +-"コンテキストは実行中のアプリケーションやサービスのセキュリティーコンテキスト(SELinux " +-"コンテキスト)です。実行中のアプリケーションのコンテキストを確認するには、ps -e --contextコマンドを使用します。" ++"コンテキストは実行中のアプリケーションやサービスのセキュリティーコンテキスト" ++"(SELinux コンテキスト)です。実行中のアプリケーションのコンテキストを確認する" ++"には、ps -e --contextコマンドを使用します。" + + #: ../src/firewall-config.glade.h:196 + msgid "Add Context" +@@ -1624,8 +1706,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"ホワイトリストのコマンドがアスタリスク '*' で終わっている場合、そのコマンドから始まるすべてのコマンドラインに一致します。もし '*' " +-"がなければ、引数を含め、コマンドが完全に一致する必要があります。" ++"ホワイトリストのコマンドがアスタリスク '*' で終わっている場合、そのコマンドか" ++"ら始まるすべてのコマンドラインに一致します。もし '*' がなければ、引数を含め、" ++"コマンドが完全に一致する必要があります。" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1839,7 +1922,9 @@ msgstr "高度なルールを入力してください。" + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "ホワイトリストまたはブラックリストにより、ホストまたはネットワークに対して要素を非アクティブ化します。" ++msgstr "" ++"ホワイトリストまたはブラックリストにより、ホストまたはネットワークに対して要" ++"素を非アクティブ化します。" + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1867,11 +1952,11 @@ msgstr "反転" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"これを有効にするには、アクションを 'reject' にし、ファミリーを 'ipv4' または 'ipv6' のいずれか (両方ではない) " +-"にする必要があります。" ++"これを有効にするには、アクションを 'reject' にし、ファミリーを 'ipv4' または " ++"'ipv6' のいずれか (両方ではない) にする必要があります。" + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/ka.po b/po/ka.po +index 63dd40ce3485..82e63b67c9d4 100644 +--- a/po/ka.po ++++ b/po/ka.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # George Machitidze , 2013 + # Thomas Woerner , 2016. #zanata +@@ -9,15 +9,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:24+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Georgian (http://www.transifex.com/projects/p/firewalld/" + "language/ka/)\n" + "Language: ka\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -198,8 +198,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -636,7 +635,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1804,8 +1804,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/kn.po b/po/kn.po +index a9cd9097f51a..da695101a0bb 100644 +--- a/po/kn.po ++++ b/po/kn.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # shanky , 2014 + # shankar , 2006 +@@ -13,15 +13,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 09:59+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Kannada (http://www.transifex.com/projects/p/firewalld/" + "language/kn/)\n" + "Language: kn\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -81,9 +81,8 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"ಈ ಸೌಲಭ್ಯವು ಹೆಚ್ಚು ಪೂರ್ವನಿಯೋಜಿತವಾದ ವಲಯಗಳನ್ನು ಬಳಸುವ ಜನರಿಗೆ ಪ್ರಯೋಜನವಾಗುತ್ತದೆ. " +-"ವಲಯಗಳ ಸಂಪರ್ಕಗಳನ್ನು ಬದಲಾಯಿಸುವ ಬಳಕೆದಾರರಿಗೆ, ಇದು ಬಹುಷಃ ನಿಯಮಿತವಾದ ಉಪಯೋಗವನ್ನು " +-"ಒದಗಿಸಬಹುದು." ++"ಈ ಸೌಲಭ್ಯವು ಹೆಚ್ಚು ಪೂರ್ವನಿಯೋಜಿತವಾದ ವಲಯಗಳನ್ನು ಬಳಸುವ ಜನರಿಗೆ ಪ್ರಯೋಜನವಾಗುತ್ತದೆ. ವಲಯಗಳ " ++"ಸಂಪರ್ಕಗಳನ್ನು ಬದಲಾಯಿಸುವ ಬಳಕೆದಾರರಿಗೆ, ಇದು ಬಹುಷಃ ನಿಯಮಿತವಾದ ಉಪಯೋಗವನ್ನು ಒದಗಿಸಬಹುದು." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -205,8 +204,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ '{zone}' ವಲಯವು " + "ಸಕ್ರಿಯವಾಗಿದೆ" +@@ -263,8 +261,8 @@ msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ '{zone}' " +-"{activated_deactivated} ವಲಯ" ++"'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ " ++"'{zone}' {activated_deactivated} ವಲಯ" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -647,11 +645,12 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" +-"ಸಂಪರ್ಕಸಾಧನವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸದಲ್ಲಿ ಮಾತ್ರ ಇನ್ನೊಂದು ವ್ಯವಸ್ಥೆಗೆ ಫಾರ್ವಾರ್ಡ್ " +-"ಮಾಡುವುದು ಉಪಯೋಗಕ್ಕೆ ಬರುತ್ತದೆ.\n" ++"ಸಂಪರ್ಕಸಾಧನವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸದಲ್ಲಿ ಮಾತ್ರ ಇನ್ನೊಂದು ವ್ಯವಸ್ಥೆಗೆ ಫಾರ್ವಾರ್ಡ್ ಮಾಡುವುದು " ++"ಉಪಯೋಗಕ್ಕೆ ಬರುತ್ತದೆ.\n" + "ನೀವು ಈ ವಲಯವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸಲು ಬಯಸುವಿರಾ?" + + #: ../src/firewall-config.in:5376 +@@ -813,8 +812,7 @@ msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನ ಫಾರ್ವಾರ್ಡಿಂಗ + #: ../src/firewall-config.glade.h:23 + msgid "" + "Please select the source and destination options according to your needs." +-msgstr "" +-"ನಿಮ್ಮ ಅಗತ್ಯಗಳಿಗನುಗುಣವಾಗಿ ದಯವಿಟ್ಟು ಮೂಲ ಹಾಗು ಉದ್ದಿಷ್ಟ ಸ್ಥಳದ ಆಯ್ಕೆಗಳನ್ನು ಆರಿಸಿ." ++msgstr "ನಿಮ್ಮ ಅಗತ್ಯಗಳಿಗನುಗುಣವಾಗಿ ದಯವಿಟ್ಟು ಮೂಲ ಹಾಗು ಉದ್ದಿಷ್ಟ ಸ್ಥಳದ ಆಯ್ಕೆಗಳನ್ನು ಆರಿಸಿ." + + #: ../src/firewall-config.glade.h:24 + msgid "Port / Port Range:" +@@ -837,8 +835,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"ನೀವು ಸ್ಥಳೀಯ ಫಾರ್ವಾಡಿಂಗ್ ಅನ್ನು ಶಕ್ತಗೊಳಿಸಿದಲ್ಲಿ, ನೀವು ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು " +-"ಸೂಚಿಸಬೇಕು. ಈ ಸಂಪರ್ಕಸ್ಥಾನವು ಮೂಲ ಸಂಪರ್ಕಸ್ಥಾನಕ್ಕೆ ಪ್ರತ್ಯೇಕವಾಗಿರಬೇಕು." ++"ನೀವು ಸ್ಥಳೀಯ ಫಾರ್ವಾಡಿಂಗ್ ಅನ್ನು ಶಕ್ತಗೊಳಿಸಿದಲ್ಲಿ, ನೀವು ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸೂಚಿಸಬೇಕು. " ++"ಈ ಸಂಪರ್ಕಸ್ಥಾನವು ಮೂಲ ಸಂಪರ್ಕಸ್ಥಾನಕ್ಕೆ ಪ್ರತ್ಯೇಕವಾಗಿರಬೇಕು." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -946,10 +944,10 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ಫೈರ್ವಾಲ್ ನಿಯಮಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುತ್ತದೆ. ಪ್ರಸಕ್ತ ಶಾಶ್ವತ ಸಂರಚನೆಯು ಹೊಸ ಚಾಲನಾ " +-"ಸಮಯದ ಸಂರಚನೆಯಾಗುತ್ತದೆ. ಅಂದರೆ, ಎಲ್ಲಾ ಚಾಲನಾಸಮಯದ ಮಾತ್ರದ ಬದಲಾವಣೆಗಳು ಶಾಶ್ವತ " +-"ಸಂರಚನೆಯಲ್ಲಿ ಇರದೆ ಇದ್ದರೂ ಸಹ ಅವುಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಆಗುವವರೆಗೆ ಮಾಡಲಾಗುತ್ತದೆ, ಮತ್ತು " +-"ಅವುಗಳು ಮರಳಿ ಲೋಡ್ ಮಾಡಿದಾಗ ಇಲ್ಲವಾಗುತ್ತದೆ." ++"ಫೈರ್ವಾಲ್ ನಿಯಮಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುತ್ತದೆ. ಪ್ರಸಕ್ತ ಶಾಶ್ವತ ಸಂರಚನೆಯು ಹೊಸ ಚಾಲನಾ ಸಮಯದ " ++"ಸಂರಚನೆಯಾಗುತ್ತದೆ. ಅಂದರೆ, ಎಲ್ಲಾ ಚಾಲನಾಸಮಯದ ಮಾತ್ರದ ಬದಲಾವಣೆಗಳು ಶಾಶ್ವತ ಸಂರಚನೆಯಲ್ಲಿ ಇರದೆ " ++"ಇದ್ದರೂ ಸಹ ಅವುಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಆಗುವವರೆಗೆ ಮಾಡಲಾಗುತ್ತದೆ, ಮತ್ತು ಅವುಗಳು ಮರಳಿ ಲೋಡ್ " ++"ಮಾಡಿದಾಗ ಇಲ್ಲವಾಗುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -982,8 +980,8 @@ msgstr "" + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." + msgstr "" +-"ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ ಎಂದರೆ ಎಲ್ಲಾ ಒಳಬರುವ ಮತ್ತು ಹೊರಹೋಗುವ ಪ್ಯಾಕೆಟ್‌ಗಳನ್ನು " +-"ಬಿಟ್ಟುಬಿಡಲಾಗುತ್ತದೆ ಎಂದರ್ಥ." ++"ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ ಎಂದರೆ ಎಲ್ಲಾ ಒಳಬರುವ ಮತ್ತು ಹೊರಹೋಗುವ ಪ್ಯಾಕೆಟ್‌ಗಳನ್ನು ಬಿಟ್ಟುಬಿಡಲಾಗುತ್ತದೆ " ++"ಎಂದರ್ಥ." + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -994,8 +992,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"ಕೇವಲ ಲಾಕ್‌ಡೌನ್ ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಅನ್ವಯಗಳು ಮಾತ್ರ ಬದಲಾಯಿಸಲು ಅವಕಾಶ ಇರುವಂತೆ " +-"ಫೈರ್ವಾಲ್ ಸಂರಚನೆಯನ್ನು ಲಾಕ್‌ಡೌನ್ ಲಾಕ್ ಮಾಡುತ್ತದೆ." ++"ಕೇವಲ ಲಾಕ್‌ಡೌನ್ ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಅನ್ವಯಗಳು ಮಾತ್ರ ಬದಲಾಯಿಸಲು ಅವಕಾಶ ಇರುವಂತೆ ಫೈರ್ವಾಲ್ " ++"ಸಂರಚನೆಯನ್ನು ಲಾಕ್‌ಡೌನ್ ಲಾಕ್ ಮಾಡುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1069,9 +1067,9 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"ಪ್ರಸಕ್ತ ಗೋಚರಿಸುವ ಸಂರಚನೆ. ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯು ನಿಜವಾದ ಸಕ್ರಿಯ ಸಂರಚನೆಯಾಗಿದೆ. " +-"ಶಾಶ್ವತ ಸಂರಚನೆಯು ಸೇವೆ ಅಥವ ವ್ಯವಸ್ಥೆಯನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುವಿಕೆ ಅಥವ ಮರಳಿ " +-"ಆರಂಭಿಸುವಿಕೆಯ ನಂತರ ಸಕ್ರಿಯವಾಗುತ್ತದೆ." ++"ಪ್ರಸಕ್ತ ಗೋಚರಿಸುವ ಸಂರಚನೆ. ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯು ನಿಜವಾದ ಸಕ್ರಿಯ ಸಂರಚನೆಯಾಗಿದೆ. ಶಾಶ್ವತ " ++"ಸಂರಚನೆಯು ಸೇವೆ ಅಥವ ವ್ಯವಸ್ಥೆಯನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುವಿಕೆ ಅಥವ ಮರಳಿ ಆರಂಭಿಸುವಿಕೆಯ ನಂತರ " ++"ಸಕ್ರಿಯವಾಗುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1081,11 +1079,11 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"ಒಂದು firewalld ವಲಯವು, ವಲಯಕ್ಕೆ ಬರುವ ಜಾಲಬಂಧ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು " +-"(ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗಾಗಿನ ನಂಬಿಕೆಯ ಮಟ್ಟವನ್ನು ವಿವರಿಸುತ್ತದೆ. ವಲಯವು " +-"ಸೇವೆಗಳು, ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಛದ್ಮವೇಶಗೊಳಿಕೆ, ಸಂಪರ್ಕಸ್ಥಾನ/ಪ್ಯಾಕೆಟ್ " +-"ಫಾರ್ವಾರ್ಡಿಂಗ್, icmp ಫಿಲ್ಟರುಗಳು ಮತ್ತು ಸಮೃದ್ಧ ನಿಯಮಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ. ವಲಯವು " +-"ಸಂಪರ್ಕಸಾಧನಗಳು ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗೆ ಬದ್ಧವಾಗಿರಬಹುದು." ++"ಒಂದು firewalld ವಲಯವು, ವಲಯಕ್ಕೆ ಬರುವ ಜಾಲಬಂಧ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) " ++"ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗಾಗಿನ ನಂಬಿಕೆಯ ಮಟ್ಟವನ್ನು ವಿವರಿಸುತ್ತದೆ. ವಲಯವು ಸೇವೆಗಳು, " ++"ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಛದ್ಮವೇಶಗೊಳಿಕೆ, ಸಂಪರ್ಕಸ್ಥಾನ/ಪ್ಯಾಕೆಟ್ ಫಾರ್ವಾರ್ಡಿಂಗ್, icmp " ++"ಫಿಲ್ಟರುಗಳು ಮತ್ತು ಸಮೃದ್ಧ ನಿಯಮಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ. ವಲಯವು ಸಂಪರ್ಕಸಾಧನಗಳು ಮತ್ತು ಆಕರ " ++"ವಿಳಾಸಗಳಿಗೆ ಬದ್ಧವಾಗಿರಬಹುದು." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1109,9 +1107,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"ಯಾವ ಸೇವೆಗಳು ನಂಬಿಕಸ್ತ ಎಂದು ಇಲ್ಲಿ ನೀವು ಸೂಚಿಸಬಹುದು. ನಂಬಿಕಸ್ತ ಸೇವೆಗಳನ್ನು ಈ " +-"ವಲಯಕ್ಕೆ ಬರುವ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರಗಳಿಂದ ತಲುಪುವ " +-"ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಹಾಗು ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾಗಿರುತ್ತವೆ." ++"ಯಾವ ಸೇವೆಗಳು ನಂಬಿಕಸ್ತ ಎಂದು ಇಲ್ಲಿ ನೀವು ಸೂಚಿಸಬಹುದು. ನಂಬಿಕಸ್ತ ಸೇವೆಗಳನ್ನು ಈ ವಲಯಕ್ಕೆ " ++"ಬರುವ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರಗಳಿಂದ ತಲುಪುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ " ++"ಹಾಗು ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾಗಿರುತ್ತವೆ." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1122,9 +1120,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕ ಜೋಡಿಸುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಅಥವ ಜಾಲಬಂಧಗಳಿಂದ " +-"ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾದಂತ ಹೆಚ್ಚುವರಿ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಅಥವ ಸಂಪರ್ಕಸ್ಥಾನ " +-"ವ್ಯಾಪ್ತಿಗಳನ್ನು ಸೇರಿಸಿ." ++"ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕ ಜೋಡಿಸುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಅಥವ ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾದಂತ " ++"ಹೆಚ್ಚುವರಿ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಅಥವ ಸಂಪರ್ಕಸ್ಥಾನ ವ್ಯಾಪ್ತಿಗಳನ್ನು ಸೇರಿಸಿ." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1179,9 +1176,8 @@ msgid "" + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" + "ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧಕ್ಕೆ ಸಂಪರ್ಕ ಕಲ್ಪಿಸುವ ಅತಿಥೇಯ ಅಥವ ರೌಟರ್ ಅನ್ನು ಸಂಯೋಜಿಸುವಾಗ " +-"ಛದ್ಮವೇಶಗೊಳಿಕೆಯು(Masquerading) ಸಹಾಯಕವಾಗುತ್ತದೆ. ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧವು " +-"ಅಂತರ್ಜಾಲಕ್ಕೆ ಒಂದು ಅತಿಥೇಯವಾಗಿ ಗೋಚರಿಸುವುದಿಲ್ಲ. ಛದ್ಮವೇಶಿಸುವುದು IPv4 ನಲ್ಲಿ ಮಾತ್ರ." +-"" ++"ಛದ್ಮವೇಶಗೊಳಿಕೆಯು(Masquerading) ಸಹಾಯಕವಾಗುತ್ತದೆ. ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧವು ಅಂತರ್ಜಾಲಕ್ಕೆ " ++"ಒಂದು ಅತಿಥೇಯವಾಗಿ ಗೋಚರಿಸುವುದಿಲ್ಲ. ಛದ್ಮವೇಶಿಸುವುದು IPv4 ನಲ್ಲಿ ಮಾತ್ರ." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1206,10 +1202,10 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ಸ್ಥಳೀಯ ಗಣಕದಲ್ಲಿನ ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನದಿಂದ ಇನ್ನೊಂದಕ್ಕೆ ಅಥವ ಸ್ಥಳೀಯ ಗಣಕದಿಂದ " +-"ಇನ್ನೊಂದು ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಫಾರ್ವಾರ್ಡ್‌ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಬೇರೆ " +-"ಗಣಕಕ್ಕೆ ಫಾರ್ವಾರ್ಡ್‌ ಮಾಡುವುದು, ಸಂಪರ್ಕಸಾಧನವು ಮರೆಮಾಚಲ್ಪಟ್ಟಿದ್ದಲ್ಲಿ ಮಾತ್ರ " +-"ಪ್ರಯೋಜನಕಾರಿಯಾಗುತ್ತದೆ. ಸಂಪರ್ಕಸ್ಥಾನ ಫಾರ್ವಾಡಿಂಗ್ ಕೇವಲ IPv4 ಮಾತ್ರ ಆಗಿರುತ್ತದೆ." ++"ಸ್ಥಳೀಯ ಗಣಕದಲ್ಲಿನ ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನದಿಂದ ಇನ್ನೊಂದಕ್ಕೆ ಅಥವ ಸ್ಥಳೀಯ ಗಣಕದಿಂದ ಇನ್ನೊಂದು ಗಣಕಕ್ಕೆ " ++"ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಫಾರ್ವಾರ್ಡ್‌ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಬೇರೆ ಗಣಕಕ್ಕೆ ಫಾರ್ವಾರ್ಡ್‌ ಮಾಡುವುದು, " ++"ಸಂಪರ್ಕಸಾಧನವು ಮರೆಮಾಚಲ್ಪಟ್ಟಿದ್ದಲ್ಲಿ ಮಾತ್ರ ಪ್ರಯೋಜನಕಾರಿಯಾಗುತ್ತದೆ. ಸಂಪರ್ಕಸ್ಥಾನ ಫಾರ್ವಾಡಿಂಗ್ " ++"ಕೇವಲ IPv4 ಮಾತ್ರ ಆಗಿರುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1229,18 +1225,17 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜ್ ಪ್ರೊಟೋಕಾಲ್ (ICMP) ಹೆಚ್ಚಾಗಿ ಜಾಲದೊಳಗಿನ ಗಣಕಗಳ ನಡುವೆ " +-"ದೋಷ ಸಂದೇಶಗಳನ್ನು ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ, ಆದರೆ ಇದರ ಜೊತೆಗೆ ಮಾಹಿತಿಯ ಸಂದೇಶಗಳಾದಂತಹ " +-"ಪಿಂಗ್ ಮನವಿಗಳು ಹಾಗು ಪ್ರತ್ಯುತ್ತರಗಳನ್ನೂ ಸಹ ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ." ++"ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜ್ ಪ್ರೊಟೋಕಾಲ್ (ICMP) ಹೆಚ್ಚಾಗಿ ಜಾಲದೊಳಗಿನ ಗಣಕಗಳ ನಡುವೆ ದೋಷ " ++"ಸಂದೇಶಗಳನ್ನು ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ, ಆದರೆ ಇದರ ಜೊತೆಗೆ ಮಾಹಿತಿಯ ಸಂದೇಶಗಳಾದಂತಹ ಪಿಂಗ್ " ++"ಮನವಿಗಳು ಹಾಗು ಪ್ರತ್ಯುತ್ತರಗಳನ್ನೂ ಸಹ ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"ಪಟ್ಟಿಯಲ್ಲಿರುವ ತಿರಸ್ಕರಿಸಬೇಕಿರುವ ICMP ಬಗೆಗಳನ್ನು ಗುರುತು ಹಾಕಿ. ಎಲ್ಲಾ ಇತರೆ ICMP " +-"ಬಗೆಗಳು ಫೈರ್ವಾಲ್ ಮೂಲಕ ಹಾದುಹೋಗಲು ಅನುಮತಿಸಲ್ಪಡುತ್ತವೆ. ಪೂರ್ವನಿಯೋಜಿತವಾಗಿ ಯಾವುದೆ " +-"ಮಿತಿ ಇರುವುದಿಲ್ಲ." ++"ಪಟ್ಟಿಯಲ್ಲಿರುವ ತಿರಸ್ಕರಿಸಬೇಕಿರುವ ICMP ಬಗೆಗಳನ್ನು ಗುರುತು ಹಾಕಿ. ಎಲ್ಲಾ ಇತರೆ ICMP ಬಗೆಗಳು " ++"ಫೈರ್ವಾಲ್ ಮೂಲಕ ಹಾದುಹೋಗಲು ಅನುಮತಿಸಲ್ಪಡುತ್ತವೆ. ಪೂರ್ವನಿಯೋಜಿತವಾಗಿ ಯಾವುದೆ ಮಿತಿ ಇರುವುದಿಲ್ಲ." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1281,9 +1276,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"ಸಂಪರ್ಕಸಾಧನಗಳನ್ನು ವಲಯಕ್ಕೆ ಬೈಂಡ್ ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಸಂಪರ್ಕಸಾಧನವನ್ನು " +-"ಒಂದು ಸಂಪರ್ಕದಿಂದ ಬಳಸಲಾಗುತ್ತಿದ್ದರೆ, ವಲಯವನ್ನು ಸಂಪರ್ಕದಿಂದ ಸೂಚಿಸಲಾದ ವಲಯಕ್ಕೆ " +-"ಹೊಂದಿಸಲಾಗುತ್ತದೆ." ++"ಸಂಪರ್ಕಸಾಧನಗಳನ್ನು ವಲಯಕ್ಕೆ ಬೈಂಡ್ ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಸಂಪರ್ಕಸಾಧನವನ್ನು ಒಂದು " ++"ಸಂಪರ್ಕದಿಂದ ಬಳಸಲಾಗುತ್ತಿದ್ದರೆ, ವಲಯವನ್ನು ಸಂಪರ್ಕದಿಂದ ಸೂಚಿಸಲಾದ ವಲಯಕ್ಕೆ ಹೊಂದಿಸಲಾಗುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1325,8 +1319,8 @@ msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." + msgstr "" +-"ಒಂದು firewalld ಸೇವೆಯು ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಮಾಡ್ಯೂಲ್‌ಗಳು ಮತ್ತು " +-"ಉದ್ಧೇಶಿತ ವಿಳಾಸಗಳ ಒಂದು ಸಂಯೋಜನೆಯಾಗಿರುತ್ತದೆ." ++"ಒಂದು firewalld ಸೇವೆಯು ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಮಾಡ್ಯೂಲ್‌ಗಳು ಮತ್ತು ಉದ್ಧೇಶಿತ " ++"ವಿಳಾಸಗಳ ಒಂದು ಸಂಯೋಜನೆಯಾಗಿರುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1382,9 +1376,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"ನೀವು ಉದ್ಧೇಶಿತ ವಿಳಾಸವನ್ನು ಸೂಚಿಸಿದಲ್ಲಿ, ಸೇವೆಯ ನಮೂದನ್ನು ಉದ್ಧೇಶಿತ ವಿಳಾಸ ಮತ್ತು " +-"ಬಗೆಗೆ ಮಿತಿಗೊಳಿಸಲಾಗುತ್ತದೆ. ಎರಡೂ ನಮೂದಗಳನ್ನು ಖಾಲಿ ಬಿಟ್ಟಲ್ಲಿ, ಯಾವುದೆ ಮಿತಿ " +-"ಇರುವುದಿಲ್ಲ." ++"ನೀವು ಉದ್ಧೇಶಿತ ವಿಳಾಸವನ್ನು ಸೂಚಿಸಿದಲ್ಲಿ, ಸೇವೆಯ ನಮೂದನ್ನು ಉದ್ಧೇಶಿತ ವಿಳಾಸ ಮತ್ತು ಬಗೆಗೆ " ++"ಮಿತಿಗೊಳಿಸಲಾಗುತ್ತದೆ. ಎರಡೂ ನಮೂದಗಳನ್ನು ಖಾಲಿ ಬಿಟ್ಟಲ್ಲಿ, ಯಾವುದೆ ಮಿತಿ ಇರುವುದಿಲ್ಲ." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1399,8 +1392,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"ಸೇವೆಗಳನ್ನು ಶಾಶ್ವತ ಸಂರಚನಾ ನೋಟದಲ್ಲಿ ಮಾತ್ರ ಬಳಸಲು ಸಾಧ್ಯವಿರುತ್ತದೆ. ಸೇವೆಗಳ " +-"ಚಾಲನಾಸಮಯ ಸಂರಚನೆಯು ನಿಶ್ಚಿತವಾಗಿರುತ್ತದೆ." ++"ಸೇವೆಗಳನ್ನು ಶಾಶ್ವತ ಸಂರಚನಾ ನೋಟದಲ್ಲಿ ಮಾತ್ರ ಬಳಸಲು ಸಾಧ್ಯವಿರುತ್ತದೆ. ಸೇವೆಗಳ ಚಾಲನಾಸಮಯ " ++"ಸಂರಚನೆಯು ನಿಶ್ಚಿತವಾಗಿರುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1460,8 +1453,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"ಒಂದು firewalld icmptype ಎನ್ನುವುದು firewalld ಗಾಗಿನ ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ " +-"ಮೆಸೇಜಿಂಗ್ ಪ್ರೊಟೊಕಾಲ್ (ICMP) ಗಾಗಿ ಮಾಹಿತಿಯನ್ನು ಒದಗಿಸುತ್ತದೆ." ++"ಒಂದು firewalld icmptype ಎನ್ನುವುದು firewalld ಗಾಗಿನ ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜಿಂಗ್ " ++"ಪ್ರೊಟೊಕಾಲ್ (ICMP) ಗಾಗಿ ಮಾಹಿತಿಯನ್ನು ಒದಗಿಸುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1510,11 +1503,11 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"ನೇರ ಸಂರಚನೆಯು ಫೈರ್ವಾಲ್‌ಗೆ ಹೆಚ್ಚು ನೇರವಾದ ಪ್ರವೇಶವನ್ನು ಒದಗಿಸುತ್ತದೆ. ಈ " +-"ಆಯ್ಕೆಗಳಿಗಾಗಿ ಬಳಕೆದಾರರು ಮೂಲಭೂತ iptables ಪರಿಕಲ್ಪನೆಗಳನ್ನು ತಿಳಿಯುವ " +-"ಅಗತ್ಯವಿರುತ್ತದೆ, ಅಂದರೆ, ಕೋಷ್ಟಕಗಳು, ಸರಣಿಗಳು, ಆದೇಶಗಳು, ನಿಯತಾಂಕಗಳು ಮತ್ತು ಗುರಿಗಳು." +-" ನೇರ ಸಂರಚನೆಯನ್ನು ಬೇರವಾವುದೆ firewalld ಯ ಸೌಲಭ್ಯಗಳನ್ನು ಬಳಸಲು ಸಾಧ್ಯವಾಗದೆ ಇದ್ದಾಗ " +-"ಮಾತ್ರ ಕೊನೆಯ ಉಪಾಯವಾಗಿ ಬಳಸಬೇಕ." ++"ನೇರ ಸಂರಚನೆಯು ಫೈರ್ವಾಲ್‌ಗೆ ಹೆಚ್ಚು ನೇರವಾದ ಪ್ರವೇಶವನ್ನು ಒದಗಿಸುತ್ತದೆ. ಈ ಆಯ್ಕೆಗಳಿಗಾಗಿ " ++"ಬಳಕೆದಾರರು ಮೂಲಭೂತ iptables ಪರಿಕಲ್ಪನೆಗಳನ್ನು ತಿಳಿಯುವ ಅಗತ್ಯವಿರುತ್ತದೆ, ಅಂದರೆ, " ++"ಕೋಷ್ಟಕಗಳು, ಸರಣಿಗಳು, ಆದೇಶಗಳು, ನಿಯತಾಂಕಗಳು ಮತ್ತು ಗುರಿಗಳು. ನೇರ ಸಂರಚನೆಯನ್ನು " ++"ಬೇರವಾವುದೆ firewalld ಯ ಸೌಲಭ್ಯಗಳನ್ನು ಬಳಸಲು ಸಾಧ್ಯವಾಗದೆ ಇದ್ದಾಗ ಮಾತ್ರ ಕೊನೆಯ ಉಪಾಯವಾಗಿ " ++"ಬಳಸಬೇಕ." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1522,9 +1515,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"ಪ್ರತಿಯೊಂದು ಆಯ್ಕೆಯ ipv ಆರ್ಗ್ಯುಮೆಂಟ್‌ ipv4 ಅಥವ ipv6 ಅಥವ eb ಆಗಿರಬೇಕು. ipv4 " +-"ನೊಂದಿಗೆ ಇದು iptables ಗಾಗಿ, ip6tables ಗಾಗಿ ipv6 ನೊಂದಿಗೆ ಮತ್ತು ಎತರ್ನೆಟ್ " +-"ಬ್ರಿಜ್‌ಗಳಿಗಾಗಿ (ebtables) eb ಇರುತ್ತದೆ." ++"ಪ್ರತಿಯೊಂದು ಆಯ್ಕೆಯ ipv ಆರ್ಗ್ಯುಮೆಂಟ್‌ ipv4 ಅಥವ ipv6 ಅಥವ eb ಆಗಿರಬೇಕು. ipv4 ನೊಂದಿಗೆ " ++"ಇದು iptables ಗಾಗಿ, ip6tables ಗಾಗಿ ipv6 ನೊಂದಿಗೆ ಮತ್ತು ಎತರ್ನೆಟ್ ಬ್ರಿಜ್‌ಗಳಿಗಾಗಿ " ++"(ebtables) eb ಇರುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1550,8 +1543,8 @@ msgstr "ಸರಣಿಗಳು" + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." + msgstr "" +-"ಒಂದು ಆದ್ಯತೆಯೊಂದಿಗೆ ಕೋಷ್ಟಕವೊಂದರಲ್ಲಿ ಒಂದು ಸರಣಗೆ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳ args ನೊಂದಿಗೆ " +-"ಒಂದು ನಿಯಮವನ್ನು ಸೇರಿಸು." ++"ಒಂದು ಆದ್ಯತೆಯೊಂದಿಗೆ ಕೋಷ್ಟಕವೊಂದರಲ್ಲಿ ಒಂದು ಸರಣಗೆ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳ args ನೊಂದಿಗೆ ಒಂದು " ++"ನಿಯಮವನ್ನು ಸೇರಿಸು." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1562,13 +1555,12 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"ನಿಯಮಗಳನ್ನು ಕ್ರಮವಾಗಿರಿಸಲು ಆದ್ಯತೆಯನ್ನು ಬಳಸಲಾಗುತ್ತದೆ. ಆದ್ಯತೆ 0 ಎಂದರೆ ಸರಣಿಯ " +-"ಮೇಲ್ಭಾಗದಲ್ಲಿ ನಿಯಮವನ್ನು ಸೇರಿಸು ಎಂದರ್ಥ, ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯಲ್ಲಿ ನಿಯಮವನ್ನು ಇನ್ನೂ " +-"ಕೆಳಗೆ ಸೇರಿಸಲಾಗುತ್ತದೆ. ಒಂದೇ ಆದ್ಯತೆಯನ್ನು ಹೊಂದಿರುವ ನಿಯಮಗಳು ಒಂದೇ ಹಂತದಲ್ಲಿ " +-"ಇರುತ್ತವೆ ಮತ್ತು ಈ ನಿಯಮಗಳ ಅನುಕ್ರಮವು ಒಂದೇ ರೀತಿ ಇರದೆ ಬದಲಾವಣೆ ಹೊಂದುವ ಸಾಧ್ಯತೆ " +-"ಇರುತ್ತದೆ. ಒಂದು ನಿಯಮದ ನಂತರ ಇನ್ನೊಂದು ನಿಯಮವನ್ನು ಸೇರಿಸಬೇಕು ಎನ್ನುವುದನ್ನು " +-"ಖಚಿತಪಡಿಸಿಕೊಳ್ಳಲು ನೀವು ಬಯಸಿದಲ್ಲಿ, ಮೊದಲನೆಯದಕ್ಕೆ ಕಡಿಮೆ ಆದ್ಯತೆಯನ್ನು ಮತ್ತು " +-"ನಂತರದವುಗಳಿಗೆ ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯನ್ನು ಬಳಸಿ." ++"ನಿಯಮಗಳನ್ನು ಕ್ರಮವಾಗಿರಿಸಲು ಆದ್ಯತೆಯನ್ನು ಬಳಸಲಾಗುತ್ತದೆ. ಆದ್ಯತೆ 0 ಎಂದರೆ ಸರಣಿಯ ಮೇಲ್ಭಾಗದಲ್ಲಿ " ++"ನಿಯಮವನ್ನು ಸೇರಿಸು ಎಂದರ್ಥ, ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯಲ್ಲಿ ನಿಯಮವನ್ನು ಇನ್ನೂ ಕೆಳಗೆ ಸೇರಿಸಲಾಗುತ್ತದೆ. " ++"ಒಂದೇ ಆದ್ಯತೆಯನ್ನು ಹೊಂದಿರುವ ನಿಯಮಗಳು ಒಂದೇ ಹಂತದಲ್ಲಿ ಇರುತ್ತವೆ ಮತ್ತು ಈ ನಿಯಮಗಳ ಅನುಕ್ರಮವು " ++"ಒಂದೇ ರೀತಿ ಇರದೆ ಬದಲಾವಣೆ ಹೊಂದುವ ಸಾಧ್ಯತೆ ಇರುತ್ತದೆ. ಒಂದು ನಿಯಮದ ನಂತರ ಇನ್ನೊಂದು " ++"ನಿಯಮವನ್ನು ಸೇರಿಸಬೇಕು ಎನ್ನುವುದನ್ನು ಖಚಿತಪಡಿಸಿಕೊಳ್ಳಲು ನೀವು ಬಯಸಿದಲ್ಲಿ, ಮೊದಲನೆಯದಕ್ಕೆ " ++"ಕಡಿಮೆ ಆದ್ಯತೆಯನ್ನು ಮತ್ತು ನಂತರದವುಗಳಿಗೆ ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯನ್ನು ಬಳಸಿ." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1592,9 +1584,9 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"ಪಾಸ್‌ತ್ರೂ ನಿಯಮಗಳನ್ನು ನೇರವಾಗಿ ಫೈರ್ವಾಲ್‌ ಮುಖಾಂತರ ಹಾದುಹೋಗುವಂತೆ ಮಾಡಲಾಗುತ್ತದೆ " +-"ಮತ್ತು ಅದನ್ನು ವಿಶೇಷ ಸರಣಿಗಳಲ್ಲಿ ಇರಿಸಲಾಗುವುದಿಲ್ಲ. ಎಲ್ಲಾ iptables, ip6tables " +-"ಮತ್ತು ebtables ಆಯ್ಕೆಗಳನ್ನು ಬಳಸಬಹುದು." ++"ಪಾಸ್‌ತ್ರೂ ನಿಯಮಗಳನ್ನು ನೇರವಾಗಿ ಫೈರ್ವಾಲ್‌ ಮುಖಾಂತರ ಹಾದುಹೋಗುವಂತೆ ಮಾಡಲಾಗುತ್ತದೆ ಮತ್ತು ಅದನ್ನು " ++"ವಿಶೇಷ ಸರಣಿಗಳಲ್ಲಿ ಇರಿಸಲಾಗುವುದಿಲ್ಲ. ಎಲ್ಲಾ iptables, ip6tables ಮತ್ತು ebtables " ++"ಆಯ್ಕೆಗಳನ್ನು ಬಳಸಬಹುದು." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1623,9 +1615,8 @@ msgid "" + "contain commands, contexts, users and user ids." + msgstr "" + "ಲಾಕ್‌ಡೌನ್ ಸೌಲಭ್ಯವು firewalld ಗಾಗಿನ ಬಳಕೆದಾರ ಮತ್ತು ಅನ್ವಯ ಪಾಲಿಸಿಗಳ ಒಂದು ಹಗುರ " +-"ಆವೃತ್ತಿಯಾಗಿದೆ. ಇದು ಫೈರ್‌ವಾಲ್‌ಗೆ ಬದಲಾವಣೆಗಳನ್ನು ಮಿತಿಗೊಳಿಸುತ್ತದೆ. ಲಾಕ್‌ಡೌನ್‌ " +-"ವೈಟ್‌ಲಿಸ್ಟ್ ಆದೇಶಗಳು, ಸನ್ನಿವೇಶಗಳು, ಬಳಕೆದಾರರು ಮತ್ತು ಬಳಕೆದಾರ idಗಳನ್ನು " +-"ಹೊಂದಿರುತ್ತದೆ." ++"ಆವೃತ್ತಿಯಾಗಿದೆ. ಇದು ಫೈರ್‌ವಾಲ್‌ಗೆ ಬದಲಾವಣೆಗಳನ್ನು ಮಿತಿಗೊಳಿಸುತ್ತದೆ. ಲಾಕ್‌ಡೌನ್‌ ವೈಟ್‌ಲಿಸ್ಟ್ " ++"ಆದೇಶಗಳು, ಸನ್ನಿವೇಶಗಳು, ಬಳಕೆದಾರರು ಮತ್ತು ಬಳಕೆದಾರ idಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1656,10 +1647,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಒಂದು ಆದೇಶದ ನಮೂದು ಒಂದು ಆಸ್ಟೆರಿಸ್ಕ್ '*' ಇಂದ " +-"ಕೊನೆಗೊಳ್ಳುತ್ತಿದ್ದರೆ, ಆದೇಶದಿಂದ ಆರಂಭಗೊಳ್ಳುವ ಎಲ್ಲಾ ಆದೇಶ ಸಾಲುಗಳು " +-"ಹೊಂದಿಕೆಯಾಗುತ್ತವೆ. '*' ಇಲ್ಲದೆ ಇದ್ದಲ್ಲಿ, ಪರಿಪೂರ್ಣವಾದ ಆದೇಶವನ್ನು ಹೊಂದಿರುವ " +-"ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳು ಹೊಂದಿಕೆಯಾಗುವುದು ಅತ್ಯಗತ್ಯ." ++"ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಒಂದು ಆದೇಶದ ನಮೂದು ಒಂದು ಆಸ್ಟೆರಿಸ್ಕ್ '*' ಇಂದ ಕೊನೆಗೊಳ್ಳುತ್ತಿದ್ದರೆ, " ++"ಆದೇಶದಿಂದ ಆರಂಭಗೊಳ್ಳುವ ಎಲ್ಲಾ ಆದೇಶ ಸಾಲುಗಳು ಹೊಂದಿಕೆಯಾಗುತ್ತವೆ. '*' ಇಲ್ಲದೆ ಇದ್ದಲ್ಲಿ, " ++"ಪರಿಪೂರ್ಣವಾದ ಆದೇಶವನ್ನು ಹೊಂದಿರುವ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳು ಹೊಂದಿಕೆಯಾಗುವುದು ಅತ್ಯಗತ್ಯ." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1850,8 +1840,7 @@ msgstr "ನೇರ ನಿಯಮ" + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." + msgstr "" +-"ದಯವಿಟ್ಟು ipv ಮತ್ತು ಕೋಷ್ಟಕವನ್ನು, ಸರಣಿ ಆದ್ಯತೆಯನ್ನು ಆರಿಸಿ ನಂತರ args ಅನ್ನು " +-"ನಮೂದಿಸಿ." ++"ದಯವಿಟ್ಟು ipv ಮತ್ತು ಕೋಷ್ಟಕವನ್ನು, ಸರಣಿ ಆದ್ಯತೆಯನ್ನು ಆರಿಸಿ ನಂತರ args ಅನ್ನು ನಮೂದಿಸಿ." + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1875,9 +1864,7 @@ msgstr "ದಯವಿಟ್ಟು ಒಂದು ಸಮೃದ್ಧ ನಿಯಮವ + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"ಆತಿಥೇಯ ಅಥವ ಜಾಲಬಂಧದ ವೈಟ್ ಅಥವ ಬ್ಲಾಕ್‌ಲಿಸ್ಟ್ ಮಾಡುವಿಕೆಗಾಗಿ ಅಂಶವನ್ನು " +-"ನಿಷ್ಕ್ರಿಯೊಳಿಸಿ." ++msgstr "ಆತಿಥೇಯ ಅಥವ ಜಾಲಬಂಧದ ವೈಟ್ ಅಥವ ಬ್ಲಾಕ್‌ಲಿಸ್ಟ್ ಮಾಡುವಿಕೆಗಾಗಿ ಅಂಶವನ್ನು ನಿಷ್ಕ್ರಿಯೊಳಿಸಿ." + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1905,11 +1892,11 @@ msgstr "ವಿಲೋಮಗೊಳಿಸಿದ" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"ಇದನ್ನು ನಿಷ್ಕ್ರಿಯಗೊಳಿಸಲು ಕ್ರಿಯೆಯು 'reject' ಮತ್ತು ಕುಟುಂಬವು (ಫ್ಯಾಮಿಲಿ) 'ipv4' " +-"ಅಥವ 'ipv6' (ಎರಡೂ ಒಟ್ಟಿಗೆ ಅಲ್ಲ) ಆಗಿರಬೇಕು." ++"ಇದನ್ನು ನಿಷ್ಕ್ರಿಯಗೊಳಿಸಲು ಕ್ರಿಯೆಯು 'reject' ಮತ್ತು ಕುಟುಂಬವು (ಫ್ಯಾಮಿಲಿ) 'ipv4' ಅಥವ " ++"'ipv6' (ಎರಡೂ ಒಟ್ಟಿಗೆ ಅಲ್ಲ) ಆಗಿರಬೇಕು." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/ko.po b/po/ko.po +index f1a49be66160..efb21a848be1 100644 +--- a/po/ko.po ++++ b/po/ko.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # eukim , 2014 + # eukim , 2014 +@@ -18,15 +18,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:25+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Korean (http://www.transifex.com/projects/p/firewalld/" + "language/ko/)\n" + "Language: ko\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -86,7 +86,8 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"이 기능은 대부분 기본값 영역을 사용하는 사용자에게 유용합니다. 연결 영역을 변경한 사용자의 경우 제한적으로 사용할 수 있습니다." ++"이 기능은 대부분 기본값 영역을 사용하는 사용자에게 유용합니다. 연결 영역을 변" ++"경한 사용자의 경우 제한적으로 사용할 수 있습니다." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -205,13 +206,15 @@ msgid "" + "Default Zone '{default_zone}' active for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성화" ++"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 " ++"'{connection}'에 대해 활성화" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "영역 '{zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성화" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "" ++"영역 '{zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성" ++"화" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -259,18 +262,21 @@ msgid "" + "Default zone '{default_zone}' {activated_deactivated} for connection " + "'{connection}' on interface '{interface}'" + msgstr "" +-"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 " +-"{activated_deactivated}" ++"기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 " ++"'{connection}'에 대해 {activated_deactivated}" + + #: ../src/firewall-applet.in:1042 + msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" +-msgstr "영역 '{zone}'이 인터페이스 '{interface}' 상의 연결에 대해 {activated_deactivated}" ++msgstr "" ++"영역 '{zone}'이 인터페이스 '{interface}' 상의 연결에 대해 " ++"{activated_deactivated}" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +-msgstr "영역 '{zone}'이 인터페이스 '{interface}'에 대해 {activated_deactivated}" ++msgstr "" ++"영역 '{zone}'이 인터페이스 '{interface}'에 대해 {activated_deactivated}" + + #: ../src/firewall-applet.in:1070 + #, c-format +@@ -298,7 +304,9 @@ msgstr "firewalld에 연결 시도 중입니다. 대기 중..." + msgid "" + "Failed to connect to firewalld. Please make sure that the service has been " + "started correctly and try again." +-msgstr "방화벽에 연결할 수 없습니다. 서비스를 제대로 시작했는지 확인하고 다시 시도해 주십시오." ++msgstr "" ++"방화벽에 연결할 수 없습니다. 서비스를 제대로 시작했는지 확인하고 다시 시도해 " ++"주십시오." + + #: ../src/firewall-config.in:95 + msgid "Changes applied." +@@ -649,9 +657,12 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" +-msgstr "인터페이스가 마스커레이딩되는 경우에만 다른 시스템에 전송하는 것이 유용합니다.\n" ++msgstr "" ++"인터페이스가 마스커레이딩되는 경우에만 다른 시스템에 전송하는 것이 유용합니" ++"다.\n" + "이 영역을 마스커레이딩하시겠습니까? " + + #: ../src/firewall-config.in:5376 +@@ -682,7 +693,8 @@ msgstr "ipv4 또는 ipv6 주소를 address[/mask] 형식으로 입력하십시 + msgid "" + "The mask can be a network mask or a number for ipv4.\n" + "The mask is a number for ipv6." +-msgstr "mask는 네트워크 마스크 또는 ipv4 숫자로 지정할 수 있습니다.\n" ++msgstr "" ++"mask는 네트워크 마스크 또는 ipv4 숫자로 지정할 수 있습니다.\n" + "mask는 ipv6 숫자입니다." + + #: ../src/firewall-config.in:5776 +@@ -836,7 +848,9 @@ msgstr "대상" + msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." +-msgstr "로컬 포워딩을 사용하실 경우, 포트를 지정하셔야 합니다. 이러한 포트는 소스 포트와 달라야 합니다. " ++msgstr "" ++"로컬 포워딩을 사용하실 경우, 포트를 지정하셔야 합니다. 이러한 포트는 소스 포" ++"트와 달라야 합니다. " + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -944,8 +958,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"방화벽 규칙을 다시 로딩합니다. 현재 영구 설정은 새로운 런타임 설정이 됩니다. 즉, 방화벽 규칙이 영구적 설정에 존재하지 않을 경우 " +-"다시 로딩할 때 까지 변경된 모든 런타임 내용이 손실됩니다." ++"방화벽 규칙을 다시 로딩합니다. 현재 영구 설정은 새로운 런타임 설정이 됩니다. " ++"즉, 방화벽 규칙이 영구적 설정에 존재하지 않을 경우 다시 로딩할 때 까지 변경" ++"된 모든 런타임 내용이 손실됩니다." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -987,7 +1002,9 @@ msgstr "패닉 모드 " + msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." +-msgstr "잠금 기능은 방화벽 설정을 잠금하여 잠금 화이트리스트에 있는 애플리케이션만 변경할 수 있게 합니다. " ++msgstr "" ++"잠금 기능은 방화벽 설정을 잠금하여 잠금 화이트리스트에 있는 애플리케이션만 변" ++"경할 수 있게 합니다. " + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1061,8 +1078,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"현재 사용 가능한 설정. 런타임 설정은 실제 활성화된 설정입니다. 영구 설정은 서비스나 시스템을 다시 로딩하거나 다시 시작한 후 사용할 " +-"수 있습니다." ++"현재 사용 가능한 설정. 런타임 설정은 실제 활성화된 설정입니다. 영구 설정은 서" ++"비스나 시스템을 다시 로딩하거나 다시 시작한 후 사용할 수 있습니다." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1072,9 +1089,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld 영역은 영역과 결합된 네트워크 연결, 인터페이스 및 소스 주소의 신뢰된 수준을 정의합니다. 영역은 서비스, 포트 " +-"프로토콜, 마스커레이딩, 포트/패킷 포워딩, icmp 필터 및 고급 규칙의 조합입니다. 영역은 인터페이스와 소스 주소로 연결될 수 " +-"있습니다." ++"firewalld 영역은 영역과 결합된 네트워크 연결, 인터페이스 및 소스 주소의 신뢰" ++"된 수준을 정의합니다. 영역은 서비스, 포트 프로토콜, 마스커레이딩, 포트/패킷 " ++"포워딩, icmp 필터 및 고급 규칙의 조합입니다. 영역은 인터페이스와 소스 주소로 " ++"연결될 수 있습니다." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1098,8 +1116,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"영역에서 신뢰할 수 있는 서비스를 지정할 수 있습니다. 신뢰할 수 있는 서비스는 이 영역에 결합된 연결, 인터페이스, 소스에서 시스템에 " +-"도달할 수 있는 모든 호스트 및 네트워크에서 액세스 가능하게 됩니다." ++"영역에서 신뢰할 수 있는 서비스를 지정할 수 있습니다. 신뢰할 수 있는 서비스는 " ++"이 영역에 결합된 연결, 인터페이스, 소스에서 시스템에 도달할 수 있는 모든 호스" ++"트 및 네트워크에서 액세스 가능하게 됩니다." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1109,7 +1128,9 @@ msgstr "서비스 " + msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." +-msgstr "이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 추가 포트 또는 포트 범위를 추가합니다. " ++msgstr "" ++"이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 " ++"추가 포트 또는 포트 범위를 추가합니다. " + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1152,7 +1173,8 @@ msgid "" + "Add additional source ports or port ranges, which need to be accessible for " + "all hosts or networks that can connect to the machine." + msgstr "" +-"이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 추가 소스 포트 또는 포트 범위를 추가합니다. " ++"이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 " ++"추가 소스 포트 또는 포트 범위를 추가합니다. " + + #: ../src/firewall-config.glade.h:107 + msgid "Source Ports" +@@ -1164,9 +1186,10 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"마스커레이딩 (Masquerading) 기능은 로컬 네트워크를 인터넷에 연결하는 호스트나 라우터를 설정할 수 있게 합니다. 로컬 " +-"네트워크는 볼 수 없으며 호스트는 인터넷에서 하나의 주소로 나타납니다. 마스커레이딩 (Masquerading) 기능은 IPv4에서만 " +-"해당됩니다. " ++"마스커레이딩 (Masquerading) 기능은 로컬 네트워크를 인터넷에 연결하는 호스트" ++"나 라우터를 설정할 수 있게 합니다. 로컬 네트워크는 볼 수 없으며 호스트는 인터" ++"넷에서 하나의 주소로 나타납니다. 마스커레이딩 (Masquerading) 기능은 IPv4에서" ++"만 해당됩니다. " + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1176,7 +1199,8 @@ msgstr "마스커레이딩 영역 " + msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." +-msgstr "마스커레이딩을 활성화할 경우 IP 포워딩은 IPv4 네트워크에 대해 활성화됩니다." ++msgstr "" ++"마스커레이딩을 활성화할 경우 IP 포워딩은 IPv4 네트워크에 대해 활성화됩니다." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1189,8 +1213,10 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"로컬 시스템 상에서 하나의 포트에서 다른 포트로 또는 로컬 시스템에서 다른 시스템으로 포트를 포워딩하기 위해 항목을 추가합니다. 다른 " +-"시스템으로 포워딩하는 것은 인터페이스가 마스커레이딩되었을 경우에만 유용합니다. 포트 포워딩은 IPv4에서만 해당됩니다. " ++"로컬 시스템 상에서 하나의 포트에서 다른 포트로 또는 로컬 시스템에서 다른 시스" ++"템으로 포트를 포워딩하기 위해 항목을 추가합니다. 다른 시스템으로 포워딩하는 " ++"것은 인터페이스가 마스커레이딩되었을 경우에만 유용합니다. 포트 포워딩은 IPv4" ++"에서만 해당됩니다. " + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1210,23 +1236,25 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ICMP (Internet Control Message Protocol)는 네트워크로 연결된 컴퓨터 간의 오류 메세지를 보내는 데 주로 " +-"사용되지만, 추가로 핑 요청 및 응답과 같은 알림 메세지를 보내는 데 사용될 수 있습니다. " ++"ICMP (Internet Control Message Protocol)는 네트워크로 연결된 컴퓨터 간의 오" ++"류 메세지를 보내는 데 주로 사용되지만, 추가로 핑 요청 및 응답과 같은 알림 메" ++"세지를 보내는 데 사용될 수 있습니다. " + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"목록에서 거부해야 할 ICMP 유형을 표시합니다. 그 외의 모든 ICMP 유형은 방화벽 통과를 허용합니다. 기본값은 제한 없음입니다. " ++"목록에서 거부해야 할 ICMP 유형을 표시합니다. 그 외의 모든 ICMP 유형은 방화벽 " ++"통과를 허용합니다. 기본값은 제한 없음입니다. " + + #: ../src/firewall-config.glade.h:118 + msgid "" + "If Invert Filter is enabled, marked ICMP entries are accepted and the others " + "are rejected. In a zone with the target DROP, they are dropped." + msgstr "" +-"필터 반전이 활성화되어 있을 경우 표시된 ICMP 항목이 허용되며 그 외의 항목은 거부됩니다. 대상 DROP이 있는 영역에서 이러한 " +-"항목은 선택 해제됩니다." ++"필터 반전이 활성화되어 있을 경우 표시된 ICMP 항목이 허용되며 그 외의 항목은 " ++"거부됩니다. 대상 DROP이 있는 영역에서 이러한 항목은 선택 해제됩니다." + + #: ../src/firewall-config.glade.h:119 + msgid "Invert Filter" +@@ -1261,7 +1289,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"영역에 인터페이스를 바인딩할 항목을 추가합니다. 인터페이스가 연결에 의해 사용될 경우 영역은 연결에 지정된 영역으로 설정됩니다." ++"영역에 인터페이스를 바인딩할 항목을 추가합니다. 인터페이스가 연결에 의해 사용" ++"될 경우 영역은 연결에 지정된 영역으로 설정됩니다." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1281,8 +1310,9 @@ msgid "" + "to a MAC source address, but with limitations. Port forwarding and " + "masquerading will not work for MAC source bindings." + msgstr "" +-"영역에 소스 주소 또는 범위를 바인딩할 항목을 추가합니다. MAC 소스 주소를 바인딩할 수 있지만 제한이 따릅니다. 포트 포워딩 및 " +-"마스커레이딩은 MAC 소스 바인딩에 작동하지 않습니다." ++"영역에 소스 주소 또는 범위를 바인딩할 항목을 추가합니다. MAC 소스 주소를 바인" ++"딩할 수 있지만 제한이 따릅니다. 포트 포워딩 및 마스커레이딩은 MAC 소스 바인딩" ++"에 작동하지 않습니다." + + #: ../src/firewall-config.glade.h:132 + msgid "Add Source" +@@ -1326,7 +1356,8 @@ msgstr "서비스 기본값 읽기 " + msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks." +-msgstr "모든 호스트 또는 네트워크에 액세스 가능한 포트 및 포트 범위를 추가합니다." ++msgstr "" ++"모든 호스트 또는 네트워크에 액세스 가능한 포트 및 포트 범위를 추가합니다." + + #: ../src/firewall-config.glade.h:144 + msgid "Edit Entry" +@@ -1340,7 +1371,9 @@ msgstr "항목 삭제 " + msgid "" + "Add additional source ports or port ranges, which need to be accessible for " + "all hosts or networks." +-msgstr "모든 호스트 또는 네트워크에 액세스 가능한 소스 포트 및 포트 범위를 추가합니다." ++msgstr "" ++"모든 호스트 또는 네트워크에 액세스 가능한 소스 포트 및 포트 범위를 추가합니" ++"다." + + #: ../src/firewall-config.glade.h:147 + msgid "Source Port" +@@ -1360,7 +1393,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"대상 주소를 지정할 경우, 서비스 항목은 대상 주소 및 유형으로 제한됩니다. 두 항목 모두가 비어 있을 경우 제한이 없게 됩니다." ++"대상 주소를 지정할 경우, 서비스 항목은 대상 주소 및 유형으로 제한됩니다. 두 " ++"항목 모두가 비어 있을 경우 제한이 없게 됩니다." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1374,14 +1408,17 @@ msgstr "IPv6:" + msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." +-msgstr "서비스는 영구 설정 보기에서만 변경할 수 있습니다. 서비스의 런타임 설정은 고정되어 있습니다. " ++msgstr "" ++"서비스는 영구 설정 보기에서만 변경할 수 있습니다. 서비스의 런타임 설정은 고정" ++"되어 있습니다. " + + #: ../src/firewall-config.glade.h:154 + msgid "" + "An IPSet can be used to create white or black lists and is able to store for " + "example IP addresses, port numbers or MAC addresses. " + msgstr "" +-"IPSet를 사용하여 화이트리스트 또는 블랙리스트를 만들 수 있으며 IP 주소, 포트 번호, MAC 주소 등을 저장할 수 있습니다." ++"IPSet를 사용하여 화이트리스트 또는 블랙리스트를 만들 수 있으며 IP 주소, 포트 " ++"번호, MAC 주소 등을 저장할 수 있습니다." + + #: ../src/firewall-config.glade.h:155 + msgid "IPSet" +@@ -1410,15 +1447,17 @@ msgid "" + "added by firewalld. Entries, that have been directly added with the ipset " + "command wil not be listed here." + msgstr "" +-" IPSet 항목입니다. 시간 제한 옵션을 사용하지 않는 IPSet 항목과 firewalld에 의해 추가된 항목만을 확인할 수 있습니다." +-" 직접 ipset 명령을 실행하여 추가된 항목을 표시되지 않습니다." ++" IPSet 항목입니다. 시간 제한 옵션을 사용하지 않는 IPSet 항목과 firewalld에 " ++"의해 추가된 항목만을 확인할 수 있습니다. 직접 ipset 명령을 실행하여 추가된 항" ++"목을 표시되지 않습니다." + + #: ../src/firewall-config.glade.h:161 + msgid "" + "This IPSet uses the timeout option, therefore no entries are visible here. " + "The entries should be taken care directly with the ipset command." + msgstr "" +-"IPSet는 시간 제한 옵션을 사용하기 때문에 여기에는 항목이 표시되지 않습니다. ipset 명령을 직접 실행하여 항목을 관리합니다." ++"IPSet는 시간 제한 옵션을 사용하기 때문에 여기에는 항목이 표시되지 않습니" ++"다. ipset 명령을 직접 실행하여 항목을 관리합니다." + + #: ../src/firewall-config.glade.h:162 + msgid "Add" +@@ -1438,8 +1477,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld icmp 유형은 firewalld 용 ICMP (Internet Control Message Protocol) 유형의 " +-"정보를 제공합니다. " ++"firewalld icmp 유형은 firewalld 용 ICMP (Internet Control Message Protocol) " ++"유형의 정보를 제공합니다. " + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1465,7 +1504,9 @@ msgstr "ICMP 유형이 IPv4 및 IPv6에서 사용 가능한 지에 대한 여부 + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." +-msgstr "ICMP 유형은 영구 설정 보기에서만 변경할 수 있습니다. ICMP 유형의 런타임 설정은 고정되어 있습니다. " ++msgstr "" ++"ICMP 유형은 영구 설정 보기에서만 변경할 수 있습니다. ICMP 유형의 런타임 설정" ++"은 고정되어 있습니다. " + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1474,8 +1515,9 @@ msgid "" + "are using ports that are unrelated to the signaling connection and are " + "therefore blocked by the firewall without the helper." + msgstr "" +-"연결 추적 헬퍼가 신호 발송과 데이터 전송에 서로 다른 흐름을 사용하는 프로토콜이 작동하도록 돕습니다. 데이터 전송은 신호 발송 연결과 " +-"무관한 포트를 사용하므로 헬퍼 없이는 방화벽에 의해 차단됩니다." ++"연결 추적 헬퍼가 신호 발송과 데이터 전송에 서로 다른 흐름을 사용하는 프로토콜" ++"이 작동하도록 돕습니다. 데이터 전송은 신호 발송 연결과 무관한 포트를 사용하므" ++"로 헬퍼 없이는 방화벽에 의해 차단됩니다." + + #: ../src/firewall-config.glade.h:174 + msgid "Define ports or port ranges, which are monitored by the helper." +@@ -1488,9 +1530,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"직접 설정하면 방화벽에 직접 액세스할 수 있습니다. 이 옵션은 사용자가 iptables의 기본 개념, 즉 테이블, 체인, 명령, 매개 " +-"변수, 대상에 대한 지식을 가지고 있음을 전제로 하고 있습니다. 직접 설정은 다른 방화벽 기능을 사용할 수 없는 경우에 마지막 방법으로 " +-"사용해야 합니다." ++"직접 설정하면 방화벽에 직접 액세스할 수 있습니다. 이 옵션은 사용자가 iptables" ++"의 기본 개념, 즉 테이블, 체인, 명령, 매개 변수, 대상에 대한 지식을 가지고 있" ++"음을 전제로 하고 있습니다. 직접 설정은 다른 방화벽 기능을 사용할 수 없는 경우" ++"에 마지막 방법으로 사용해야 합니다." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1498,8 +1541,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"각 옵션의 ipv 인수는 ipv4, ipv6, eb 중 하나여야 합니다. ipv4를 지정하면 iptables가 사용됩니다. ipv6를 " +-"지정하면 ip6tables가 사용됩니다. eb를 사용하면 이더넷 브리지 (ebtables)가 사용됩니다." ++"각 옵션의 ipv 인수는 ipv4, ipv6, eb 중 하나여야 합니다. ipv4를 지정하면 " ++"iptables가 사용됩니다. ipv6를 지정하면 ip6tables가 사용됩니다. eb를 사용하면 " ++"이더넷 브리지 (ebtables)가 사용됩니다." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1524,7 +1568,8 @@ msgstr "체인 " + #: ../src/firewall-config.glade.h:182 + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." +-msgstr "규칙을 args 인수와 함께 테이블에 있는 체인에 우선 순위를 붙여 추가합니다." ++msgstr "" ++"규칙을 args 인수와 함께 테이블에 있는 체인에 우선 순위를 붙여 추가합니다." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1535,9 +1580,11 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"우선 순위는 규칙의 순서를 지정하는데 사용됩니다. 우선 순위 0은 규칙을 체인의 처음에 추가합니다. 더 높은 우선 순위를 가진 규칙이 더 " +-"아래에 추가됩니다. 동일한 우선 순위를 갖는 규칙은 동일한 수준이 되며 이러한 규칙의 순서는 고정되지 않고 변경될 수 있습니다. 규칙을 " +-"다른 규칙 뒤에 추가하려면 먼저 낮은 우선 순위를 사용하고 그 다음으로 더 높은 우선 순위를 사용합니다." ++"우선 순위는 규칙의 순서를 지정하는데 사용됩니다. 우선 순위 0은 규칙을 체인의 " ++"처음에 추가합니다. 더 높은 우선 순위를 가진 규칙이 더 아래에 추가됩니다. 동일" ++"한 우선 순위를 갖는 규칙은 동일한 수준이 되며 이러한 규칙의 순서는 고정되지 " ++"않고 변경될 수 있습니다. 규칙을 다른 규칙 뒤에 추가하려면 먼저 낮은 우선 순위" ++"를 사용하고 그 다음으로 더 높은 우선 순위를 사용합니다." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1561,8 +1608,8 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"통과 규칙은 직접 방화벽에 전달되는 규칙으로 특별한 체인에 두지 않습니다. iptables, ip6tables, ebtables의 모든 " +-"옵션을 사용할 수 있습니다." ++"통과 규칙은 직접 방화벽에 전달되는 규칙으로 특별한 체인에 두지 않습니다. " ++"iptables, ip6tables, ebtables의 모든 옵션을 사용할 수 있습니다." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1590,8 +1637,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"잠금 기능은 firewalld의 사용자 및 애플리케이션 정책에 대한 경량 버전입니다. 이는 방화벽 변경을 제한합니다. 잠금 " +-"화이트리스트에는 명령, 컨텍스트, 사용자 및 사용자 ID가 포함되어 있습니다. " ++"잠금 기능은 firewalld의 사용자 및 애플리케이션 정책에 대한 경량 버전입니다. " ++"이는 방화벽 변경을 제한합니다. 잠금 화이트리스트에는 명령, 컨텍스트, 사용자 " ++"및 사용자 ID가 포함되어 있습니다. " + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1599,8 +1647,9 @@ msgid "" + "service. To get the context of a running application use ps -e --" + "context." + msgstr "" +-"컨텍스트는 실행 중인 애플리케이션이나 서비스의 보안 (SELinux) 컨텍스트입니다. 실행 중인 애플리케이션의 컨텍스트를 얻으려면 " +-"ps -e --context를 사용합니다." ++"컨텍스트는 실행 중인 애플리케이션이나 서비스의 보안 (SELinux) 컨텍스트입니" ++"다. 실행 중인 애플리케이션의 컨텍스트를 얻으려면 ps -e --context를 " ++"사용합니다." + + #: ../src/firewall-config.glade.h:196 + msgid "Add Context" +@@ -1624,8 +1673,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"화이트리스트의 명령이 별표 '*'로 끝나는 경우 해당 명령으로 시작하는 모든 명령행과 일치하게 됩니다. '*'가 없을 경우 인수를 " +-"포함하여 명령이 정확하게 일치해야 합니다. " ++"화이트리스트의 명령이 별표 '*'로 끝나는 경우 해당 명령으로 시작하는 모든 명령" ++"행과 일치하게 됩니다. '*'가 없을 경우 인수를 포함하여 명령이 정확하게 일치해" ++"야 합니다. " + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1839,7 +1889,9 @@ msgstr "고급 규칙을 입력하십시오. " + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "호스트 또는 네트워크의 경우 화이트 또는 블랙 리스트에 따라 요소가 비활성화됩니다." ++msgstr "" ++"호스트 또는 네트워크의 경우 화이트 또는 블랙 리스트에 따라 요소가 비활성화됩" ++"니다." + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1867,9 +1919,11 @@ msgstr "변환됨 " + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." +-msgstr "이를 활성화하려면 작업을 '거부'하고 'ipv4' 또는 'ipv6' 중 하나 (둘 중 하나)의 제품군을 선택합니다. " ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." ++msgstr "" ++"이를 활성화하려면 작업을 '거부'하고 'ipv4' 또는 'ipv6' 중 하나 (둘 중 하나)" ++"의 제품군을 선택합니다. " + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/lt.po b/po/lt.po +index b2061321ab56..1f117f5afdce 100644 +--- a/po/lt.po ++++ b/po/lt.po +@@ -3,17 +3,17 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-10-31 08:18+0000\n" + "Last-Translator: Moo \n" + "Language-Team: Lithuanian\n" + "Language: lt\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "X-Generator: Zanata 4.6.2\n" +-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +-"(n%100<10 || n%100>=20) ? 1 : 2)\n" ++"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" ++"%100<10 || n%100>=20) ? 1 : 2)\n" + + #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 + msgid "Firewall Applet" +@@ -196,9 +196,9 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "Zona \"{zone}\" aktyvi ryšiui \"{connection}\" ties sąsaja \"{interface}\"" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "" ++"Zona \"{zone}\" aktyvi ryšiui \"{connection}\" ties sąsaja \"{interface}\"" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -640,7 +640,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Peradresavimas į kitą sistemą yra naudingas tik tuomet, jei sąsaja yra " +@@ -1756,8 +1757,7 @@ msgstr "Įveskite žymėjimą ir neprivalomai kaukę." + + #: ../src/firewall-config.glade.h:239 + msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." +-msgstr "" +-"Žymėjimo ir kaukės laukai abudu yra 32 bitų pločio skaičiai be ženklo." ++msgstr "Žymėjimo ir kaukės laukai abudu yra 32 bitų pločio skaičiai be ženklo." + + #: ../src/firewall-config.glade.h:240 + msgid "Mark:" +@@ -1847,8 +1847,8 @@ msgstr "invertuota" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/ml.po b/po/ml.po +index 1bccd7f00ffd..a678b43179c5 100644 +--- a/po/ml.po ++++ b/po/ml.po +@@ -1,22 +1,22 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Ani Peter , 2006-2007,2009,2014 + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 10:00+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Malayalam (http://www.transifex.com/projects/p/firewalld/" + "language/ml/)\n" + "Language: ml\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -69,18 +69,15 @@ msgstr "ഷീള്‍ഡ്സ് അപ്പ്/ഡൌണ്‍ മേഘല + + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." +-msgstr "" +-"ഷീള്‍ഡ്സ് അപ്പ്, ഷീള്‍ഡ്സ് ഡൌണ്‍ എന്നിവയ്ക്കുപയോഗിച്ച മേഘലകള്‍ നിങ്ങള്‍ക്കു് " +-"ഇവിടെ തെരഞ്ഞെടുക്കാം." ++msgstr "ഷീള്‍ഡ്സ് അപ്പ്, ഷീള്‍ഡ്സ് ഡൌണ്‍ എന്നിവയ്ക്കുപയോഗിച്ച മേഘലകള്‍ നിങ്ങള്‍ക്കു് ഇവിടെ തെരഞ്ഞെടുക്കാം." + + #: ../src/firewall-applet.in:226 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"മിക്കപ്പോഴും സ്വതവേയുള്ള മേഘലകള്‍ ഉപയോഗിയ്ക്കുവര്‍ക്കു് ഈ വിശേഷത " +-"പ്രയോജനകരമാണു്. കണക്ഷനുകളുടെ മേഘലകള്‍ മാറ്റുന്ന ഉപയോക്താക്കള്‍ക്കു് അധികം " +-"ഉപയോഗമുണ്ടാവില്ല." ++"മിക്കപ്പോഴും സ്വതവേയുള്ള മേഘലകള്‍ ഉപയോഗിയ്ക്കുവര്‍ക്കു് ഈ വിശേഷത പ്രയോജനകരമാണു്. കണക്ഷനുകളുടെ " ++"മേഘലകള്‍ മാറ്റുന്ന ഉപയോക്താക്കള്‍ക്കു് അധികം ഉപയോഗമുണ്ടാവില്ല." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -202,11 +199,8 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "" +-"'{interface}' ഇന്റര്‍ഫെയിസില്‍ '{connection}' കണക്ഷനു് സജീവമായ '{zone}' " +-"മേഘല" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "'{interface}' ഇന്റര്‍ഫെയിസില്‍ '{connection}' കണക്ഷനു് സജീവമായ '{zone}' മേഘല" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -266,8 +260,7 @@ msgstr "" + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" + msgstr "" +-"'{interface}' ഇന്റര്‍ഫെയിസില്‍ സജീവമായ '{zone}' {activated_deactivated} " +-"മേഘല" ++"'{interface}' ഇന്റര്‍ഫെയിസില്‍ സജീവമായ '{zone}' {activated_deactivated} മേഘല" + + #: ../src/firewall-applet.in:1070 + #, c-format +@@ -646,11 +639,12 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" +-"ഇന്റര്‍ഫെയിസ് മാസ്ക്യുറേഡ് ചെയ്താല്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റത്തിലേക്കു് " +-"ഫോര്‍വേഡ് ചെയ്യുന്നതു് പ്രയോജനകരമാകൂ.\n" ++"ഇന്റര്‍ഫെയിസ് മാസ്ക്യുറേഡ് ചെയ്താല്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റത്തിലേക്കു് ഫോര്‍വേഡ് ചെയ്യുന്നതു് " ++"പ്രയോജനകരമാകൂ.\n" + "ഈ മേഖല മാസ്ക്യുറേഡ് ചെയ്യണമോ ?" + + #: ../src/firewall-config.in:5376 +@@ -755,9 +749,7 @@ msgstr "ദയവായി സന്ദര്‍ഭം നല്‍കുക." + + #: ../src/firewall-config.glade.h:9 + msgid "Please select default zone from the list below." +-msgstr "" +-"താഴെ കാണിച്ചിട്ടുള്ള പട്ടികയില്‍ നിന്നും സ്വതവേയുള്ള മേഘല ദയവായി " +-"തെരഞ്ഞെടുക്കുക." ++msgstr "താഴെ കാണിച്ചിട്ടുള്ള പട്ടികയില്‍ നിന്നും സ്വതവേയുള്ള മേഘല ദയവായി തെരഞ്ഞെടുക്കുക." + + #: ../src/firewall-config.glade.h:10 + msgid "Direct Chain" +@@ -814,8 +806,7 @@ msgstr "പോര്‍ട്ട് ഫോര്‍‍വേര്‍‍ഡി + #: ../src/firewall-config.glade.h:23 + msgid "" + "Please select the source and destination options according to your needs." +-msgstr "" +-"നിങ്ങളുടെ ആവശ്യ‌മനുസരിച്ച് ഉറവിട, ലക്ഷ്യ പോര്‍ട്ടുകള്‍ തെരഞ്ഞെടുക്കുക." ++msgstr "നിങ്ങളുടെ ആവശ്യ‌മനുസരിച്ച് ഉറവിട, ലക്ഷ്യ പോര്‍ട്ടുകള്‍ തെരഞ്ഞെടുക്കുക." + + #: ../src/firewall-config.glade.h:24 + msgid "Port / Port Range:" +@@ -838,8 +829,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"നിങ്ങള്‍ ലോക്കല്‍ ഫോര്‍വേര്‍ഡിങ് സജ്ജമാക്കിയാല്‍, പോര്‍ട്ട് നല്‍കേണ്ടതാണ്. " +-"ഇത് ഉറവിട പോര്‍ട്ടില്‍ നിന്നും വ്യ‌‌ത്യ‌‌സ്തമാണ്." ++"നിങ്ങള്‍ ലോക്കല്‍ ഫോര്‍വേര്‍ഡിങ് സജ്ജമാക്കിയാല്‍, പോര്‍ട്ട് നല്‍കേണ്ടതാണ്. ഇത് ഉറവിട പോര്‍ട്ടില്‍ നിന്നും " ++"വ്യ‌‌ത്യ‌‌സ്തമാണ്." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -947,10 +938,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ഫയര്‍വോള്‍ നിയമങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുന്നു. നിലവില്‍ സ്ഥിരമായുള്ള " +-"ക്രമീകരണം പുതിയ പ്രവര്‍ത്തന ക്രമീകരണമാകുന്നു. അതായതു്, സ്ഥിരമായ " +-"ക്രമീകരണത്തിലില്ലെങ്കില്‍, പ്രവര്‍ത്തന സമയത്തു് വരുത്തിയ മാറ്റങ്ങള്‍ വീണ്ടും " +-"ലഭ്യമാക്കുമ്പോള്‍ നഷ്ടമാകുന്നു." ++"ഫയര്‍വോള്‍ നിയമങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുന്നു. നിലവില്‍ സ്ഥിരമായുള്ള ക്രമീകരണം പുതിയ പ്രവര്‍ത്തന " ++"ക്രമീകരണമാകുന്നു. അതായതു്, സ്ഥിരമായ ക്രമീകരണത്തിലില്ലെങ്കില്‍, പ്രവര്‍ത്തന സമയത്തു് വരുത്തിയ " ++"മാറ്റങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുമ്പോള്‍ നഷ്ടമാകുന്നു." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -982,9 +972,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +-msgstr "" +-"പാനിക്ക് മോഡിനര്‍ത്ഥം വരുന്നതും പോകുന്നതുമായ എല്ലാ പാക്കറ്റുകളും " +-"ഇല്ലാതാക്കുന്നു് എന്നാണു്." ++msgstr "പാനിക്ക് മോഡിനര്‍ത്ഥം വരുന്നതും പോകുന്നതുമായ എല്ലാ പാക്കറ്റുകളും ഇല്ലാതാക്കുന്നു് എന്നാണു്." + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -995,8 +983,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"ലോക്ക്‍ഡൌണ്‍ ഫയര്‍വോള്‍ ക്രമീകരണം പൂട്ടുന്നു. ഇങ്ങനെ വൈറ്റ്‌ലിസ്റ്റിലുള്ള " +-"പ്രയോഗങ്ങള്‍ക്കു് മാത്രമേ ഇതില്‍ മാറ്റം വരുത്തുവാന്‍ സാധ്യമാകൂ." ++"ലോക്ക്‍ഡൌണ്‍ ഫയര്‍വോള്‍ ക്രമീകരണം പൂട്ടുന്നു. ഇങ്ങനെ വൈറ്റ്‌ലിസ്റ്റിലുള്ള പ്രയോഗങ്ങള്‍ക്കു് മാത്രമേ ഇതില്‍ " ++"മാറ്റം വരുത്തുവാന്‍ സാധ്യമാകൂ." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1070,9 +1058,9 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"നിലവില്‍ ദൃശ്യമായ ക്രമീകരണം. പ്രവര്‍ത്തന ക്രമീകരണമാണു് സജീവമായ ക്രമീകരണം. " +-"സര്‍വീസ് അല്ലെങ്കില്‍ സിസ്റ്റം വീണ്ടും ലഭ്യമാക്കുന്നതിനു് അല്ലെങ്കില്‍ " +-"വീണ്ടും ആരംഭിയ്ക്കുന്നതിനു് ശേഷം എന്നേക്കുമുള്ള ക്രമീകരണം സജീവമാകുന്നു." ++"നിലവില്‍ ദൃശ്യമായ ക്രമീകരണം. പ്രവര്‍ത്തന ക്രമീകരണമാണു് സജീവമായ ക്രമീകരണം. സര്‍വീസ് അല്ലെങ്കില്‍ " ++"സിസ്റ്റം വീണ്ടും ലഭ്യമാക്കുന്നതിനു് അല്ലെങ്കില്‍ വീണ്ടും ആരംഭിയ്ക്കുന്നതിനു് ശേഷം എന്നേക്കുമുള്ള " ++"ക്രമീകരണം സജീവമാകുന്നു." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1082,12 +1070,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"മേഘലയ്ക്കുള്ള നെറ്റ്‌വര്‍ക്ക് കണക്ഷനുകള്‍, ഇന്റര്‍ഫെയിസുകള്‍, ശ്രോതസ്സ് " +-"വിലാസങ്ങള്‍ എന്നിവയ്ക്കുള്ള വിശ്വസ്തത firewalld മേഘല നിഷ്കര്‍ഷിയ്ക്കുന്നു. " +-"സര്‍വീസുകള്‍, പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, മാസ്ക്യൂറേഡിങ്, പോര്‍ട്ട്/" +-"പാക്കറ്റ് ഫോര്‍വേഡിങ്, icmp ഫില്‍റ്ററുകള്‍, റിച്ച് റൂളുകള്‍ എന്നിവ മേഘലയില്‍ " +-"ലഭ്യമാകുന്നു. ഇന്റര്‍ഫെയിസുകളും ശ്രോതസ്സിനുള്ള വിലാസങ്ങളും അനുസരിച്ചാണു് " +-"മേഘല." ++"മേഘലയ്ക്കുള്ള നെറ്റ്‌വര്‍ക്ക് കണക്ഷനുകള്‍, ഇന്റര്‍ഫെയിസുകള്‍, ശ്രോതസ്സ് വിലാസങ്ങള്‍ എന്നിവയ്ക്കുള്ള വിശ്വസ്തത " ++"firewalld മേഘല നിഷ്കര്‍ഷിയ്ക്കുന്നു. സര്‍വീസുകള്‍, പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, മാസ്ക്യൂറേഡിങ്, പോര്‍ട്ട്/" ++"പാക്കറ്റ് ഫോര്‍വേഡിങ്, icmp ഫില്‍റ്ററുകള്‍, റിച്ച് റൂളുകള്‍ എന്നിവ മേഘലയില്‍ ലഭ്യമാകുന്നു. " ++"ഇന്റര്‍ഫെയിസുകളും ശ്രോതസ്സിനുള്ള വിലാസങ്ങളും അനുസരിച്ചാണു് മേഘല." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1111,10 +1097,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"ഏതെല്ലാം സര്‍‍വീസുകളാണ് വിശ്വസനീയം എന്ന് നിങ്ങള്‍ക്ക് ഇവിടെ വ്യ‌ക്തമാക്കാം. " +-"ഈ മേഘലയ്ക്കുള്ള ശ്രോതസ്സുകളും ഇന്റര്‍ഫെയിസുകളും കണക്ഷനുകളിലും നിന്നും " +-"സിസ്റ്റത്തിലേക്കുള്ള എല്ലാ ഹോസ്റ്റുകളും നെറ്റ്‌വര്‍ക്കുകളും വിശ്വസനീയമായ " +-"സേവനങ്ങള്‍ക്കു് ലഭ്യമാകുന്നു." ++"ഏതെല്ലാം സര്‍‍വീസുകളാണ് വിശ്വസനീയം എന്ന് നിങ്ങള്‍ക്ക് ഇവിടെ വ്യ‌ക്തമാക്കാം. ഈ മേഘലയ്ക്കുള്ള " ++"ശ്രോതസ്സുകളും ഇന്റര്‍ഫെയിസുകളും കണക്ഷനുകളിലും നിന്നും സിസ്റ്റത്തിലേക്കുള്ള എല്ലാ ഹോസ്റ്റുകളും " ++"നെറ്റ്‌വര്‍ക്കുകളും വിശ്വസനീയമായ സേവനങ്ങള്‍ക്കു് ലഭ്യമാകുന്നു." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1125,9 +1110,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"അധികമായ പോര്‍ട്ടുകള്‍ അല്ലെങ്കില്‍ പോര്‍ട്ട് പരിധികളും ചേര്‍ക്കുക, " +-"സിസ്റ്റത്തിലേക്കു് കണക്ട് ചെയ്യുവാന്‍ സാധ്യമായ നെറ്റ്‌വര്‍ക്കുകള്‍ " +-"അല്ലെങ്കില്‍ എല്ലാം ഹോസ്റ്റുകളിലേക്കുള്ള ഇവയ്ക്കു് പ്രവേശിയ്ക്കേണ്ടതുണ്ടു്." ++"അധികമായ പോര്‍ട്ടുകള്‍ അല്ലെങ്കില്‍ പോര്‍ട്ട് പരിധികളും ചേര്‍ക്കുക, സിസ്റ്റത്തിലേക്കു് കണക്ട് ചെയ്യുവാന്‍ " ++"സാധ്യമായ നെറ്റ്‌വര്‍ക്കുകള്‍ അല്ലെങ്കില്‍ എല്ലാം ഹോസ്റ്റുകളിലേക്കുള്ള ഇവയ്ക്കു് പ്രവേശിയ്ക്കേണ്ടതുണ്ടു്." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1181,12 +1165,10 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാ പ്രവര്‍ത്തനത്തിനെ ഇന്റര്‍നെറ്റുമായി " +-"ബന്ധപ്പെടുത്തുന്നതിനായി ഒരു ആതിഥേയന്‍ അല്ലെങ്കില്‍ റൂട്ടര്‍ നിങ്ങള്‍ " +-"ക്രമീകരിക്കുന്നു എങ്കില്‍ മാസ്ക്യുറേഡിംഗ് നിങ്ങള്‍ക്ക് പ്രയോജനകരമാകുന്നു. " +-"നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാകര്മ്മം അദൃശ്യ‌മായിരിക്കും, മാത്രമല്ല, " +-"ഇന്റര്‍നെറ്റില്‍ ആതിഥേയനെ ഒരു വിലാസമായി കണക്കാക്കുന്നു. മാസ്ക്യുറേഡിംഗ് IPv4 " +-"മാത്രമാണ്." ++"നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാ പ്രവര്‍ത്തനത്തിനെ ഇന്റര്‍നെറ്റുമായി ബന്ധപ്പെടുത്തുന്നതിനായി ഒരു " ++"ആതിഥേയന്‍ അല്ലെങ്കില്‍ റൂട്ടര്‍ നിങ്ങള്‍ ക്രമീകരിക്കുന്നു എങ്കില്‍ മാസ്ക്യുറേഡിംഗ് നിങ്ങള്‍ക്ക് " ++"പ്രയോജനകരമാകുന്നു. നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാകര്മ്മം അദൃശ്യ‌മായിരിക്കും, മാത്രമല്ല, " ++"ഇന്റര്‍നെറ്റില്‍ ആതിഥേയനെ ഒരു വിലാസമായി കണക്കാക്കുന്നു. മാസ്ക്യുറേഡിംഗ് IPv4 മാത്രമാണ്." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1197,8 +1179,8 @@ msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." + msgstr "" +-"മാസ്ക്യുറേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നെങ്കില്‍, നിങ്ങളുടെ IPv4 " +-"നെറ്റ്‌വര്‍ക്കു് ഐപി ഫോര്‍വേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നു." ++"മാസ്ക്യുറേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നെങ്കില്‍, നിങ്ങളുടെ IPv4 നെറ്റ്‌വര്‍ക്കു് ഐപി ഫോര്‍വേഡിങ് " ++"പ്രവര്‍ത്തന സജ്ജമാക്കുന്നു." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1211,11 +1193,10 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ഒരു പ്രാദേശിക വ്യവ്സ്ഥയിലുള്ള പോര്‍ട്ടില്‍ നിന്നും മറ്റൊന്നിലേക്ക് " +-"അല്ലെങ്കില്‍ ഒരു പ്രാദേശിക വ്യ‌വസ്ഥയില്‍നിന്നും മറ്റൊന്നിലേക്ക് " +-"പോര്‍ട്ടുകള്‍ അയയ്ക്കുന്നതിനായി എന്ട്രികള്‍ നല്‍കുക. വിനിമയതലം മാസ്ക്യുറേഡ് " +-"ചെയ്തെങ്കില്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റമിലേക്ക് അയയ്ക്കുന്നതില്‍ പ്രയോജനമുള്ളൂ." +-" പോര്‍ട്ട് ഫോര്‍വേര്‍ഡിംഗ് IPv4 മാത്രമാണ്." ++"ഒരു പ്രാദേശിക വ്യവ്സ്ഥയിലുള്ള പോര്‍ട്ടില്‍ നിന്നും മറ്റൊന്നിലേക്ക് അല്ലെങ്കില്‍ ഒരു പ്രാദേശിക " ++"വ്യ‌വസ്ഥയില്‍നിന്നും മറ്റൊന്നിലേക്ക് പോര്‍ട്ടുകള്‍ അയയ്ക്കുന്നതിനായി എന്ട്രികള്‍ നല്‍കുക. വിനിമയതലം " ++"മാസ്ക്യുറേഡ് ചെയ്തെങ്കില്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റമിലേക്ക് അയയ്ക്കുന്നതില്‍ പ്രയോജനമുള്ളൂ. പോര്‍ട്ട് " ++"ഫോര്‍വേര്‍ഡിംഗ് IPv4 മാത്രമാണ്." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1235,19 +1216,17 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ശൃംഖലയിലെ കമ്പ്യൂട്ടറുകള്‍ക്ക് തമ്മില്‍ പിശക് അറിയിക്കുന്ന സന്ദേശങ്ങള്‍ " +-"അയയ്ക്കുന്നതിനാണ് പ്രധാനമായും ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മെസേജ് " +-"പ്രോട്ടോക്കോള്‍ (ICMP) ഉപയോഗിക്കുന്നത്. കൂടാതെ, വിവരങ്ങള്‍ ലഭ്യ‌മാക്കുവാന്‍ " +-"സഹായിക്കുന്ന പിങ് അപേക്ഷകള്‍ക്കും മറുപടികള്‍ക്കും ഇവ ഉപയോഗിക്കുന്നു." ++"ശൃംഖലയിലെ കമ്പ്യൂട്ടറുകള്‍ക്ക് തമ്മില്‍ പിശക് അറിയിക്കുന്ന സന്ദേശങ്ങള്‍ അയയ്ക്കുന്നതിനാണ് പ്രധാനമായും " ++"ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മെസേജ് പ്രോട്ടോക്കോള്‍ (ICMP) ഉപയോഗിക്കുന്നത്. കൂടാതെ, വിവരങ്ങള്‍ " ++"ലഭ്യ‌മാക്കുവാന്‍ സഹായിക്കുന്ന പിങ് അപേക്ഷകള്‍ക്കും മറുപടികള്‍ക്കും ഇവ ഉപയോഗിക്കുന്നു." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"പട്ടികയില്‍ നിന്നും വേണ്ട എന്ന് തീരുമാനിക്കേണ്ട ICMP തരത്തിലുള്ളവ " +-"അടയാളപ്പെടുത്തുക. മറ്റെല്ലാ ICMP തരത്തിലുള്ളവയും ഫയര്‍വോള്‍ കടക്കുന്നതിന് " +-"അനുവാദമുള്ളവയാണ്. പരിമിതികളില്ലാത്തതാണ് സഹജം." ++"പട്ടികയില്‍ നിന്നും വേണ്ട എന്ന് തീരുമാനിക്കേണ്ട ICMP തരത്തിലുള്ളവ അടയാളപ്പെടുത്തുക. മറ്റെല്ലാ " ++"ICMP തരത്തിലുള്ളവയും ഫയര്‍വോള്‍ കടക്കുന്നതിന് അനുവാദമുള്ളവയാണ്. പരിമിതികളില്ലാത്തതാണ് സഹജം." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1288,9 +1267,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"മേഘലയ്ക്കു് സംയോജക ഘടകങ്ങള്‍ ബൈന്‍ഡ് ചെയ്യുന്നതിനു് എന്‍ട്രികള്‍ ചേര്‍ക്കുക. " +-"സംയോജകഘടകം ഒരു കണക്ഷന്‍ ഉപയോഗിയ്ക്കുന്നെങ്കില്‍, കണക്ഷനില്‍ " +-"വ്യക്തമാക്കിയിരിയ്ക്കുന്ന മേഘലയായി ഈ മേഘല സജ്ജമാക്കുന്നു." ++"മേഘലയ്ക്കു് സംയോജക ഘടകങ്ങള്‍ ബൈന്‍ഡ് ചെയ്യുന്നതിനു് എന്‍ട്രികള്‍ ചേര്‍ക്കുക. സംയോജകഘടകം ഒരു കണക്ഷന്‍ " ++"ഉപയോഗിയ്ക്കുന്നെങ്കില്‍, കണക്ഷനില്‍ വ്യക്തമാക്കിയിരിയ്ക്കുന്ന മേഘലയായി ഈ മേഘല സജ്ജമാക്കുന്നു." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1332,8 +1310,8 @@ msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." + msgstr "" +-"പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, ഘടകങ്ങള്‍, ലക്ഷ്യ വിലാസങ്ങള്‍ എന്നിവയെ " +-"ഒന്നിച്ചു് ഒരു firewalld സര്‍വീസായി കണക്കാക്കുന്നു." ++"പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, ഘടകങ്ങള്‍, ലക്ഷ്യ വിലാസങ്ങള്‍ എന്നിവയെ ഒന്നിച്ചു് ഒരു firewalld " ++"സര്‍വീസായി കണക്കാക്കുന്നു." + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1389,9 +1367,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"ലക്ഷ്യസ്ഥാന വിലാസങ്ങള്‍ നല്‍കുന്നെങ്കില്‍, ലക്ഷ്യസ്ഥാന വിലാസം , തരം " +-"എന്നതില്‍ സര്‍വീസ് എന്‍ട്രി ഒതുങ്ങുന്നു. രണ്ടു് എന്‍ട്രികളും കാലിയെങ്കില്‍ " +-"ഒരു പരിമിതികളുമില്ല." ++"ലക്ഷ്യസ്ഥാന വിലാസങ്ങള്‍ നല്‍കുന്നെങ്കില്‍, ലക്ഷ്യസ്ഥാന വിലാസം , തരം എന്നതില്‍ സര്‍വീസ് എന്‍ട്രി " ++"ഒതുങ്ങുന്നു. രണ്ടു് എന്‍ട്രികളും കാലിയെങ്കില്‍ ഒരു പരിമിതികളുമില്ല." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1406,9 +1383,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ സര്‍വീസുകള്‍ക്കു് മാറ്റം " +-"വരുത്തുവാന്‍ സാധിയ്ക്കൂ. സര്‍വീസുകളുടെ പ്രവര്‍ത്തന ക്രമീകരണം " +-"പരിഹരിച്ചിരിയ്ക്കുന്നു." ++"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ സര്‍വീസുകള്‍ക്കു് മാറ്റം വരുത്തുവാന്‍ സാധിയ്ക്കൂ. സര്‍വീസുകളുടെ " ++"പ്രവര്‍ത്തന ക്രമീകരണം പരിഹരിച്ചിരിയ്ക്കുന്നു." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1468,8 +1444,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld-യ്ക്കുള്ളൊരു ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മസ്സേജ് പ്രോട്ടോക്കോള്‍ " +-"(ഐസിഎംപി) തരത്തിനുള്ള വിവരങ്ങള്‍ ഒരു firewalld icmptype ലഭ്യമാക്കുന്നു." ++"firewalld-യ്ക്കുള്ളൊരു ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മസ്സേജ് പ്രോട്ടോക്കോള്‍ (ഐസിഎംപി) തരത്തിനുള്ള " ++"വിവരങ്ങള്‍ ഒരു firewalld icmptype ലഭ്യമാക്കുന്നു." + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1496,9 +1472,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ ഐസിഎംപി തരങ്ങള്‍ക്കു് മാറ്റം " +-"വരുത്തുവാന്‍ സാധിയ്ക്കൂ. ഐസിഎംപി തരങ്ങളുടെ പ്രവര്‍ത്തന ക്രമീകരണം " +-"പരിഹരിച്ചിരിയ്ക്കുന്നു." ++"സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ ഐസിഎംപി തരങ്ങള്‍ക്കു് മാറ്റം വരുത്തുവാന്‍ സാധിയ്ക്കൂ. " ++"ഐസിഎംപി തരങ്ങളുടെ പ്രവര്‍ത്തന ക്രമീകരണം പരിഹരിച്ചിരിയ്ക്കുന്നു." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1519,12 +1494,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"നേരിട്ടുള്ള ക്രമീകരണം ഫയര്‍വോളിലേക്കു് കൂടുതല്‍ അനുമതി നല്‍കുന്നു. ഈ " +-"ഐച്ഛികങ്ങള്‍ക്കു്, ഉപയോക്താവു് അടിസ്ഥാന iptables ശൈലികള്‍, അതായതു്, " +-"പട്ടികകള്‍, ചെയിനുകള്‍, കമാന്‍ഡുകള്‍, പരാമീറ്ററുകള്‍, ടാര്‍ഗറ്റുകള്‍ എന്നിവ " +-"അറിയേണ്ട ആവശ്യമുണ്ടു്. മറ്റു് firewalld വിശേഷതകള്‍ ഉപയോഗിയ്ക്കുവാന്‍ " +-"സാധ്യമല്ല എന്നുറപ്പുള്ളപ്പോള്‍ മാത്രം നേരിട്ടുള്ള ക്രമീകരണം " +-"ഉപയോഗിയ്ക്കുവാന്‍ പാടുള്ളൂ." ++"നേരിട്ടുള്ള ക്രമീകരണം ഫയര്‍വോളിലേക്കു് കൂടുതല്‍ അനുമതി നല്‍കുന്നു. ഈ ഐച്ഛികങ്ങള്‍ക്കു്, ഉപയോക്താവു് " ++"അടിസ്ഥാന iptables ശൈലികള്‍, അതായതു്, പട്ടികകള്‍, ചെയിനുകള്‍, കമാന്‍ഡുകള്‍, പരാമീറ്ററുകള്‍, " ++"ടാര്‍ഗറ്റുകള്‍ എന്നിവ അറിയേണ്ട ആവശ്യമുണ്ടു്. മറ്റു് firewalld വിശേഷതകള്‍ ഉപയോഗിയ്ക്കുവാന്‍ സാധ്യമല്ല " ++"എന്നുറപ്പുള്ളപ്പോള്‍ മാത്രം നേരിട്ടുള്ള ക്രമീകരണം ഉപയോഗിയ്ക്കുവാന്‍ പാടുള്ളൂ." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1532,9 +1505,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"ഓരോ ഐച്ഛികത്തിന്റേയും ipv ആര്‍ഗ്യുമെന്റ് ipv4 അല്ലെങ്കില്‍ ipv6 അല്ലെങ്കില്‍ " +-"eb ആയിരിയ്ക്കണം. ipv4 - iptables, ipv6 - ip6tables, eb - ഇഥര്‍നെറ്റ് " +-"ബ്രിഡ്ജുകള്‍ക്കു് (ebtables) എന്നിങ്ങനെയാകുന്നു." ++"ഓരോ ഐച്ഛികത്തിന്റേയും ipv ആര്‍ഗ്യുമെന്റ് ipv4 അല്ലെങ്കില്‍ ipv6 അല്ലെങ്കില്‍ eb ആയിരിയ്ക്കണം. " ++"ipv4 - iptables, ipv6 - ip6tables, eb - ഇഥര്‍നെറ്റ് ബ്രിഡ്ജുകള്‍ക്കു് (ebtables) " ++"എന്നിങ്ങനെയാകുന്നു." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1560,8 +1533,7 @@ msgstr "ചെയിനുകള്‍" + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." + msgstr "" +-"മുന്‍ഗണനയ്ക്കൊപ്പം ഒരു പട്ടികയില്‍ ഒരു ചെയിനിനു് args " +-"ആര്‍ഗ്യുമെന്റുകള്‍ക്കൊപ്പം ഒരു നിയമം ചേര്‍ക്കുക." ++"മുന്‍ഗണനയ്ക്കൊപ്പം ഒരു പട്ടികയില്‍ ഒരു ചെയിനിനു് args ആര്‍ഗ്യുമെന്റുകള്‍ക്കൊപ്പം ഒരു നിയമം ചേര്‍ക്കുക." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1572,12 +1544,10 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"നിയമങ്ങളുടെ ക്രമത്തിനു് വേണ്ടി മുന്‍ഗണന ഉപയോഗിയ്ക്കുന്നു. മുന്‍ഗണന 0 - " +-"ചെയിനിന്റെ മുകളില്‍ നിയമം ചേര്‍ക്കുക, ഇതിനു് ശേഷം കൂടുതല്‍ മുന്‍ഗണനയോടെ " +-"നിയമങ്ങള്‍ ചേര്‍ക്കുന്നു. ഒരേ മുന്‍ഗണനയുള്ള നിയമങ്ങള്‍ ഒരേ തലത്തിലാകുന്നു. " +-"ഇവയുടെ ക്രമം സ്ഥിരമല്ല, മാറ്റുവാന്‍ സാധ്യമാകുന്നു. ഒന്നിനു് ശേഷം മറ്റൊന്നായി " +-"നിയമം ചേര്‍ക്കുന്നതിനു്, ആദ്യം മുന്‍ഗണന കുറഞ്ഞതു് ഉപയോഗിയ്ക്കുക ശേഷം " +-"മുന്‍ഗണന കൂടിയതു്, അങ്ങനെ..." ++"നിയമങ്ങളുടെ ക്രമത്തിനു് വേണ്ടി മുന്‍ഗണന ഉപയോഗിയ്ക്കുന്നു. മുന്‍ഗണന 0 - ചെയിനിന്റെ മുകളില്‍ നിയമം " ++"ചേര്‍ക്കുക, ഇതിനു് ശേഷം കൂടുതല്‍ മുന്‍ഗണനയോടെ നിയമങ്ങള്‍ ചേര്‍ക്കുന്നു. ഒരേ മുന്‍ഗണനയുള്ള നിയമങ്ങള്‍ ഒരേ " ++"തലത്തിലാകുന്നു. ഇവയുടെ ക്രമം സ്ഥിരമല്ല, മാറ്റുവാന്‍ സാധ്യമാകുന്നു. ഒന്നിനു് ശേഷം മറ്റൊന്നായി " ++"നിയമം ചേര്‍ക്കുന്നതിനു്, ആദ്യം മുന്‍ഗണന കുറഞ്ഞതു് ഉപയോഗിയ്ക്കുക ശേഷം മുന്‍ഗണന കൂടിയതു്, അങ്ങനെ..." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1601,14 +1571,12 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"പാസ്ത്രൂ നിയമങ്ങള്‍ പ്രത്യേക ചെയിനിലല്ല, പക്ഷേ നേരിട്ടു് ഫയര്‍വോളിലേക്കു് " +-"അയയ്ക്കുന്നു. iptables, ip6tables, ebtables എന്നിവയെല്ലാം ഉപയോഗിയ്ക്കാം." ++"പാസ്ത്രൂ നിയമങ്ങള്‍ പ്രത്യേക ചെയിനിലല്ല, പക്ഷേ നേരിട്ടു് ഫയര്‍വോളിലേക്കു് അയയ്ക്കുന്നു. iptables, " ++"ip6tables, ebtables എന്നിവയെല്ലാം ഉപയോഗിയ്ക്കാം." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"പാസ്ത്രൂ നിയമങ്ങള്‍ ഫയര്‍വോളിനെ ബാധിയ്ക്കുന്നില്ലെന്നു് ദയവായി ഉറപ്പു് " +-"വരുത്തുക." ++msgstr "പാസ്ത്രൂ നിയമങ്ങള്‍ ഫയര്‍വോളിനെ ബാധിയ്ക്കുന്നില്ലെന്നു് ദയവായി ഉറപ്പു് വരുത്തുക." + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1632,10 +1600,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"firewalld-യ്ക്കുള്ള ഉപയോക്താവിനും പ്രയോഗത്തിനുമുള്ള ലളിതമായ പോളിസികളാണു് " +-"ലോക്ക്ഡൌണ്‍ വിശേഷത. ഇതു് ഫയര്‍വോളില്‍ മാത്രമേയുള്ളൂ. ലോക്ക്ഡൌണ്‍ വൈറ്റ് " +-"ലിസ്റ്റില്‍ കമാന്‍ഡുകള്‍, സന്ദര്‍ഭങ്ങള്‍, ഉപയോക്താക്കള്‍, ഉപയോക്തൃ ഐഡികള്‍ " +-"എന്നിവ അടങ്ങുന്നു." ++"firewalld-യ്ക്കുള്ള ഉപയോക്താവിനും പ്രയോഗത്തിനുമുള്ള ലളിതമായ പോളിസികളാണു് ലോക്ക്ഡൌണ്‍ വിശേഷത. " ++"ഇതു് ഫയര്‍വോളില്‍ മാത്രമേയുള്ളൂ. ലോക്ക്ഡൌണ്‍ വൈറ്റ് ലിസ്റ്റില്‍ കമാന്‍ഡുകള്‍, സന്ദര്‍ഭങ്ങള്‍, ഉപയോക്താക്കള്‍, " ++"ഉപയോക്തൃ ഐഡികള്‍ എന്നിവ അടങ്ങുന്നു." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1666,9 +1633,8 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"വൈറ്റ് ലിസ്റ്റിലുള്ളൊരു കമാന്‍ഡ് എന്‍ട്രി '*'-ല്‍ അവസാനിയ്ക്കുന്നെങ്കില്‍, " +-"കമാന്‍‍ഡില്‍ ആരംഭിയ്ക്കുന്ന എല്ലാ കമാന്‍ഡ് ലൈനുകളും ചേരുന്നു. '*' " +-"ലഭ്യമല്ലെങ്കില്‍, ആര്‍ഗ്യുമെന്റുകള്‍ ഉള്‍പ്പടെയുള്ള ആബ്സല്യൂട്ട് കമാന്‍ഡും " ++"വൈറ്റ് ലിസ്റ്റിലുള്ളൊരു കമാന്‍ഡ് എന്‍ട്രി '*'-ല്‍ അവസാനിയ്ക്കുന്നെങ്കില്‍, കമാന്‍‍ഡില്‍ ആരംഭിയ്ക്കുന്ന എല്ലാ " ++"കമാന്‍ഡ് ലൈനുകളും ചേരുന്നു. '*' ലഭ്യമല്ലെങ്കില്‍, ആര്‍ഗ്യുമെന്റുകള്‍ ഉള്‍പ്പടെയുള്ള ആബ്സല്യൂട്ട് കമാന്‍ഡും " + "പൊരുത്തപ്പെടണം. " + + #: ../src/firewall-config.glade.h:201 +@@ -1859,9 +1825,7 @@ msgstr "നേരിട്ടുള്ള നിയമം" + + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." +-msgstr "" +-"ipv, പട്ടിക, ചെയിന്‍ മുന്‍ഗണം എന്നിവ പരിശോധിച്ചു് ആര്‍ഗ്യുമെന്റുകള്‍ നല്‍കുക." +-"" ++msgstr "ipv, പട്ടിക, ചെയിന്‍ മുന്‍ഗണം എന്നിവ പരിശോധിച്ചു് ആര്‍ഗ്യുമെന്റുകള്‍ നല്‍കുക." + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1886,8 +1850,8 @@ msgstr "ദയവായി ഒരു റിച്ച് റൂള്‍ നല + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." + msgstr "" +-"ഹോസ്റ്റ് അല്ലെങ്കില്‍ നെറ്റ്‌വര്‍ക്കിനു്, വൈറ്റ് അല്ലെങ്കില്‍ ബ്ലാക്ക് " +-"ലിസ്റ്റ് ചെയ്തതിനു് എലമെന്റ് നിര്‍ജീവമാക്കുക." ++"ഹോസ്റ്റ് അല്ലെങ്കില്‍ നെറ്റ്‌വര്‍ക്കിനു്, വൈറ്റ് അല്ലെങ്കില്‍ ബ്ലാക്ക് ലിസ്റ്റ് ചെയ്തതിനു് എലമെന്റ് " ++"നിര്‍ജീവമാക്കുക." + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1915,11 +1879,11 @@ msgstr "വിപിരീതമായ" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"പ്രവര്‍ത്തനസജ്ജമാക്കുന്നതിനായി, ഈ പ്രവര്‍ത്തി 'reject' ചെയ്തു് കുടുംബം " +-"'ipv4' അല്ലെങ്കില്‍ 'ipv6' ആയിരിയ്ക്കണം (രണ്ടും പാടില്ല )." ++"പ്രവര്‍ത്തനസജ്ജമാക്കുന്നതിനായി, ഈ പ്രവര്‍ത്തി 'reject' ചെയ്തു് കുടുംബം 'ipv4' അല്ലെങ്കില്‍ " ++"'ipv6' ആയിരിയ്ക്കണം (രണ്ടും പാടില്ല )." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/mr.po b/po/mr.po +index 434742a6da47..06226e96075d 100644 +--- a/po/mr.po ++++ b/po/mr.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Automatically generated, 2004 + # Rahul Bhalerao , 2006 +@@ -15,15 +15,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 10:00+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Marathi (http://www.transifex.com/projects/p/firewalld/" + "language/mr/)\n" + "Language: mr\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -83,8 +83,8 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"हे गुणधर्म पूर्वनिर्धारित झोन्सचा वापर करणाऱ्यांना उपयोगी ठरेल. " +-"वापरकर्त्यांना, जे जोडणींचे झोन्स बदलतात, याचा मर्यादीत वापर ठरू शकतो." ++"हे गुणधर्म पूर्वनिर्धारित झोन्सचा वापर करणाऱ्यांना उपयोगी ठरेल. वापरकर्त्यांना, जे जोडणींचे " ++"झोन्स बदलतात, याचा मर्यादीत वापर ठरू शकतो." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -206,10 +206,8 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "" +-"संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' सक्रीय" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' सक्रीय" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -263,8 +261,8 @@ msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' " +-"{activated_deactivated}" ++"संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र " ++"'{zone}' {activated_deactivated}" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -647,7 +645,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "संवाद संक्रमीत झाले असल्यावरच इतर प्रणालीकरिता फॉरवर्ड करणे उपयोगी ठरते.\n" +@@ -835,8 +834,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"स्थानीक फॉर्वडींग कार्यान्वीत केल्यास, तुम्हाला पोर्ट निर्देशीत करावे लागेल. " +-"स्त्रोत पोर्ट करीता हे पोर्ट वेगळे असायला हवे." ++"स्थानीक फॉर्वडींग कार्यान्वीत केल्यास, तुम्हाला पोर्ट निर्देशीत करावे लागेल. स्त्रोत पोर्ट " ++"करीता हे पोर्ट वेगळे असायला हवे." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -944,9 +943,8 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"फायरवॉल रूल्स पुन्हा लोड करतो. सध्याची कायम संरचना नविन रनटाइम संचरना बनेल. " +-"म्हणजेच कायम संरचनामध्ये न आढळल्यास रिलोड पर्यंतचे फक्त रनटाइम बदल गमवले " +-"जातात." ++"फायरवॉल रूल्स पुन्हा लोड करतो. सध्याची कायम संरचना नविन रनटाइम संचरना बनेल. म्हणजेच " ++"कायम संरचनामध्ये न आढळल्यास रिलोड पर्यंतचे फक्त रनटाइम बदल गमवले जातात." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -989,8 +987,7 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"लॉकडाऊन फायरवॉल संरचना कुलूपबंद करते जेणेकरूण फक्त लॉकडाऊनकरिता ॲप्लिकेशन्स " +-"त्यास बदलू शकेल." ++"लॉकडाऊन फायरवॉल संरचना कुलूपबंद करते जेणेकरूण फक्त लॉकडाऊनकरिता ॲप्लिकेशन्स त्यास बदलू शकेल." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1064,9 +1061,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"सध्या दृश्यास्पद संरचना. रनटाइम संरचना वास्तविक सक्रीय संरचना आहे. सर्व्हिस " +-"किंवा प्रणालीला पुन्हा लोड किंवा पुन्हा सुरू केल्यानंतर कायम संरचना सक्रीय " +-"केली जाईल." ++"सध्या दृश्यास्पद संरचना. रनटाइम संरचना वास्तविक सक्रीय संरचना आहे. सर्व्हिस किंवा " ++"प्रणालीला पुन्हा लोड किंवा पुन्हा सुरू केल्यानंतर कायम संरचना सक्रीय केली जाईल." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1076,11 +1072,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld क्षेत्र नेटवर्क जोडणींकरिता विश्वासर्हता स्तर, इंटरफेसेस व " +-"झोनकरिता बांधणी असलेले सोअर्स पत्ता ठरवतो. क्षेत्र सर्व्हिसेस, पोर्टस, " +-"प्रोटोकॉल्स, मॅस्क्युरेडिंग, पोर्ट किंवा पॅकेट फॉरवर्डिंग, icmp फिल्टर्स व " +-"रिच रूल्स एकत्रीत करतो. क्षेत्र इंटरफेसेस व सोअर्स पत्त्यांकरिता बांधणी करतो." +-"" ++"firewalld क्षेत्र नेटवर्क जोडणींकरिता विश्वासर्हता स्तर, इंटरफेसेस व झोनकरिता बांधणी असलेले " ++"सोअर्स पत्ता ठरवतो. क्षेत्र सर्व्हिसेस, पोर्टस, प्रोटोकॉल्स, मॅस्क्युरेडिंग, पोर्ट किंवा पॅकेट " ++"फॉरवर्डिंग, icmp फिल्टर्स व रिच रूल्स एकत्रीत करतो. क्षेत्र इंटरफेसेस व सोअर्स पत्त्यांकरिता " ++"बांधणी करतो." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1104,10 +1099,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"येथे तुम्ही झोनमध्ये कोणती सर्व्हिसेस विश्वासर्ह आहेत ते ठरवू शकता. " +-"विश्वासर्ह सर्व्हिसेस सर्व यजमानांपासून व ह्या झोनकरिता बांधीत असलेल्या " +-"जोडणी, संवाद व सोअर्सेसपासून मशीनपर्यंत पोहचण्याजोगी नेटवर्कसकरिता " +-"प्रवेशजोगी आहेत." ++"येथे तुम्ही झोनमध्ये कोणती सर्व्हिसेस विश्वासर्ह आहेत ते ठरवू शकता. विश्वासर्ह सर्व्हिसेस सर्व " ++"यजमानांपासून व ह्या झोनकरिता बांधीत असलेल्या जोडणी, संवाद व सोअर्सेसपासून मशीनपर्यंत " ++"पोहचण्याजोगी नेटवर्कसकरिता प्रवेशजोगी आहेत." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1118,8 +1112,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"अगाऊ पोर्टस् किंवा पोर्ट व्याप्ति समाविष्ट करा, जे सर्व यजमान किंवा मशनसह " +-"जोडणीजोगी नेटवर्ककरिता प्रवेशजोगी असायला हवे." ++"अगाऊ पोर्टस् किंवा पोर्ट व्याप्ति समाविष्ट करा, जे सर्व यजमान किंवा मशनसह जोडणीजोगी " ++"नेटवर्ककरिता प्रवेशजोगी असायला हवे." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1173,10 +1167,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"मास्क्युरेडींग यजमान स्थापीत करण्यास किंवा इंटरनेटवरील स्थानीक संजाळ " +-"जुळवणीकरीता राऊटरला परवानगी देतो. तुमचे स्थानीक संजाळ दिसणार नाही व " +-"इंटरनेटवर यजमान एक पत्ता म्हणूनच दिसून येईल. मास्क्युरेडींग फक्त IPv4 करीता " +-"आहे." ++"मास्क्युरेडींग यजमान स्थापीत करण्यास किंवा इंटरनेटवरील स्थानीक संजाळ जुळवणीकरीता राऊटरला " ++"परवानगी देतो. तुमचे स्थानीक संजाळ दिसणार नाही व इंटरनेटवर यजमान एक पत्ता म्हणूनच दिसून " ++"येईल. मास्क्युरेडींग फक्त IPv4 करीता आहे." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1186,9 +1179,7 @@ msgstr "मास्क्युरेड क्षेत्र" + msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." +-msgstr "" +-"मास्क्युरेडिंग सुरू करताना, IP फॉर्वरर्डिंग IPv4 नेटवर्क्सकरिता सुरू केले " +-"जाईल." ++msgstr "मास्क्युरेडिंग सुरू करताना, IP फॉर्वरर्डिंग IPv4 नेटवर्क्सकरिता सुरू केले जाईल." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1201,10 +1192,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"स्थानीक प्रणालीवरील किंवा एका स्थानीक प्रणली वरून अन्य प्रणाली करीता एका " +-"पोर्ट पासून इतर पोर्ट पर्यंत पोर्ट फॉर्वड करण्यासाठी नोंदणी जोडा. अन्य " +-"प्रणाली करीता फॉर्वडींग तेव्हाच उपयोगी ठरेल जेव्हा संवाद लपविला जाईल. पोर्ट " +-"फॉर्वडींग फक्त IPv4 करीता आहे." ++"स्थानीक प्रणालीवरील किंवा एका स्थानीक प्रणली वरून अन्य प्रणाली करीता एका पोर्ट पासून " ++"इतर पोर्ट पर्यंत पोर्ट फॉर्वड करण्यासाठी नोंदणी जोडा. अन्य प्रणाली करीता फॉर्वडींग " ++"तेव्हाच उपयोगी ठरेल जेव्हा संवाद लपविला जाईल. पोर्ट फॉर्वडींग फक्त IPv4 करीता आहे." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1225,16 +1215,16 @@ msgid "" + "messages like ping requests and replies." + msgstr "" + "Internet Control Message Protocol (ICMP) चा वापर संभाव्यतः त्रुटी संदेश " +-"पाठविण्याकीरता केला जातो, पण अगाऊरित्या माहिती संदेश करीता देखील वापरला जातो " +-"जसे की पींग विनंती किंवा प्रतिसाद." ++"पाठविण्याकीरता केला जातो, पण अगाऊरित्या माहिती संदेश करीता देखील वापरला जातो जसे की " ++"पींग विनंती किंवा प्रतिसाद." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"यादीतील ICMP प्रकार, जे स्वीकारले नाही पाहिजे. इतर सर्व ICMP प्रकार फायरवॉल " +-"ला भेदून जाऊ शकतात. पूर्वनिर्धारीतवर मर्यादा नाही." ++"यादीतील ICMP प्रकार, जे स्वीकारले नाही पाहिजे. इतर सर्व ICMP प्रकार फायरवॉल ला भेदून " ++"जाऊ शकतात. पूर्वनिर्धारीतवर मर्यादा नाही." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1275,8 +1265,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"संवादांना झोनकरिता बांधणी करण्यासाठी नोंदणी समाविष्ट करा. जोडणीतर्फे संवादचा " +-"वापर करायचे असल्यास, जोडणीमध्ये निर्देशीत झोनकरिता झोन सेट केले जाईल." ++"संवादांना झोनकरिता बांधणी करण्यासाठी नोंदणी समाविष्ट करा. जोडणीतर्फे संवादचा वापर " ++"करायचे असल्यास, जोडणीमध्ये निर्देशीत झोनकरिता झोन सेट केले जाईल." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1317,9 +1307,7 @@ msgstr "झोन्स" + msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." +-msgstr "" +-"firewalld सर्व्हिस पोर्टस्, प्रोटोकॉल्स, घटक व लक्ष्य पत्त्यांचे एकत्रीकरण " +-"आहे." ++msgstr "firewalld सर्व्हिस पोर्टस्, प्रोटोकॉल्स, घटक व लक्ष्य पत्त्यांचे एकत्रीकरण आहे." + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1375,8 +1363,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"लक्ष्य पत्ता निर्देशीत केल्यास, सर्व्हिस नोंदणी लक्ष्य पत्ता व प्रकारकरिता " +-"मर्यादीत राहेल. दोंही नोंदणी रिकामे असल्यास, कुठलिही मर्यादा राहत नाही." ++"लक्ष्य पत्ता निर्देशीत केल्यास, सर्व्हिस नोंदणी लक्ष्य पत्ता व प्रकारकरिता मर्यादीत राहेल. " ++"दोंही नोंदणी रिकामे असल्यास, कुठलिही मर्यादा राहत नाही." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1391,8 +1379,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"सर्व्हिसेसला फक्त नेहमीच्या संरचना दृष्यमध्ये बदलणे शक्य आहे. सर्व्हिसेसची " +-"रनटाइम संरचना ठरवले आहे." ++"सर्व्हिसेसला फक्त नेहमीच्या संरचना दृष्यमध्ये बदलणे शक्य आहे. सर्व्हिसेसची रनटाइम संरचना ठरवले " ++"आहे." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1452,8 +1440,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalldसाठी इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) प्रकारकरिता firewalld " +-"icmptype माहिती पुरवते." ++"firewalldसाठी इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) प्रकारकरिता firewalld icmptype " ++"माहिती पुरवते." + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1474,16 +1462,15 @@ msgstr "ICMP प्रकार पूर्वनिर्धारित ल + #: ../src/firewall-config.glade.h:171 + msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." + msgstr "" +-"IPv4 आणि किंवा IPv6 करिता हे ICMP प्रकार उपलब्ध आहे किंवा नाही ते निर्देशीत " +-"करा." ++"IPv4 आणि किंवा IPv6 करिता हे ICMP प्रकार उपलब्ध आहे किंवा नाही ते निर्देशीत करा." + + #: ../src/firewall-config.glade.h:172 + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP प्रकारला कायमस्वरूपी संरचना दृष्यमध्ये बदलणे शक्य आहे. ICMP प्रकारची " +-"रनटाइम संरचना ठरवली आहे." ++"ICMP प्रकारला कायमस्वरूपी संरचना दृष्यमध्ये बदलणे शक्य आहे. ICMP प्रकारची रनटाइम संरचना " ++"ठरवली आहे." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1504,10 +1491,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"डाइरेक्ट संरचना फायरवॉलकरिता प्रत्यक्ष प्रवेश देते. ह्या पर्यायमुळे " +-"वापरकर्त्याला मूळ iptables तत्व, जसे कि तक्ता, चैन्स, आदेश, बाबी आणि लक्ष्य " +-"माहिती असणे आवश्यक आहे. प्रत्यक्ष संरचनेचा वापर शेवटचा पर्याय म्हणून करावा " +-"जेव्हा इतर फायरवॉल्ड गुणविशेषांचा वापर शक्य होत नाही." ++"डाइरेक्ट संरचना फायरवॉलकरिता प्रत्यक्ष प्रवेश देते. ह्या पर्यायमुळे वापरकर्त्याला मूळ " ++"iptables तत्व, जसे कि तक्ता, चैन्स, आदेश, बाबी आणि लक्ष्य माहिती असणे आवश्यक आहे. " ++"प्रत्यक्ष संरचनेचा वापर शेवटचा पर्याय म्हणून करावा जेव्हा इतर फायरवॉल्ड गुणविशेषांचा वापर " ++"शक्य होत नाही." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1515,9 +1502,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"प्रत्येक पर्यायचे ipv बाब ipv4 किंवा ipv6 किंवा eb पाहिजे. ipv4 असल्यास ते " +-"iptables करिता, ipv6 असल्यास ip6tables करिता आणि eb असल्यास for इथरनेट " +-"ब्रिजेसकरिता (ebtables) असायला हवे." ++"प्रत्येक पर्यायचे ipv बाब ipv4 किंवा ipv6 किंवा eb पाहिजे. ipv4 असल्यास ते iptables " ++"करिता, ipv6 असल्यास ip6tables करिता आणि eb असल्यास for इथरनेट ब्रिजेसकरिता " ++"(ebtables) असायला हवे." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1542,8 +1529,7 @@ msgstr "चैन्स" + #: ../src/firewall-config.glade.h:182 + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." +-msgstr "" +-"प्राधान्यतासह तक्तामध्ये चैनकरिता आर्ग्युमेंट्स args सह नियम समाविष्ट करा." ++msgstr "प्राधान्यतासह तक्तामध्ये चैनकरिता आर्ग्युमेंट्स args सह नियम समाविष्ट करा." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1554,12 +1540,12 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"नियमांना क्रमवारित लावण्याकरिता प्राधान्यता. प्राधान्यता 0 म्हणजे चैनच्या " +-"शीर्षमध्ये नियम समाविष्ट करा , जास्त प्राधान्यता असणाऱ्या नियमाला अखेरीस " +-"समाविष्ट केले जाईल. समान प्राधान्यता असलेले नियम एकाच स्तारावर असतात आणि या " +-"नियमांची क्रमवारी निश्चीत नसते आणि कदाचित बदलू शकते. एका नियम नंतर इतर " +-"समाविष्ट केले जाईल, याची खात्री करायचे असल्यास, पहिल्या नियमकरिता किमान " +-"प्राधान्यताचा वापर करा आणि खालीलकरिता जास्त प्राधान्यताचा वापर करा." ++"नियमांना क्रमवारित लावण्याकरिता प्राधान्यता. प्राधान्यता 0 म्हणजे चैनच्या शीर्षमध्ये नियम " ++"समाविष्ट करा , जास्त प्राधान्यता असणाऱ्या नियमाला अखेरीस समाविष्ट केले जाईल. समान " ++"प्राधान्यता असलेले नियम एकाच स्तारावर असतात आणि या नियमांची क्रमवारी निश्चीत नसते आणि " ++"कदाचित बदलू शकते. एका नियम नंतर इतर समाविष्ट केले जाईल, याची खात्री करायचे असल्यास, " ++"पहिल्या नियमकरिता किमान प्राधान्यताचा वापर करा आणि खालीलकरिता जास्त प्राधान्यताचा " ++"वापर करा." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1583,9 +1569,8 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"फायरवॉलकरिता पासथ्रु नियम प्रत्यक्षरित्या पुरवले जातात आणि त्यास विशेष " +-"चैनमध्ये स्थित केले जात नाही. सर्व iptables, ip6tables आणि ebtables " +-"पर्यायांचा वापर शक्य आहे." ++"फायरवॉलकरिता पासथ्रु नियम प्रत्यक्षरित्या पुरवले जातात आणि त्यास विशेष चैनमध्ये स्थित केले " ++"जात नाही. सर्व iptables, ip6tables आणि ebtables पर्यायांचा वापर शक्य आहे." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1614,8 +1599,8 @@ msgid "" + "contain commands, contexts, users and user ids." + msgstr "" + "firewalld करिता लॉकडाऊन वापरकर्ता व ॲप्लिकेशन करारचे लाइटवेट गुणधर्म आहे. ते " +-"फायरवॉलकरिता बदल मर्यादीत ठेवते. लॉकडाउन वाइटलिस्टमध्ये आदेश, संदर्भ, " +-"वापरकर्ते व युजर आयडीज समाविष्टीत असू शकते." ++"फायरवॉलकरिता बदल मर्यादीत ठेवते. लॉकडाउन वाइटलिस्टमध्ये आदेश, संदर्भ, वापरकर्ते व युजर " ++"आयडीज समाविष्टीत असू शकते." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1646,9 +1631,8 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"वाइटलिस्ट वरील आदेश नोंदणी ॲस्टेरिस्क '*' सह समाप्त होत असल्यास, आदेश पासून " +-"सुरू होणारे सर्व आदेश ओळ जुळतील. '*' हे ॲबसोल्युट आदेश अंतर्गत न आढळल्यास " +-"परस्पर बाबी जुळायला पाहिजे." ++"वाइटलिस्ट वरील आदेश नोंदणी ॲस्टेरिस्क '*' सह समाप्त होत असल्यास, आदेश पासून सुरू होणारे " ++"सर्व आदेश ओळ जुळतील. '*' हे ॲबसोल्युट आदेश अंतर्गत न आढळल्यास परस्पर बाबी जुळायला पाहिजे." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1862,9 +1846,7 @@ msgstr "कृपया रिच रूल भरा." + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"यजमान किंवा नेटवर्ककरिता घटकांना निष्क्रीय करण्यासाठी वाइट किंवा ब्लॅकलिस्ट " +-"करा." ++msgstr "यजमान किंवा नेटवर्ककरिता घटकांना निष्क्रीय करण्यासाठी वाइट किंवा ब्लॅकलिस्ट करा." + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1892,11 +1874,11 @@ msgstr "इनवर्टेड" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"सुरू करण्यासाठी ह्या कृतीला 'reject' करा आणि फॅमिलि एकतर 'ipv4' किंवा 'ipv6' " +-"(दोन्ही नाही) पाहिजे." ++"सुरू करण्यासाठी ह्या कृतीला 'reject' करा आणि फॅमिलि एकतर 'ipv4' किंवा 'ipv6' (दोन्ही " ++"नाही) पाहिजे." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/nl.po b/po/nl.po +index b835d4e79cf0..58324500dfe9 100644 +--- a/po/nl.po ++++ b/po/nl.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Bart Couvreur , 2007 + # Geert Warrink , 2009-2014 +@@ -17,15 +17,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:26+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Dutch (http://www.transifex.com/projects/p/firewalld/language/" + "nl/)\n" + "Language: nl\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -211,8 +211,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zone '{zone}' actief voor verbinding '{connection}' op interface " + "'{interface}'" +@@ -657,7 +656,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Het doorsturen naar een ander systeem is alleen nuttig als de interface " +@@ -1528,8 +1528,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP types kunnen alleen in de permanente configuratie view veranderd worden." +-" De runtime configuratie van ICMP types is gefixeerd." ++"ICMP types kunnen alleen in de permanente configuratie view veranderd " ++"worden. De runtime configuratie van ICMP types is gefixeerd." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1954,11 +1954,11 @@ msgstr "geïnverteerd" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"Om dit aan te zetten moet Actie 'afwijzen' zijn en Familie 'ipv4' of 'ipv6' " +-"(niet beide)." ++"Om dit aan te zetten moet Actie 'afwijzen' zijn en Familie 'ipv4' of " ++"'ipv6' (niet beide)." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/or.po b/po/or.po +index c63beed50300..827824fa22ee 100644 +--- a/po/or.po ++++ b/po/or.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Manoj Kumar Giri , 2008-2011,2014 + # saroj kumar padhy , 2008 +@@ -12,15 +12,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:33+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Oriya (http://www.transifex.com/projects/p/firewalld/language/" + "or/)\n" + "Language: or\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -80,9 +80,8 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"ଏହି ବିଶେଷତାଟି ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ବ୍ୟବହାର କରୁଥିବା ବ୍ୟକ୍ତିଙ୍କ ପାଇଁ " +-"ଉପଯୋଗୀ ହୋଇଥାଏ। ସଂଯୋଗଗୁଡ଼ିକର ଅଞ୍ଚଳ ବଦଳାଉଥିବା ବ୍ୟବହାରକାରୀଙ୍କ ପାଇଁ, ଏହାର " +-"ଉପଯୋଗୀତା ସିମୀତ ଅଟେ।" ++"ଏହି ବିଶେଷତାଟି ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ବ୍ୟବହାର କରୁଥିବା ବ୍ୟକ୍ତିଙ୍କ ପାଇଁ ଉପଯୋଗୀ ହୋଇଥାଏ। ସଂଯୋଗଗୁଡ଼ିକର " ++"ଅଞ୍ଚଳ ବଦଳାଉଥିବା ବ୍ୟବହାରକାରୀଙ୍କ ପାଇଁ, ଏହାର ଉପଯୋଗୀତା ସିମୀତ ଅଟେ।" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -204,11 +203,9 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" +-"ଅଞ୍ଚଳ '{zone}' ସଂଯୋଗ '{connection}' ପାଇଁ ଅନ୍ତରାପୃଷ୍ଠ'{interface}' ଉପରେ " +-"ସକ୍ରିୟ ଅଛି" ++"ଅଞ୍ଚଳ '{zone}' ସଂଯୋଗ '{connection}' ପାଇଁ ଅନ୍ତରାପୃଷ୍ଠ'{interface}' ଉପରେ ସକ୍ରିୟ ଅଛି" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -262,8 +259,8 @@ msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"ଅଞ୍ଚଳ '{zone}' {activated_deactivated} କୁ ସଂଯୋଗ '{connection}' " +-"ପାଇଁଅନ୍ତରାପୃଷ୍ଠ '{interface}' ରେ" ++"ଅଞ୍ଚଳ '{zone}' {activated_deactivated} କୁ ସଂଯୋଗ '{connection}' ପାଇଁଅନ୍ତରାପୃଷ୍ଠ " ++"'{interface}' ରେ" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -646,7 +643,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ପଠାଇବା ଉପଯୋଗୀ ହୋଇଥାଏ ଯଦି ଅନ୍ତରାପୃଷ୍ଠ ଛଦ୍ମବେଶ ଧାରଣ କରିଥାଏ।\n" +@@ -811,9 +809,7 @@ msgstr "ସଂଯୋଗିକୀ ଅଗ୍ରସରଣ" + #: ../src/firewall-config.glade.h:23 + msgid "" + "Please select the source and destination options according to your needs." +-msgstr "" +-"ଆପଣଙ୍କର ଆବଶ୍ୟକତା ଅନୁସାରେ ଦୟାକରି ମୂଳ ସ୍ଥାନ ଏବଂ ଲକ୍ଷ୍ଯ ସ୍ଥଳ ବିକଳ୍ପଗୁଡ଼ିକୁ " +-"ଚୟନକରନ୍ତୁ." ++msgstr "ଆପଣଙ୍କର ଆବଶ୍ୟକତା ଅନୁସାରେ ଦୟାକରି ମୂଳ ସ୍ଥାନ ଏବଂ ଲକ୍ଷ୍ଯ ସ୍ଥଳ ବିକଳ୍ପଗୁଡ଼ିକୁ ଚୟନକରନ୍ତୁ." + + #: ../src/firewall-config.glade.h:24 + msgid "Port / Port Range:" +@@ -836,8 +832,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"ଯଦି ଆପଣ ସ୍ଥାନୀୟ ଅଗ୍ରସରଣକୁ ସକ୍ରିୟ କରନ୍ତି, ତେବେ ଆପଣଙ୍କୁ ଗୋଟିଏ ସଂଯୋଗିକୀ ଉଲ୍ଲେଖ " +-"କରିବାକୁ ପଡ଼ିବ. ଏହି ସଂଯୋଗିକୀ ଉତ୍ସ ସଂଯୋଗିକୀ ଠାରୁ ଅଲଗା ହୋଇଥିବା ଉଚିତ." ++"ଯଦି ଆପଣ ସ୍ଥାନୀୟ ଅଗ୍ରସରଣକୁ ସକ୍ରିୟ କରନ୍ତି, ତେବେ ଆପଣଙ୍କୁ ଗୋଟିଏ ସଂଯୋଗିକୀ ଉଲ୍ଲେଖ କରିବାକୁ ପଡ଼ିବ. ଏହି " ++"ସଂଯୋଗିକୀ ଉତ୍ସ ସଂଯୋଗିକୀ ଠାରୁ ଅଲଗା ହୋଇଥିବା ଉଚିତ." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -945,9 +941,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ଫୟାରୱାଲ ନିୟମାବଳୀକୁ ପୁନର୍ଦ୍ଧାରଣ କରିଥାଏ। ପ୍ରଚଳିତ ସ୍ଥାୟୀ ସଂରଚନାଟି ନୂତନ ଚାଲୁଥିବା " +-"ସଂରଚନାରେ ପରିବର୍ତ୍ତନ ହୋଇଥାଏ ଯେପରିକି କେବଳ ପୁନର୍ଦ୍ଧାରଣ ପର୍ଯ୍ୟନ୍ତ ପରିବର୍ତ୍ତିତ " +-"ହୋଇଥିବା ସମସ୍ତ ଚଳନ୍ତି ସଂରଚନା ନଷ୍ଟ ହୋଇଥାଏ ଯଦି ସେଗୁଡ଼ିକ ସ୍ଥାୟୀ ସଂରଚନାରେ ନଥାଏ।" ++"ଫୟାରୱାଲ ନିୟମାବଳୀକୁ ପୁନର୍ଦ୍ଧାରଣ କରିଥାଏ। ପ୍ରଚଳିତ ସ୍ଥାୟୀ ସଂରଚନାଟି ନୂତନ ଚାଲୁଥିବା ସଂରଚନାରେ " ++"ପରିବର୍ତ୍ତନ ହୋଇଥାଏ ଯେପରିକି କେବଳ ପୁନର୍ଦ୍ଧାରଣ ପର୍ଯ୍ୟନ୍ତ ପରିବର୍ତ୍ତିତ ହୋଇଥିବା ସମସ୍ତ ଚଳନ୍ତି ସଂରଚନା " ++"ନଷ୍ଟ ହୋଇଥାଏ ଯଦି ସେଗୁଡ଼ିକ ସ୍ଥାୟୀ ସଂରଚନାରେ ନଥାଏ।" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -959,9 +955,7 @@ msgstr "ପୂର୍ବ ନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ + + #: ../src/firewall-config.glade.h:63 + msgid "Change default zone for connections or interfaces." +-msgstr "" +-"ସଂଯୋଗ ଅଥବା ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ ପାଇଁ ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ " +-"କରନ୍ତୁ।" ++msgstr "ସଂଯୋଗ ଅଥବା ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ ପାଇଁ ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ କରନ୍ତୁ।" + + #: ../src/firewall-config.glade.h:64 + msgid "Change Log Denied" +@@ -981,9 +975,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +-msgstr "" +-"ଆକସ୍ମିକ ଧାରା ଅର୍ଥ ହେଉଛି ସମସ୍ତ ଆସୁଥିବା ଏବଂ ଯାଉଥିବା ପ୍ୟାକେଟଗୁଡ଼ିକୁ ତ୍ୟାଗ " +-"କରାଯାଇଛି।" ++msgstr "ଆକସ୍ମିକ ଧାରା ଅର୍ଥ ହେଉଛି ସମସ୍ତ ଆସୁଥିବା ଏବଂ ଯାଉଥିବା ପ୍ୟାକେଟଗୁଡ଼ିକୁ ତ୍ୟାଗ କରାଯାଇଛି।" + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -994,8 +986,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"ଲକଡାଉନ ଫାୟାରୱାଲ ସଂରଚନାକୁ ଅପରିବର୍ତ୍ତନୀୟ କରିଥାଏ ଯାହାଫଳରେ କେବଳ ଲକଡାଉନ " +-"ହ୍ୱାଇଟଲିଷ୍ଟରେ ଥିବା ପ୍ରୟୋଗଗୁଡ଼ିକ ଏହାକୁ ପରିବର୍ତ୍ତନ କରିବାରେ ସକ୍ଷମ ହୋଇଥାନ୍ତି।" ++"ଲକଡାଉନ ଫାୟାରୱାଲ ସଂରଚନାକୁ ଅପରିବର୍ତ୍ତନୀୟ କରିଥାଏ ଯାହାଫଳରେ କେବଳ ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟରେ ଥିବା " ++"ପ୍ରୟୋଗଗୁଡ଼ିକ ଏହାକୁ ପରିବର୍ତ୍ତନ କରିବାରେ ସକ୍ଷମ ହୋଇଥାନ୍ତି।" + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1069,9 +1061,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"ବର୍ତ୍ତମାନ ଦୃଶ୍ୟମାନ ସଂରଚନା। ଚାଲୁଥିବା ସମୟର ସଂରଚନା ହେଉଛି ପ୍ରକୃତ ସକ୍ରିୟ ସଂରଚନା। " +-"ସ୍ଥାୟୀ ସଂରଚନା ସର୍ଭିସ ପରେ କିମ୍ବା ତନ୍ତ୍ର ପୁନର୍ଦ୍ଧାରଣ କିମ୍ବା ପୁନଃଚାଳନ ପରେ " +-"ସକ୍ରିୟ ହେବ।" ++"ବର୍ତ୍ତମାନ ଦୃଶ୍ୟମାନ ସଂରଚନା। ଚାଲୁଥିବା ସମୟର ସଂରଚନା ହେଉଛି ପ୍ରକୃତ ସକ୍ରିୟ ସଂରଚନା। ସ୍ଥାୟୀ " ++"ସଂରଚନା ସର୍ଭିସ ପରେ କିମ୍ବା ତନ୍ତ୍ର ପୁନର୍ଦ୍ଧାରଣ କିମ୍ବା ପୁନଃଚାଳନ ପରେ ସକ୍ରିୟ ହେବ।" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1081,11 +1072,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"ଗୋଟିଏ firewalld ଅଞ୍ଚଳ ନେଟୱର୍କ ସଂଯୋଗଗୁଡ଼ିକ, ଅନ୍ତରାପୃଷ୍ଠ ଏବଂ ଅଞ୍ଚଳ ସହିତ " +-"ସଂଶ୍ଳିଷ୍ଟ ଉତ୍ସ ଠିକଣାଗୁଡ଼ିକ ପାଇଁ ବିଶ୍ୱାସର ସ୍ତର ବ୍ୟାଖ୍ୟା କରିଥାଏ। ଏହି ଅଞ୍ଚଳ " +-"ସର୍ଭିସ, ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ଛଦ୍ମ ବେଶ, ପୋର୍ଟ/ପ୍ୟାକେଟ ଅଗ୍ରସରଣ, icmp ଫିଲଟର ଏବଂ " +-"ଶକ୍ତ ନିୟମାବଳୀକୁ ମିଶ୍ରଣ କରିଥାଏ। ଏହି ଅଞ୍ଚଳ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ଏବଂ ଠିକଣାଗୁଡ଼ିକୁ " +-"ବାନ୍ଧିଥାଏ।" ++"ଗୋଟିଏ firewalld ଅଞ୍ଚଳ ନେଟୱର୍କ ସଂଯୋଗଗୁଡ଼ିକ, ଅନ୍ତରାପୃଷ୍ଠ ଏବଂ ଅଞ୍ଚଳ ସହିତ ସଂଶ୍ଳିଷ୍ଟ ଉତ୍ସ " ++"ଠିକଣାଗୁଡ଼ିକ ପାଇଁ ବିଶ୍ୱାସର ସ୍ତର ବ୍ୟାଖ୍ୟା କରିଥାଏ। ଏହି ଅଞ୍ଚଳ ସର୍ଭିସ, ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ଛଦ୍ମ ବେଶ, " ++"ପୋର୍ଟ/ପ୍ୟାକେଟ ଅଗ୍ରସରଣ, icmp ଫିଲଟର ଏବଂ ଶକ୍ତ ନିୟମାବଳୀକୁ ମିଶ୍ରଣ କରିଥାଏ। ଏହି ଅଞ୍ଚଳ " ++"ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ଏବଂ ଠିକଣାଗୁଡ଼ିକୁ ବାନ୍ଧିଥାଏ।" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1109,8 +1099,8 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"କେଉଁ ସେବା ଗୁଡିକ ବିଶ୍ଯସ୍ତ ଆପଣ ତାହା ଏଠାରେ ବ୍ଯାଖ୍ଯା କରିପାରିବେ। ଏହାର ଅର୍ଥ ହେଉଛି " +-"ଯେ ଏହି ସେବା ଗୁଡିକୁ ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କରୁ ଅଭିଗମ କରିହେବ।" ++"କେଉଁ ସେବା ଗୁଡିକ ବିଶ୍ଯସ୍ତ ଆପଣ ତାହା ଏଠାରେ ବ୍ଯାଖ୍ଯା କରିପାରିବେ। ଏହାର ଅର୍ଥ ହେଉଛି ଯେ ଏହି ସେବା " ++"ଗୁଡିକୁ ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କରୁ ଅଭିଗମ କରିହେବ।" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1121,8 +1111,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"ଅତିରିକ୍ତ ସଂଯୋଗିକୀ କିମ୍ବା ସଂଯୋଗିକୀ ପରିସର ମାନଙ୍କୁ ଯୋଗ କରନ୍ତୁ, ଯାହାକି ସମସ୍ତ " +-"ଆଧାର କିମ୍ବା ନେଟୱାର୍କ ଦ୍ବାରା ଅଭିଗମ୍ଯ ହେବା ଉଚିତ।" ++"ଅତିରିକ୍ତ ସଂଯୋଗିକୀ କିମ୍ବା ସଂଯୋଗିକୀ ପରିସର ମାନଙ୍କୁ ଯୋଗ କରନ୍ତୁ, ଯାହାକି ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କ " ++"ଦ୍ବାରା ଅଭିଗମ୍ଯ ହେବା ଉଚିତ।" + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1176,10 +1166,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"ମିଥ୍ୟାଭନୟ ଆପଣଙ୍କୁ ଇଣ୍ଟରନେଟ ସହିତ ଆପଣଙ୍କ ସ୍ଥାନୀୟ ନେଟୱର୍କକୁ ସଂଯୋଗ କରୁଥିବା ଆଧାର " +-"କିମ୍ବା ରାଉଟରକୁ ବିନ୍ୟାସ କରିବାକୁ ଅନୁମତି ଦେଇଥାଏ. ଆପଣଙ୍କର ସ୍ଥାନୀୟ ନେଟୱର୍କ " +-"ଦେଖାଯିବ ନାହିଁ ଏବଂ ସେହି ଆଧାରଟି ଇଣ୍ଟରନେଟରେ ଗୋଟିଏ ଠିକଣା ପରି ଦେଖାଯିବ. କେବଳ IPv4 " +-"ମିଥ୍ୟାଭିନୟ କରୁଅଛି." ++"ମିଥ୍ୟାଭନୟ ଆପଣଙ୍କୁ ଇଣ୍ଟରନେଟ ସହିତ ଆପଣଙ୍କ ସ୍ଥାନୀୟ ନେଟୱର୍କକୁ ସଂଯୋଗ କରୁଥିବା ଆଧାର କିମ୍ବା ରାଉଟରକୁ " ++"ବିନ୍ୟାସ କରିବାକୁ ଅନୁମତି ଦେଇଥାଏ. ଆପଣଙ୍କର ସ୍ଥାନୀୟ ନେଟୱର୍କ ଦେଖାଯିବ ନାହିଁ ଏବଂ ସେହି ଆଧାରଟି " ++"ଇଣ୍ଟରନେଟରେ ଗୋଟିଏ ଠିକଣା ପରି ଦେଖାଯିବ. କେବଳ IPv4 ମିଥ୍ୟାଭିନୟ କରୁଅଛି." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1190,8 +1179,8 @@ msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." + msgstr "" +-"ଯଦି ଆପଣ ଛଦ୍ମ ବେଶ କରିବାରେ ସକ୍ରିୟ ହୁଅନ୍ତି, ତେବେ IP ଅଗ୍ରସରଣକୁ ଆପଣଙ୍କ IPv4 " +-"ନେଟୱର୍କଗୁଡ଼ିକ ପାଇଁସକ୍ରିୟ କରାଯିବ।" ++"ଯଦି ଆପଣ ଛଦ୍ମ ବେଶ କରିବାରେ ସକ୍ରିୟ ହୁଅନ୍ତି, ତେବେ IP ଅଗ୍ରସରଣକୁ ଆପଣଙ୍କ IPv4 ନେଟୱର୍କଗୁଡ଼ିକ " ++"ପାଇଁସକ୍ରିୟ କରାଯିବ।" + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1204,10 +1193,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ସ୍ଥାନୀୟ ତନ୍ତ୍ରରେ ଗୋଟିଏ ସଂଯୋଗିକୀରୁ ଅନ୍ୟ ଏକ ସଂଯୋଗିକୀକୁ ଅଥବା ସ୍ଥାନୀୟ ତନ୍ତ୍ରରୁ " +-"ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ଅଗ୍ରସରଣ ସଂଯୋଗିକୀରେ ଭରଣଗୁଡ଼ିକୁ ଯୋଗକରନ୍ତୁ. ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ " +-"ପଠାଇବା ହିଁ କେବଳ ଫଳପ୍ରଦ ହୋଇଥାଏ ଯଦି ଅନ୍ତରାପୃଷ୍ଠ ମିଥ୍ୟାଭିନୟ କରୁଥାଏ. ସଂଯୋଗିକୀ " +-"ଆଗେଇବାଟି କେବଳ IPv4." ++"ସ୍ଥାନୀୟ ତନ୍ତ୍ରରେ ଗୋଟିଏ ସଂଯୋଗିକୀରୁ ଅନ୍ୟ ଏକ ସଂଯୋଗିକୀକୁ ଅଥବା ସ୍ଥାନୀୟ ତନ୍ତ୍ରରୁ ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ " ++"ଅଗ୍ରସରଣ ସଂଯୋଗିକୀରେ ଭରଣଗୁଡ଼ିକୁ ଯୋଗକରନ୍ତୁ. ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ପଠାଇବା ହିଁ କେବଳ ଫଳପ୍ରଦ ହୋଇଥାଏ ଯଦି " ++"ଅନ୍ତରାପୃଷ୍ଠ ମିଥ୍ୟାଭିନୟ କରୁଥାଏ. ସଂଯୋଗିକୀ ଆଗେଇବାଟି କେବଳ IPv4." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1227,18 +1215,17 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ଇଣ୍ଟରନେଟ ନିୟନ୍ତ୍ରଣ ସନ୍ଦେଶ ପ୍ରୋଟୋକଲ (ICMP) ଟି ମୁଖ୍ୟତଃ ନେଟୱର୍କ କମ୍ପୁଟରଗୁଡ଼ିକ " +-"ମଧ୍ୟରେ ତ୍ରୁଟି ସନ୍ଦେଶ ପଠାଇବାରେ ବ୍ୟବହାର ହୋଇଥାଏ, କିନ୍ତୁ ଅତିରିକ୍ତ ଭାବରେ " +-"ସୂଚନାତ୍ମକ ସନ୍ଦେଶଗୁଡ଼ିକୁ ଯେପରି କି ping ଅନୁରୋଧ ଏବଂ ଉତ୍ତରଗୁଡ଼ିକ ପାଇଁ." ++"ଇଣ୍ଟରନେଟ ନିୟନ୍ତ୍ରଣ ସନ୍ଦେଶ ପ୍ରୋଟୋକଲ (ICMP) ଟି ମୁଖ୍ୟତଃ ନେଟୱର୍କ କମ୍ପୁଟରଗୁଡ଼ିକ ମଧ୍ୟରେ ତ୍ରୁଟି ସନ୍ଦେଶ " ++"ପଠାଇବାରେ ବ୍ୟବହାର ହୋଇଥାଏ, କିନ୍ତୁ ଅତିରିକ୍ତ ଭାବରେ ସୂଚନାତ୍ମକ ସନ୍ଦେଶଗୁଡ଼ିକୁ ଯେପରି କି ping ଅନୁରୋଧ " ++"ଏବଂ ଉତ୍ତରଗୁଡ଼ିକ ପାଇଁ." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"ICMP ପ୍ରକାରଗୁଡ଼ିକୁ ତାଲିକାରେ ଚିହ୍ନଟକରନ୍ତୁ, ଯାହାକୁ କି ଅସ୍ୱୀକାର କରିବା ଉଚିତ. " +-"ଅନ୍ୟ ସମସ୍ତ ICMP ପ୍ରକାରଗୁଡ଼ିକ ଅଗ୍ନିକବଚ ପାରକରିବା ପାଇଁ ଅନୁମତିପ୍ରାପ୍ତ. " +-"ପୂର୍ବନିର୍ଦ୍ଧାରିତରେ କୌଣସି ସୀମା ବନ୍ଧନ ନାହିଁ." ++"ICMP ପ୍ରକାରଗୁଡ଼ିକୁ ତାଲିକାରେ ଚିହ୍ନଟକରନ୍ତୁ, ଯାହାକୁ କି ଅସ୍ୱୀକାର କରିବା ଉଚିତ. ଅନ୍ୟ ସମସ୍ତ ICMP " ++"ପ୍ରକାରଗୁଡ଼ିକ ଅଗ୍ନିକବଚ ପାରକରିବା ପାଇଁ ଅନୁମତିପ୍ରାପ୍ତ. ପୂର୍ବନିର୍ଦ୍ଧାରିତରେ କୌଣସି ସୀମା ବନ୍ଧନ ନାହିଁ." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1279,9 +1266,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"ଏହି ଅଞ୍ଚଳରେ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ବାନ୍ଧିବା ପାଇଁ ଯୋଗ କରନ୍ତୁ। ଯଦି ଏହି " +-"ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ କୌଣସି ସଂଯୋଗ ଦ୍ୱାରା ବ୍ୟବହାର ହୋଇଥାଏ, ତେବେ ସେହି ଅଞ୍ଚଳଟି " +-"ସଂଯୋଗରେ ଉଲ୍ଲେଖିତ ଅଞ୍ଚଳରେ ସେଟ ହେବ।" ++"ଏହି ଅଞ୍ଚଳରେ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ବାନ୍ଧିବା ପାଇଁ ଯୋଗ କରନ୍ତୁ। ଯଦି ଏହି ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ କୌଣସି ସଂଯୋଗ " ++"ଦ୍ୱାରା ବ୍ୟବହାର ହୋଇଥାଏ, ତେବେ ସେହି ଅଞ୍ଚଳଟି ସଂଯୋଗରେ ଉଲ୍ଲେଖିତ ଅଞ୍ଚଳରେ ସେଟ ହେବ।" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1322,9 +1308,7 @@ msgstr "ଅଞ୍ଚଳ" + msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." +-msgstr "" +-"firewalld ସର୍ଭିସ ହେଉଛି ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ମଡ୍ୟୁଲ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାଗୁଡ଼ିକର " +-"ଏକ ମିଶ୍ରଣ।" ++msgstr "firewalld ସର୍ଭିସ ହେଉଛି ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ମଡ୍ୟୁଲ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାଗୁଡ଼ିକର ଏକ ମିଶ୍ରଣ।" + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1380,9 +1364,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"ଯଦି ଆପଣ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାକୁ ଉଲ୍ଲେଖ କରନ୍ତି, ତେବେ ସର୍ଭିସ ନିବେଶ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣା " +-"ଏବଂ ପ୍ରକାରରେ ସିମୀତ ହେବ। ଯଦି ଉଭୟ ନିବେଶଗୁଡ଼ିକ ଖାଲିଥାଏ, ତେବେ ସେଠାରେ କୌଣସି ସୀମା " +-"ନଥାଏ।" ++"ଯଦି ଆପଣ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାକୁ ଉଲ୍ଲେଖ କରନ୍ତି, ତେବେ ସର୍ଭିସ ନିବେଶ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣା ଏବଂ ପ୍ରକାରରେ " ++"ସିମୀତ ହେବ। ଯଦି ଉଭୟ ନିବେଶଗୁଡ଼ିକ ଖାଲିଥାଏ, ତେବେ ସେଠାରେ କୌଣସି ସୀମା ନଥାଏ।" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1397,8 +1380,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"ସର୍ଭିସଗୁଡ଼ିକ କେବଳ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ପରିବର୍ତ୍ତନ ହୋଇପାରିବ। ସର୍ଭିସଗୁଡ଼ିକର " +-"ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଟେ।" ++"ସର୍ଭିସଗୁଡ଼ିକ କେବଳ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ପରିବର୍ତ୍ତନ ହୋଇପାରିବ। ସର୍ଭିସଗୁଡ଼ିକର ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ " ++"ଅଟେ।" + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1480,16 +1463,15 @@ msgstr "ICMP ପ୍ରକାର ପୂର୍ବନିର୍ଦ୍ଧାରିତ + #: ../src/firewall-config.glade.h:171 + msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." + msgstr "" +-"ଏହି ICMP ପ୍ରକାରଟି IPv4 ଏବଂ/ଅଥବା IPv6 ରେ ଉପଲବ୍ଧ ହୋଇଥାଏ କି ନାହିଁ ତାହା ଉଲ୍ଲେଖ " +-"କରନ୍ତୁ।" ++"ଏହି ICMP ପ୍ରକାରଟି IPv4 ଏବଂ/ଅଥବା IPv6 ରେ ଉପଲବ୍ଧ ହୋଇଥାଏ କି ନାହିଁ ତାହା ଉଲ୍ଲେଖ କରନ୍ତୁ।" + + #: ../src/firewall-config.glade.h:172 + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP ପ୍ରକାରଗୁଡ଼ିକ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ହିଁ କେବଳ ପରିବର୍ତ୍ତିତ ହୋଇଥାଏ। ICMP " +-"ପ୍ରକାରଗୁଡ଼ିକ ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଛି।" ++"ICMP ପ୍ରକାରଗୁଡ଼ିକ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ହିଁ କେବଳ ପରିବର୍ତ୍ତିତ ହୋଇଥାଏ। ICMP ପ୍ରକାରଗୁଡ଼ିକ ପ୍ରଚଳିତ " ++"ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଛି।" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1511,10 +1493,9 @@ msgid "" + "as a last resort when it is not possible to use other firewalld features." + msgstr "" + "ସିଧାସଳଖ ସଂରଚନା ଫାୟାରୱାଲରେ ସିଧାସଳଖ ପ୍ରବେଶାନୁମତି ଦେଇଥାଏ। ଏହି ବିକଳ୍ପଗୁଡ଼ିକ ପାଇଁ " +-"ବ୍ୟବହାରକାରୀଙ୍କ ପାଖରେ ମୌଳିକ iptables ଜ୍ଞାନ ଥିବା ଆବଶ୍ୟକ, ଯେପରିକି ସାରଣୀ, " +-"ଶୃଙ୍ଖଳ, ନିର୍ଦ୍ଦେଶ, ପ୍ରାଚଳ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ। ସିଧାସଳଖ ସଂରଚନାକୁ କେବଳ ଶେଷ ଆଶ୍ରୟ " +-"ଭାବରେ ବ୍ୟବହାର କରିବା ଉଚିତ ଯେତେବେଳେ ଅନ୍ୟ କୌଣସି firewalld ବିଶେଷତା ବ୍ୟବହାର କରିବା " +-"ସମ୍ଭବ ହୋଇନଥାଏ।" ++"ବ୍ୟବହାରକାରୀଙ୍କ ପାଖରେ ମୌଳିକ iptables ଜ୍ଞାନ ଥିବା ଆବଶ୍ୟକ, ଯେପରିକି ସାରଣୀ, ଶୃଙ୍ଖଳ, ନିର୍ଦ୍ଦେଶ, " ++"ପ୍ରାଚଳ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ। ସିଧାସଳଖ ସଂରଚନାକୁ କେବଳ ଶେଷ ଆଶ୍ରୟ ଭାବରେ ବ୍ୟବହାର କରିବା ଉଚିତ " ++"ଯେତେବେଳେ ଅନ୍ୟ କୌଣସି firewalld ବିଶେଷତା ବ୍ୟବହାର କରିବା ସମ୍ଭବ ହୋଇନଥାଏ।" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1522,9 +1503,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"ପ୍ରତ୍ୟେକ ବିକଳ୍ପର ipv ସ୍ୱତନ୍ତ୍ରଚର ipv4 କିମ୍ବା ipv6 ଅଥବା eb ହୋଇଥିବା ଉଚିତ। ipv4 " +-"ସହିତ ଏହା iptables ପାଇଁ ହୋଇଥାଏ, ipv6 ସହିତ ip6tables ପାଇଁ ଏବଂ eb ସହିତ ଇଥରନେଟ " +-"ବ୍ରିଜଗୁଡ଼ିକ ପାଇଁ ହୋଇଥାଏ (ebtables)." ++"ପ୍ରତ୍ୟେକ ବିକଳ୍ପର ipv ସ୍ୱତନ୍ତ୍ରଚର ipv4 କିମ୍ବା ipv6 ଅଥବା eb ହୋଇଥିବା ଉଚିତ। ipv4 ସହିତ ଏହା " ++"iptables ପାଇଁ ହୋଇଥାଏ, ipv6 ସହିତ ip6tables ପାଇଁ ଏବଂ eb ସହିତ ଇଥରନେଟ ବ୍ରିଜଗୁଡ଼ିକ ପାଇଁ " ++"ହୋଇଥାଏ (ebtables)." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1549,8 +1530,7 @@ msgstr "ସୃଙ୍ଖଳଗୁଡ଼ିକ" + #: ../src/firewall-config.glade.h:182 + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." +-msgstr "" +-"ସ୍ୱତନ୍ତ୍ରଚର args ସହିତ ଏକ ଶୃଙ୍ଖଳରେ ପ୍ରାଥମିକତା ଦେଇ ଗୋଟିଏ ନିୟମ ଯୋଗ କରନ୍ତୁ।" ++msgstr "ସ୍ୱତନ୍ତ୍ରଚର args ସହିତ ଏକ ଶୃଙ୍ଖଳରେ ପ୍ରାଥମିକତା ଦେଇ ଗୋଟିଏ ନିୟମ ଯୋଗ କରନ୍ତୁ।" + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1561,12 +1541,11 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"ନିୟମାବଳୀକୁ କ୍ରମାନ୍ୱୟରେ ରଖିବା ପାଇଁ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରାଯାଇଥାଏ। ପ୍ରାଥମିକତା " +-"0 ଅର୍ଥ ହେଉଛି ଶୃଙ୍ଖଳ ଉପରେ ନିୟମ ଯୋଗ କରନ୍ତୁ, ଉଚ୍ଚ ପ୍ରାଥମିକତା ସହିତ ନିୟମଟି ତଳେ " +-"ଯୋଗ କରାଯାଇଥାଏ। ସମାନ ପ୍ରାଥମିକତା ବିଶିଷ୍ଟ ନିୟମାବଳୀ ସମାନ ସ୍ତରରେ ଥାଏ ଏବଂ ସେହି " +-"ନିୟମାବଳୀର କ୍ରମ ସ୍ଥାୟୀନଥାଏ ଏବଂ ପରିବର୍ତ୍ତନ ହୋଇପାରେ। ଯଦି ଆପଣ ନିଶ୍ଚିତ କରିବାକୁ " +-"ଚାହୁଁଛନ୍ତି ଯେ ଅନ୍ୟ ଗୋଟିଏ ଉପରେ ନିୟମାବଳୀ ଯୋଗ ହେବ ତେବେ, ପ୍ରଥମେ କମ ପ୍ରାଥମିକତାକୁ " +-"ବ୍ୟବହାର କରନ୍ତୁ ଏବଂ ତାପରେ ଉଚ୍ଚ ପ୍ରାଥମିକତାକୁ ରଖନ୍ତୁ।" ++"ନିୟମାବଳୀକୁ କ୍ରମାନ୍ୱୟରେ ରଖିବା ପାଇଁ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରାଯାଇଥାଏ। ପ୍ରାଥମିକତା 0 ଅର୍ଥ ହେଉଛି " ++"ଶୃଙ୍ଖଳ ଉପରେ ନିୟମ ଯୋଗ କରନ୍ତୁ, ଉଚ୍ଚ ପ୍ରାଥମିକତା ସହିତ ନିୟମଟି ତଳେ ଯୋଗ କରାଯାଇଥାଏ। ସମାନ " ++"ପ୍ରାଥମିକତା ବିଶିଷ୍ଟ ନିୟମାବଳୀ ସମାନ ସ୍ତରରେ ଥାଏ ଏବଂ ସେହି ନିୟମାବଳୀର କ୍ରମ ସ୍ଥାୟୀନଥାଏ ଏବଂ " ++"ପରିବର୍ତ୍ତନ ହୋଇପାରେ। ଯଦି ଆପଣ ନିଶ୍ଚିତ କରିବାକୁ ଚାହୁଁଛନ୍ତି ଯେ ଅନ୍ୟ ଗୋଟିଏ ଉପରେ ନିୟମାବଳୀ ଯୋଗ ହେବ " ++"ତେବେ, ପ୍ରଥମେ କମ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରନ୍ତୁ ଏବଂ ତାପରେ ଉଚ୍ଚ ପ୍ରାଥମିକତାକୁ ରଖନ୍ତୁ।" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1590,14 +1569,12 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"ଅଗ୍ରଗତି ନିୟମାବଳୀ ସିଧାସଳଖ ଭାବରେ ଫାୟାରୱାଲ ମଧ୍ଯ ଦେଇ ଯାଇଥାଏ ଏବଂ ତାହା ବିଶେଷ " +-"ଶୃଙ୍ଖଳରେ ରଖାଯାଇନଥାଏ। ସମସ୍ତ iptables, ip6tables ଏବଂ etables ବିକଳ୍ପକୁ ବ୍ୟବହାର " +-"କରାଯାଇପାରିବ।" ++"ଅଗ୍ରଗତି ନିୟମାବଳୀ ସିଧାସଳଖ ଭାବରେ ଫାୟାରୱାଲ ମଧ୍ଯ ଦେଇ ଯାଇଥାଏ ଏବଂ ତାହା ବିଶେଷ ଶୃଙ୍ଖଳରେ " ++"ରଖାଯାଇନଥାଏ। ସମସ୍ତ iptables, ip6tables ଏବଂ etables ବିକଳ୍ପକୁ ବ୍ୟବହାର କରାଯାଇପାରିବ।" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"ଅଗ୍ରଗତି ନିୟମାବଳୀ ସହିତ ଦୟାକରି ସତର୍କ ରୁହନ୍ତୁ ଯେପରି ତାହା ଫାୟାରୱାଲକୁ କ୍ଷତି ନକରେ।" ++msgstr "ଅଗ୍ରଗତି ନିୟମାବଳୀ ସହିତ ଦୟାକରି ସତର୍କ ରୁହନ୍ତୁ ଯେପରି ତାହା ଫାୟାରୱାଲକୁ କ୍ଷତି ନକରେ।" + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1621,9 +1598,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"ଲକଡାଉନ ବିଶେଷତାଟି ହେଉଛି firewalld ପାଇଁ ବ୍ୟବହାରକାରୀ ଏବଂ ପ୍ରୟୋଗ ନିତୀଗୁଡ଼ିକର " +-"ହାଲୁକା ସଂସ୍କରଣ। ଏହା ଫାୟାରୱାଲର ପରିବର୍ତ୍ତନକୁ ସିମୀତ କରିଥାଏ। ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟ " +-"ନିର୍ଦ୍ଦେଶ, ପ୍ରସଙ୍ଗ, ବ୍ୟବହାରକାରୀ ଏବଂ ବ୍ୟବହାରକାରୀ id ଗୁଡ଼ିକୁ ଧାରଣ କରିଥାଏ।" ++"ଲକଡାଉନ ବିଶେଷତାଟି ହେଉଛି firewalld ପାଇଁ ବ୍ୟବହାରକାରୀ ଏବଂ ପ୍ରୟୋଗ ନିତୀଗୁଡ଼ିକର ହାଲୁକା ସଂସ୍କରଣ। " ++"ଏହା ଫାୟାରୱାଲର ପରିବର୍ତ୍ତନକୁ ସିମୀତ କରିଥାଏ। ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟ ନିର୍ଦ୍ଦେଶ, ପ୍ରସଙ୍ଗ, ବ୍ୟବହାରକାରୀ " ++"ଏବଂ ବ୍ୟବହାରକାରୀ id ଗୁଡ଼ିକୁ ଧାରଣ କରିଥାଏ।" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1654,10 +1631,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"ଯଦି ହ୍ୱାଇଟଲିଷ୍ଟରେ ଗୋଟିଏ ନିର୍ଦ୍ଦେଶ ନିବେଶ ଆସଟେରିସ୍କ '*' ରେ ସମାପ୍ତ ହୋଇଥାଏ, ତେବେ " +-"ସେହି ନିର୍ଦ୍ଦେଶ ସହିତ ଆରମ୍ଭ ହେଉଥିବା ସମସ୍ତ ନିର୍ଦ୍ଦେଶ ଧାରା ମେଳ ଖାଇବ। ଯଦି ସେହି " +-"'*' ସେଠାରେ ନଥାଏ ତେବେ ସେହି ସ୍ୱଚନ୍ତ୍ରଚର ସହିତ ମେଳଖାଉଥିବା ନିର୍ଦ୍ଦିଷ୍ଟ ନିର୍ଦ୍ଦେଶ " +-"ନିଶ୍ଚିତ ଭାବରେ ମେଳଖାଇବ।" ++"ଯଦି ହ୍ୱାଇଟଲିଷ୍ଟରେ ଗୋଟିଏ ନିର୍ଦ୍ଦେଶ ନିବେଶ ଆସଟେରିସ୍କ '*' ରେ ସମାପ୍ତ ହୋଇଥାଏ, ତେବେ ସେହି ନିର୍ଦ୍ଦେଶ " ++"ସହିତ ଆରମ୍ଭ ହେଉଥିବା ସମସ୍ତ ନିର୍ଦ୍ଦେଶ ଧାରା ମେଳ ଖାଇବ। ଯଦି ସେହି '*' ସେଠାରେ ନଥାଏ ତେବେ ସେହି " ++"ସ୍ୱଚନ୍ତ୍ରଚର ସହିତ ମେଳଖାଉଥିବା ନିର୍ଦ୍ଦିଷ୍ଟ ନିର୍ଦ୍ଦେଶ ନିଶ୍ଚିତ ଭାବରେ ମେଳଖାଇବ।" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1847,8 +1823,7 @@ msgstr "ସିଧାସଳଖ ନିୟମ" + + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." +-msgstr "" +-"ଦୟାକରି ipv ଏବଂ table, ଶୃଙ୍ଖଳ ଅଗ୍ରାଧୀକାରକୁ ବାଛନ୍ତୁ ଏବଂ args କୁ ଭରଣ କରନ୍ତୁ।" ++msgstr "ଦୟାକରି ipv ଏବଂ table, ଶୃଙ୍ଖଳ ଅଗ୍ରାଧୀକାରକୁ ବାଛନ୍ତୁ ଏବଂ args କୁ ଭରଣ କରନ୍ତୁ।" + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1872,9 +1847,7 @@ msgstr "ଦୟାକରି ଗୋଟିଏ ଶକ୍ତ ନିୟମକୁ ଭ + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"ହୋଷ୍ଟ କିମ୍ବା ନେଟୱର୍କ ହ୍ୱାଇଟ କିମ୍ବା ବ୍ଲାକଲିଷ୍ଟ ପାଇଁ ଉପାଦାନକୁ ନିଷ୍କ୍ରିୟ " +-"କରିଥାଏ।" ++msgstr "ହୋଷ୍ଟ କିମ୍ବା ନେଟୱର୍କ ହ୍ୱାଇଟ କିମ୍ବା ବ୍ଲାକଲିଷ୍ଟ ପାଇଁ ଉପାଦାନକୁ ନିଷ୍କ୍ରିୟ କରିଥାଏ।" + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1902,11 +1875,11 @@ msgstr "ଓଲଟି ଯାଇଛି" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"ଏହାକୁ ସକ୍ରିୟ କରିବା ପାଇଁ କାର୍ଯ୍ୟକୁ 'ପ୍ରତ୍ୟାଖ୍ୟାନ' କରିବା ଉଚିତ ଏବଂ 'ipv4' " +-"କିମ୍ବା 'ipv6' ପରିବାରର ହୋଇଥିବା ଉଚିତ (ଉଭୟ ନୁହଁ)।" ++"ଏହାକୁ ସକ୍ରିୟ କରିବା ପାଇଁ କାର୍ଯ୍ୟକୁ 'ପ୍ରତ୍ୟାଖ୍ୟାନ' କରିବା ଉଚିତ ଏବଂ 'ipv4' କିମ୍ବା 'ipv6' ପରିବାରର " ++"ହୋଇଥିବା ଉଚିତ (ଉଭୟ ନୁହଁ)।" + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/pa.po b/po/pa.po +index 1c791a2140c4..3489fbaaf515 100644 +--- a/po/pa.po ++++ b/po/pa.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Amandeep Singh Saini , 2013-2014 + # Amanpreet Singh Alam , 2004,2006 +@@ -22,15 +22,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2017-11-26 02:37+0000\n" + "Last-Translator: A S Alam \n" + "Language-Team: Panjabi (Punjabi) (http://www.transifex.com/projects/p/" + "firewalld/language/pa/)\n" + "Language: pa\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -90,9 +90,8 @@ msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"ਇਹ ਫ਼ੀਚਰ ਉਹਨਾਂ ਲੋਕਾਂ ਲਈ ਉਪਯੋਗੀ ਹੈ ਜਿਹੜੇ ਜਿਆਦਾਤਰ ਮੂਲ ਜ਼ੋਨ ਵਰਤਦੇ ਹਨ। ਉਹਨਾਂ " +-"ਯੂਜ਼ਰਾਂ, ਜਿਹੜੇ ਸੰਪਰਕਾਂ ਦੇ ਜੋ਼ਨਾਂ ਨੂੰ ਬਦਲਦੇ ਰਹੇ ਹਨ, ਇਹ ਸੀਮਿਤ ਵਰਤੋਂ ਵਾਲਾ ਹੋ " +-"ਸਕਦਾ ਹੈ।" ++"ਇਹ ਫ਼ੀਚਰ ਉਹਨਾਂ ਲੋਕਾਂ ਲਈ ਉਪਯੋਗੀ ਹੈ ਜਿਹੜੇ ਜਿਆਦਾਤਰ ਮੂਲ ਜ਼ੋਨ ਵਰਤਦੇ ਹਨ। ਉਹਨਾਂ ਯੂਜ਼ਰਾਂ, ਜਿਹੜੇ " ++"ਸੰਪਰਕਾਂ ਦੇ ਜੋ਼ਨਾਂ ਨੂੰ ਬਦਲਦੇ ਰਹੇ ਹਨ, ਇਹ ਸੀਮਿਤ ਵਰਤੋਂ ਵਾਲਾ ਹੋ ਸਕਦਾ ਹੈ।" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -214,10 +213,8 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" +-msgstr "" +-"'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{connection}' ਸੰਪਰਕ ਲਈ '{interface}' ਇੰਟਰਫੇਸ ਉੱਤੇ" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" ++msgstr "'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{connection}' ਸੰਪਰਕ ਲਈ '{interface}' ਇੰਟਰਫੇਸ ਉੱਤੇ" + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -655,11 +652,11 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" +-"ਕਿਸੇ ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ ਉਸ ਵੇਲੇ ਹੀ ਵਰਤੋਂਯੋਗ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਦਾ " +-"ਮੁਖੌਟਾਪਨ ਕੀਤਾ ਹੈ।\n" ++"ਕਿਸੇ ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ ਉਸ ਵੇਲੇ ਹੀ ਵਰਤੋਂਯੋਗ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਦਾ ਮੁਖੌਟਾਪਨ ਕੀਤਾ ਹੈ।\n" + "ਕੀ ਤੁਸੀਂ ਇਸ ਜ਼ੋਨ ਦਾ ਮੁਖੌਟਾਪਨ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ?" + + #: ../src/firewall-config.in:5376 +@@ -844,8 +841,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"ਜੇ ਤੁਸੀਂ ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ ਯੋਗ ਕਰਦੇ ਹੋ, ਤੁਹਾਨੂੰ ਇੱਕ ਪੋਰਟ ਦੇਣੀ ਚਾਹੀਦੀ ਹੈ। ਇਹ " +-"ਪੋਰਟ ਸਰੋਤ ਪੋਰਟ ਲਈ ਵੱਖਰੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" ++"ਜੇ ਤੁਸੀਂ ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ ਯੋਗ ਕਰਦੇ ਹੋ, ਤੁਹਾਨੂੰ ਇੱਕ ਪੋਰਟ ਦੇਣੀ ਚਾਹੀਦੀ ਹੈ। ਇਹ ਪੋਰਟ ਸਰੋਤ ਪੋਰਟ ਲਈ " ++"ਵੱਖਰੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -953,9 +950,8 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ਫਾਇਰਵਾਲ ਨਿਯਮ ਮੁੜ ਲੋਡ ਕਰੋ। ਮੌਜੂਦਾ ਪੱਕੀ ਸੰਰਚਨਾ ਨਵੀਂ ਚੱਲ ਰਹੀ ਸੰਰਚਨਾ ਬਣ ਜਾਵੇਗੀ। " +-"ਮਤਲਬ ਕਿ ਮੁੜ-ਲੋਡ ਕਰਨ ਤੱਕ ਚਾਲੂ ਹਾਲਾਤ ਵਿੱਚ ਕੀਤੇ ਸਾਰੇ ਬਦਲਾਅ ਗੁੰਮ ਜਾਂਦੇ ਹਨ ਜੇ ਉਹ " +-"ਵੀ ਪੱਕੀ ਸੰਰਚਨਾ ਵਿੱਚ ਨਹੀਂ ਹਨ।" ++"ਫਾਇਰਵਾਲ ਨਿਯਮ ਮੁੜ ਲੋਡ ਕਰੋ। ਮੌਜੂਦਾ ਪੱਕੀ ਸੰਰਚਨਾ ਨਵੀਂ ਚੱਲ ਰਹੀ ਸੰਰਚਨਾ ਬਣ ਜਾਵੇਗੀ। ਮਤਲਬ ਕਿ ਮੁੜ-" ++"ਲੋਡ ਕਰਨ ਤੱਕ ਚਾਲੂ ਹਾਲਾਤ ਵਿੱਚ ਕੀਤੇ ਸਾਰੇ ਬਦਲਾਅ ਗੁੰਮ ਜਾਂਦੇ ਹਨ ਜੇ ਉਹ ਵੀ ਪੱਕੀ ਸੰਰਚਨਾ ਵਿੱਚ ਨਹੀਂ ਹਨ।" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -998,8 +994,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"ਤਾਲਾਬੰਦ ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ ਤੇ ਤਾਲਾ ਲਗਾ ਦਿੰਦਾ ਹੈ ਤਾਂ ਕਿ ਸਿਰਫ਼ ਤਾਲਾਬੰਦੀ ਦੀ " +-"ਵਾਈ੍ਹਟਲਿਸਟ ਉੱਪਰਲੀਆਂ ਐਪਲੀਕੇਸ਼ਨਾਂ ਹੀ ਇਸ ਨੂੰ ਬਦਲਣ ਦੇ ਯੋਗ ਹੋਣ।" ++"ਤਾਲਾਬੰਦ ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ ਤੇ ਤਾਲਾ ਲਗਾ ਦਿੰਦਾ ਹੈ ਤਾਂ ਕਿ ਸਿਰਫ਼ ਤਾਲਾਬੰਦੀ ਦੀ ਵਾਈ੍ਹਟਲਿਸਟ " ++"ਉੱਪਰਲੀਆਂ ਐਪਲੀਕੇਸ਼ਨਾਂ ਹੀ ਇਸ ਨੂੰ ਬਦਲਣ ਦੇ ਯੋਗ ਹੋਣ।" + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1073,8 +1069,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"ਮੌਜੂਦਾ ਪਰਗਟ ਸੰਰਚਨਾ। ਚਾਲੂ ਸੰਰਚਨਾ ਹੀ ਅਸਲ ਸਰਗਰਮ ਸੰਰਚਨਾ ਹੈ। ਸਥਾਈ ਸੰਰਚਨਾ ਸੇਵਾ ਜਾਂ " +-"ਸਿਸਟਮ ਦੇ ਮੁੜ-ਲੋਡ ਜਾਂ ਮੁੜ-ਸ਼ੁਰੂ ਹੋਣ ਤੋਂ ਬਾਅਦ ਸਰਗਰਮ ਹੋਵੇਗੀ" ++"ਮੌਜੂਦਾ ਪਰਗਟ ਸੰਰਚਨਾ। ਚਾਲੂ ਸੰਰਚਨਾ ਹੀ ਅਸਲ ਸਰਗਰਮ ਸੰਰਚਨਾ ਹੈ। ਸਥਾਈ ਸੰਰਚਨਾ ਸੇਵਾ ਜਾਂ ਸਿਸਟਮ ਦੇ " ++"ਮੁੜ-ਲੋਡ ਜਾਂ ਮੁੜ-ਸ਼ੁਰੂ ਹੋਣ ਤੋਂ ਬਾਅਦ ਸਰਗਰਮ ਹੋਵੇਗੀ" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1084,10 +1080,9 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"ਇੱਕ ਫਾਇਰਵਾਲ ਵਾਲਾ ਜ਼ੋਨ ਨੈੱਟਵਰਕ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸਰੋਤਾਂ ਲਈ " +-"ਭਰੋਸੇ ਦਾ ਪੱਧਰ ਦਰਸਾਉਂਦਾ ਹੈ। ਜ਼ੋਨ ਸੇਵਾਵਾਂ, ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੁਖੌਟਾਪਨ, ਪੋਰਟ/" +-"ਪੈਕੇਟ ਫਾਰਵਰਡ ਕਰਨਾ, icmp ਫਿਲਟਰਾਂ ਅਤੇ ਉੱਚ-ਪੱਧਰ ਨਿਯਮਾਂ ਨੂੰ ਇਕੱਠਿਆਂ ਕਰਦਾ ਹੈ। " +-"ਜ਼ੋਨ ਨੂੰ ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤ ਪਤਿਆਂ ਨਾਲ ਬੰਨ੍ਹਿਆ ਜਾ ਸਕਦਾ ਹੈ।" ++"ਇੱਕ ਫਾਇਰਵਾਲ ਵਾਲਾ ਜ਼ੋਨ ਨੈੱਟਵਰਕ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸਰੋਤਾਂ ਲਈ ਭਰੋਸੇ ਦਾ ਪੱਧਰ " ++"ਦਰਸਾਉਂਦਾ ਹੈ। ਜ਼ੋਨ ਸੇਵਾਵਾਂ, ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੁਖੌਟਾਪਨ, ਪੋਰਟ/ਪੈਕੇਟ ਫਾਰਵਰਡ ਕਰਨਾ, icmp ਫਿਲਟਰਾਂ " ++"ਅਤੇ ਉੱਚ-ਪੱਧਰ ਨਿਯਮਾਂ ਨੂੰ ਇਕੱਠਿਆਂ ਕਰਦਾ ਹੈ। ਜ਼ੋਨ ਨੂੰ ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤ ਪਤਿਆਂ ਨਾਲ ਬੰਨ੍ਹਿਆ ਜਾ ਸਕਦਾ ਹੈ।" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1111,9 +1106,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"ਇੱਥੇ ਤੁਸੀਂ ਦੱਸ ਸਕਦੇ ਹੋ ਕਿ ਕਿਹੜੀ ਸੇਵਾ ਭਰੋਸੇਯੋਗ ਜ਼ੋਨ ਵਿੱਚ ਹੈ। ਭਰੋਸੇਯੋਗ ਸੋਵਾਵਾਂ " +-"ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਅਤੇ ਨੈੱਟਵਰਕਾਂ ਤੋਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ ਜਿਹੜੇ ਇਸ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ " +-"ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤਾਂ ਤੋਂ ਮਸ਼ੀਨ ਤੱਕ ਪਹੁੰਚ ਸਕਦੇ ਹਨ।" ++"ਇੱਥੇ ਤੁਸੀਂ ਦੱਸ ਸਕਦੇ ਹੋ ਕਿ ਕਿਹੜੀ ਸੇਵਾ ਭਰੋਸੇਯੋਗ ਜ਼ੋਨ ਵਿੱਚ ਹੈ। ਭਰੋਸੇਯੋਗ ਸੋਵਾਵਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਅਤੇ ਨੈੱਟਵਰਕਾਂ " ++"ਤੋਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ ਜਿਹੜੇ ਇਸ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤਾਂ ਤੋਂ ਮਸ਼ੀਨ ਤੱਕ ਪਹੁੰਚ " ++"ਸਕਦੇ ਹਨ।" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1124,8 +1119,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"ਵਾਧੂ ਪੋਰਟਾਂ ਜਾਂ ਪੋਰਟ ਰੇਂਜਾਂ ਸ਼ਾਮਿਲ ਕਰੋ, ਜੋ ਉਹਨਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਜਾਂ ਨੈੱਟਵਰਕਾਂ ਲਈ " +-"ਦਖਲ ਦੇਣ ਯੋਗ ਹੋਣ ਜਿਹੜੇ ਮਸ਼ੀਨ ਨਾਲ ਜੁੜ ਸਕਦੇ ਹਨ।" ++"ਵਾਧੂ ਪੋਰਟਾਂ ਜਾਂ ਪੋਰਟ ਰੇਂਜਾਂ ਸ਼ਾਮਿਲ ਕਰੋ, ਜੋ ਉਹਨਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਜਾਂ ਨੈੱਟਵਰਕਾਂ ਲਈ ਦਖਲ ਦੇਣ ਯੋਗ ਹੋਣ " ++"ਜਿਹੜੇ ਮਸ਼ੀਨ ਨਾਲ ਜੁੜ ਸਕਦੇ ਹਨ।" + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1179,9 +1174,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"ਮਖੌਟਾ ਤੁਹਾਨੂੰ ਮੇਜ਼ਬਾਨ ਜਾਂ ਰਾਊਟਰ ਨਿਰਧਾਰਤ ਕਰਨ ਵਿੱਚ ਮਦਦ ਕਰਦਾ ਹੈ ਜੋ ਤੁਹਾਡੇ ਸਥਾਨਕ " +-"ਨੈੱਟਵਰਕ ਨੂੰ ਇੰਟਰਨੈੱਟ ਨਾਲ ਜੋੜਦਾ ਹੈ। ਤੁਹਾਡਾ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਦਿੱਖ ਹੋਵੇਗਾ ਅਤੇ " +-"ਇੰਟਰਨੈੱਟ ਲਈ ਮੇਜ਼ਬਾਨ ਇੱਕ ਵੱਖਰੇ ਪਤੇ ਵਾਂਗ ਦਿਸਦਾ ਹੈ। ਮਖੌਟਾ ਸਿਰਫ IPv4 ਹੈ।" ++"ਮਖੌਟਾ ਤੁਹਾਨੂੰ ਮੇਜ਼ਬਾਨ ਜਾਂ ਰਾਊਟਰ ਨਿਰਧਾਰਤ ਕਰਨ ਵਿੱਚ ਮਦਦ ਕਰਦਾ ਹੈ ਜੋ ਤੁਹਾਡੇ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਨੂੰ " ++"ਇੰਟਰਨੈੱਟ ਨਾਲ ਜੋੜਦਾ ਹੈ। ਤੁਹਾਡਾ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਦਿੱਖ ਹੋਵੇਗਾ ਅਤੇ ਇੰਟਰਨੈੱਟ ਲਈ ਮੇਜ਼ਬਾਨ ਇੱਕ ਵੱਖਰੇ ਪਤੇ ਵਾਂਗ " ++"ਦਿਸਦਾ ਹੈ। ਮਖੌਟਾ ਸਿਰਫ IPv4 ਹੈ।" + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1191,9 +1186,7 @@ msgstr "ਮੁਖੌਟਾ ਜ਼ੋਨ" + msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." +-msgstr "" +-"ਜੇ ਤੁਸੀਂ ਮੁਖੌਟਾ ਯੋਗ ਕੀਤਾ, IP ਫਾਰਵਰਡਿੰਗ ਵੀ ਤੁਹਾਡੇ IPv4 ਨੈੱਟਵਰਕਾਂ ਲਈ ਯੋਗ ਹੋ " +-"ਜਾਏਗੀ।" ++msgstr "ਜੇ ਤੁਸੀਂ ਮੁਖੌਟਾ ਯੋਗ ਕੀਤਾ, IP ਫਾਰਵਰਡਿੰਗ ਵੀ ਤੁਹਾਡੇ IPv4 ਨੈੱਟਵਰਕਾਂ ਲਈ ਯੋਗ ਹੋ ਜਾਏਗੀ।" + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1206,10 +1199,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ਪੋਰਟਾਂ ਨੂੰ ਸਥਾਨਕ ਸਿਸਟਮ ਉੱਪਰ ਇੱਕ ਪੋਰਟ ਤੋਂ ਦੂਜੀ ਪੋਰਟ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਜਾਂ " +-"ਸਥਾਨਕ ਸਿਸਟਮ ਤੋਂ ਹੋਰ ਸਿਸਟਮ ਵੱਲ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਇੰਦਰਾਜ ਸ਼ਾਮਿਲ ਕਰੋ। ਹੋਰ ਸਿਸਟਮ ਤੇ " +-"ਫਾਰਵਰਡ ਕਰਨ ਨਾਲ ਸਿਰਫ ਤਾਂ ਹੀ ਲਾਹੇਵੰਦ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਮਖੌਟਾ ਹੈ। ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ " +-"ਸਿਰਫ IPv4 ਹੈ।" ++"ਪੋਰਟਾਂ ਨੂੰ ਸਥਾਨਕ ਸਿਸਟਮ ਉੱਪਰ ਇੱਕ ਪੋਰਟ ਤੋਂ ਦੂਜੀ ਪੋਰਟ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਜਾਂ ਸਥਾਨਕ ਸਿਸਟਮ ਤੋਂ ਹੋਰ " ++"ਸਿਸਟਮ ਵੱਲ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਇੰਦਰਾਜ ਸ਼ਾਮਿਲ ਕਰੋ। ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਨਾਲ ਸਿਰਫ ਤਾਂ ਹੀ " ++"ਲਾਹੇਵੰਦ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਮਖੌਟਾ ਹੈ। ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ IPv4 ਹੈ।" + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1229,17 +1221,16 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕਾਲ (ICMP) ਮੁੱਖ ਤੌਰ ਤੇ ਨੈੱਟਵਰਕ ਕੰਪਿਊਟਰਾਂ ਵਿੱਚ " +-"ਗਲਤੀ ਸੁਨੇਹੇ ਭੇਜਣ ਲਈ ਵਰਤਿਆ ਜਾਂਦਾ ਹੈ, ਪਰ ਨਾਲ ਹੀ ਵੀ ਭੇਜਦਾ ਹੈ ਜਿਵੇਂ ਪਿੰਗ ਬੇਨਤੀ " +-"ਅਤੇ ਜਵਾਬ।" ++"ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕਾਲ (ICMP) ਮੁੱਖ ਤੌਰ ਤੇ ਨੈੱਟਵਰਕ ਕੰਪਿਊਟਰਾਂ ਵਿੱਚ ਗਲਤੀ ਸੁਨੇਹੇ ਭੇਜਣ ਲਈ ਵਰਤਿਆ " ++"ਜਾਂਦਾ ਹੈ, ਪਰ ਨਾਲ ਹੀ ਵੀ ਭੇਜਦਾ ਹੈ ਜਿਵੇਂ ਪਿੰਗ ਬੇਨਤੀ ਅਤੇ ਜਵਾਬ।" + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"ਸੂਚੀ ਵਿੱਚ ICMP ਕਿਸਮਾਂ ਮਾਰਕ ਕਰੋ, ਜੋ ਰੱਧ ਕੀਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਹੋਰ ਸਭ ICMP " +-"ਕਿਸਮਾਂ ਫਾਇਰਵਾਲ ਵਿੱਚ ਲੰਘ ਸਕਦੀਆਂ ਹਨ। ਮੂਲ ਰੂਪ ਵਿੱਚ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" ++"ਸੂਚੀ ਵਿੱਚ ICMP ਕਿਸਮਾਂ ਮਾਰਕ ਕਰੋ, ਜੋ ਰੱਧ ਕੀਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਹੋਰ ਸਭ ICMP ਕਿਸਮਾਂ ਫਾਇਰਵਾਲ " ++"ਵਿੱਚ ਲੰਘ ਸਕਦੀਆਂ ਹਨ। ਮੂਲ ਰੂਪ ਵਿੱਚ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1280,8 +1271,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"ਜ਼ੋਨ ਨਾਲ ਇੰਟਰਫੇਸ ਬੰਨ੍ਹਣ ਲਈ ਐਂਟਰੀਆਂ ਸਾਮਿਲ ਕਰੋ। ਜੇ ਇੰਟਰਫੇਸ ਸੰਪਰਕ ਦੁਆਰਾ ਵਰਤਿਆ " +-"ਜਾਵੇਗਾ, ਜ਼ੋਨ ਉਸ ਜ਼ੋਨ ਵਜੋਂ ਸੈੱਟ ਹੋਵੇਗਾ ਜੋ ਸੰਪਰਕ ਵਿੱਚ ਦਰਸਾਇਆ ਗਿਆ ਹੈ।" ++"ਜ਼ੋਨ ਨਾਲ ਇੰਟਰਫੇਸ ਬੰਨ੍ਹਣ ਲਈ ਐਂਟਰੀਆਂ ਸਾਮਿਲ ਕਰੋ। ਜੇ ਇੰਟਰਫੇਸ ਸੰਪਰਕ ਦੁਆਰਾ ਵਰਤਿਆ ਜਾਵੇਗਾ, ਜ਼ੋਨ ਉਸ ਜ਼ੋਨ " ++"ਵਜੋਂ ਸੈੱਟ ਹੋਵੇਗਾ ਜੋ ਸੰਪਰਕ ਵਿੱਚ ਦਰਸਾਇਆ ਗਿਆ ਹੈ।" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1322,8 +1313,7 @@ msgstr "ਜ਼ੋਨ" + msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." +-msgstr "" +-"ਇੱਕ ਫਾਇਰਵਾਲ-ਡੀ ਸੇਵਾ ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੌਡਿਊਲਾਂ ਅਤੇ ਟਿਕਾਣਾ ਪਤਿਆਂ ਦਾ ਮਿਸ਼ਰਣ ਹੈ।" ++msgstr "ਇੱਕ ਫਾਇਰਵਾਲ-ਡੀ ਸੇਵਾ ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੌਡਿਊਲਾਂ ਅਤੇ ਟਿਕਾਣਾ ਪਤਿਆਂ ਦਾ ਮਿਸ਼ਰਣ ਹੈ।" + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1379,8 +1369,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"ਜੇ ਤੁਸੀਂ ਟਿਕਾਣਾ ਪਤੇ ਦਰਸਾਉਂਦੇ ਹੋ, ਸੇਵਾ ਇੰਦਰਾਜ ਟਿਕਾਣੇ ਦੇ ਪਤੇ ਅਤੇ ਕਿਸਮ ਤੱਕ " +-"ਸੀਮਿਤ ਰਹੇਗੀ। ਜੇ ਦੋਵੇਂ ਇੰਦਰਾਜ ਖਾਲੀ ਹਨ, ਫਿਰ ਕੋਈ ਬੰਦਿਸ਼ ਨਹੀਂ।" ++"ਜੇ ਤੁਸੀਂ ਟਿਕਾਣਾ ਪਤੇ ਦਰਸਾਉਂਦੇ ਹੋ, ਸੇਵਾ ਇੰਦਰਾਜ ਟਿਕਾਣੇ ਦੇ ਪਤੇ ਅਤੇ ਕਿਸਮ ਤੱਕ ਸੀਮਿਤ ਰਹੇਗੀ। ਜੇ ਦੋਵੇਂ " ++"ਇੰਦਰਾਜ ਖਾਲੀ ਹਨ, ਫਿਰ ਕੋਈ ਬੰਦਿਸ਼ ਨਹੀਂ।" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1395,8 +1385,7 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"ਸੇਵਾਵਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਸੇਵਾਵਾਂ ਦੀ ਚਾਲੂ " +-"ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" ++"ਸੇਵਾਵਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਸੇਵਾਵਾਂ ਦੀ ਚਾਲੂ ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1456,8 +1445,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"ਫਾਇਰਵਾਲ-ਡੀ icmptype ਫਾਇਰਵਾਲ-ਡੀ ਦੀ ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕੌਲ (ICMP) ਕਿਸਮ " +-"ਦੀ ਜਾਣਕਾਰੀ ਮੁਹੱਈਆ ਕਰਵਾਉਂਦਾ ਹੈ।" ++"ਫਾਇਰਵਾਲ-ਡੀ icmptype ਫਾਇਰਵਾਲ-ਡੀ ਦੀ ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕੌਲ (ICMP) ਕਿਸਮ ਦੀ " ++"ਜਾਣਕਾਰੀ ਮੁਹੱਈਆ ਕਰਵਾਉਂਦਾ ਹੈ।" + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1484,8 +1473,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP ਕਿਸਮਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ICMP ਕਿਸਮ ਦੀ " +-"ਚਾਲੂ ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" ++"ICMP ਕਿਸਮਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ICMP ਕਿਸਮ ਦੀ ਚਾਲੂ " ++"ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1506,10 +1495,10 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"ਸਿੱਧੀ ਸੰਰਚਨਾ ਫਾਇਰਵਾਲ ਤੱਕ ਹੋਰ ਜਿਆਦਾ ਸਿੱਧਾ ਦਖਲ ਦਿੰਦੀ ਹੈ। ਇਹ ਚੋਣਾਂ ਲਈ ਲੋੜੀਂਦਾ " +-"ਹੈ ਕਿ ਯੂਜ਼ਰ ਨੂੰ iptables ਦੇ ਮੁੱਢਲੇ ਸਿਧਾਂਤ ਪਤਾ ਹੋਣ, i.e. ਸਾਰਣੀਆਂ, ਲੜੀਆਂ, " +-"ਕਮਾਂਡਾਂ, ਪੈਰਾਮੀਟਰ ਅਤੇ ਟਿਕਾਣੇ। ਸਿੱਧੀ ਸੰਰਚਨਾ ਆਖਿਰੀ ਹੱਲ ਵਜੋਂ ਵਰਤਣੀ ਚਾਹੀਦੀ ਹੈ " +-"ਜਦੋਂ ਹੋਰ ਫਾਇਰਵਾਲ-ਡੀ ਫੀਚਰਾਂ ਨੂੰ ਵਰਤਣਾ ਸੰਭਵ ਨਾ ਹੋਵੇ।" ++"ਸਿੱਧੀ ਸੰਰਚਨਾ ਫਾਇਰਵਾਲ ਤੱਕ ਹੋਰ ਜਿਆਦਾ ਸਿੱਧਾ ਦਖਲ ਦਿੰਦੀ ਹੈ। ਇਹ ਚੋਣਾਂ ਲਈ ਲੋੜੀਂਦਾ ਹੈ ਕਿ ਯੂਜ਼ਰ ਨੂੰ " ++"iptables ਦੇ ਮੁੱਢਲੇ ਸਿਧਾਂਤ ਪਤਾ ਹੋਣ, i.e. ਸਾਰਣੀਆਂ, ਲੜੀਆਂ, ਕਮਾਂਡਾਂ, ਪੈਰਾਮੀਟਰ ਅਤੇ ਟਿਕਾਣੇ। " ++"ਸਿੱਧੀ ਸੰਰਚਨਾ ਆਖਿਰੀ ਹੱਲ ਵਜੋਂ ਵਰਤਣੀ ਚਾਹੀਦੀ ਹੈ ਜਦੋਂ ਹੋਰ ਫਾਇਰਵਾਲ-ਡੀ ਫੀਚਰਾਂ ਨੂੰ ਵਰਤਣਾ ਸੰਭਵ ਨਾ " ++"ਹੋਵੇ।" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1517,9 +1506,8 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"ਹਰੇਕ ਚੋਣ ਦੇ ipv ਆਰਗੂਮੈਂਟ ਦਾ ipv4 ਜਾਂ ipv6 ਜਾਂ eb ਹੋਣਾ ਹੈ। ipv4 ਨਾਲ ਇਹ " +-"iptables ਲਈ ਹੋਵੇਗਾ, ipv6 ਨਾਲ ਇਹ ip6tables ਲਈ ਅਤੇ eb ਨਾਲ ਇਹ ਈਥਰਨੈੱਟ ਬਰਿੱਜਾਂ " +-"(ebtables) ਲਈ।" ++"ਹਰੇਕ ਚੋਣ ਦੇ ipv ਆਰਗੂਮੈਂਟ ਦਾ ipv4 ਜਾਂ ipv6 ਜਾਂ eb ਹੋਣਾ ਹੈ। ipv4 ਨਾਲ ਇਹ iptables ਲਈ " ++"ਹੋਵੇਗਾ, ipv6 ਨਾਲ ਇਹ ip6tables ਲਈ ਅਤੇ eb ਨਾਲ ਇਹ ਈਥਰਨੈੱਟ ਬਰਿੱਜਾਂ (ebtables) ਲਈ।" + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1555,11 +1543,10 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"ਤਰਜੀਹ ਨਿਯਮਾਂ ਨੂੰ ਤਰਤੀਬ ਦੇਣ ਲਈ ਵਰਤੀ ਜਾਂਦੀ ਹੈ। ਤਰਜੀਹ 0 ਦਾ ਮਤਲਬ ਨਿਯਮ ਨੂੰ ਲੜੀ " +-"ਵਿੱਚ ਸਿਖਰ ਤੇ ਜੋੜੋ, ਵੱਡੀ ਤਰਜੀਹ ਨਾਲ ਨਿਯਮ ਹੋਰ ਥੱਲੇ ਜੋੜੇ ਜਾਣਗੇ। ਇੱਕੋ ਤਰਜੀਹ ਵਾਲੇ " +-"ਨਿਯਮ ਇੱਕੋ ਪੱਧਰ ਤੇ ਹਨ ਅਤੇ ਇਹਨਾਂ ਨਿਯਮਾਂ ਦੀ ਤਰਤੀਬ ਪੱਕੀ ਨਹੀਂ ਹੈ ਤੇ ਬਦਲ ਸਕਦੀ ਹੈ। " +-"ਜੇ ਤੁਸੀਂ ਇਹ ਪੱਕਾ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ ਕਿ ਨਿਯਮ ਇੱਕ ਦੂਜੇ ਤੋਂ ਬਾਅਦ ਜੋੜੇ ਜਾਣਗੇ, ਪਹਿਲੇ " +-"ਲਈ ਘੱਟ ਅਤੇ ਬਾਅਦ ਵਾਲੇ ਲਈ ਵੱਡੀ ਤਰਜੀਹ ਵਰਤੋ।" ++"ਤਰਜੀਹ ਨਿਯਮਾਂ ਨੂੰ ਤਰਤੀਬ ਦੇਣ ਲਈ ਵਰਤੀ ਜਾਂਦੀ ਹੈ। ਤਰਜੀਹ 0 ਦਾ ਮਤਲਬ ਨਿਯਮ ਨੂੰ ਲੜੀ ਵਿੱਚ ਸਿਖਰ ਤੇ " ++"ਜੋੜੋ, ਵੱਡੀ ਤਰਜੀਹ ਨਾਲ ਨਿਯਮ ਹੋਰ ਥੱਲੇ ਜੋੜੇ ਜਾਣਗੇ। ਇੱਕੋ ਤਰਜੀਹ ਵਾਲੇ ਨਿਯਮ ਇੱਕੋ ਪੱਧਰ ਤੇ ਹਨ ਅਤੇ ਇਹਨਾਂ " ++"ਨਿਯਮਾਂ ਦੀ ਤਰਤੀਬ ਪੱਕੀ ਨਹੀਂ ਹੈ ਤੇ ਬਦਲ ਸਕਦੀ ਹੈ। ਜੇ ਤੁਸੀਂ ਇਹ ਪੱਕਾ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ ਕਿ ਨਿਯਮ ਇੱਕ " ++"ਦੂਜੇ ਤੋਂ ਬਾਅਦ ਜੋੜੇ ਜਾਣਗੇ, ਪਹਿਲੇ ਲਈ ਘੱਟ ਅਤੇ ਬਾਅਦ ਵਾਲੇ ਲਈ ਵੱਡੀ ਤਰਜੀਹ ਵਰਤੋ।" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1583,13 +1570,12 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"ਪਾਸਥਰੂਅ ਨਿਯਮ ਸਿੱਧੇ ਫਾਇਰਵਾਲ ਤੱਕ ਲੰਘਾ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ ਅਤੇ ਖਾਸ ਲੜੀਆਂ ਵਿੱਚ ਨਹੀਂ " +-"ਰੱਖੇ ਜਾਂਦੇ। ਸਾਰੀਆਂ iptables, ip6tables ਅਤੇ ebtables ਚੋਣਾਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ।" ++"ਪਾਸਥਰੂਅ ਨਿਯਮ ਸਿੱਧੇ ਫਾਇਰਵਾਲ ਤੱਕ ਲੰਘਾ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ ਅਤੇ ਖਾਸ ਲੜੀਆਂ ਵਿੱਚ ਨਹੀਂ ਰੱਖੇ ਜਾਂਦੇ। ਸਾਰੀਆਂ " ++"iptables, ip6tables ਅਤੇ ebtables ਚੋਣਾਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ।" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"ਕਿਰਪਾ ਕਰ ਕੇ ਪਾਸਥਰੂਅ ਨਿਯਮਾਂ ਨਾਲ ਸੁਚੇਤ ਰਹੋ ਕਿਤੇ ਫਾਇਰਵਾਲ ਨੂੰ ਨੁਕਸਾਨ ਨਾ ਪਹੁੰਚੇ।" ++msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਪਾਸਥਰੂਅ ਨਿਯਮਾਂ ਨਾਲ ਸੁਚੇਤ ਰਹੋ ਕਿਤੇ ਫਾਇਰਵਾਲ ਨੂੰ ਨੁਕਸਾਨ ਨਾ ਪਹੁੰਚੇ।" + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1613,9 +1599,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"ਤਾਲਾਬੰਦ ਗੁਣ ਫਾਇਰਵਾਲ-ਡੀ ਲਈ ਯੂਜ਼ਰ ਅਤੇ ਐਪਲੀਕੇਸ਼ਨ ਨੀਤੀਆਂ ਦਾ ਹਲਕਾ ਸੰਸਕਰਣ ਹੈ। ਇਹ " +-"ਫਾਇਰਵਾਲ-ਡੀ ਵਿੱਚ ਬਦਲਾਆਂ ਨੂੰ ਸੀਮਿਤ ਕਰਦਾ ਹੈ। ਤਾਲਾਬੰਦ ਵਾਈ੍ਹਟਲਿਸਟ ਵਿੱਚ ਕਮਾਂਡਾਂ, " +-"ਪ੍ਰਸੰਗ, ਯੂਜ਼ਰ ਅਤੇ ਯੂਜ਼ਰ idਆਂ ਹੋ ਸਕਦੀਆਂ ਹਨ।" ++"ਤਾਲਾਬੰਦ ਗੁਣ ਫਾਇਰਵਾਲ-ਡੀ ਲਈ ਯੂਜ਼ਰ ਅਤੇ ਐਪਲੀਕੇਸ਼ਨ ਨੀਤੀਆਂ ਦਾ ਹਲਕਾ ਸੰਸਕਰਣ ਹੈ। ਇਹ ਫਾਇਰਵਾਲ-ਡੀ " ++"ਵਿੱਚ ਬਦਲਾਆਂ ਨੂੰ ਸੀਮਿਤ ਕਰਦਾ ਹੈ। ਤਾਲਾਬੰਦ ਵਾਈ੍ਹਟਲਿਸਟ ਵਿੱਚ ਕਮਾਂਡਾਂ, ਪ੍ਰਸੰਗ, ਯੂਜ਼ਰ ਅਤੇ ਯੂਜ਼ਰ idਆਂ ਹੋ " ++"ਸਕਦੀਆਂ ਹਨ।" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1646,9 +1632,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"ਜੇ ਵਾਈ੍ਹਟਲਿਸਟ ਤੇ ਕੋਈ ਕਮਾਂਡ ਇੰਦਰਾਜ '*' ਨਾਲ ਖਤਮ ਹੁੰਦਾ ਹੈ, ਤਾਂ ਕਮਾਂਡ ਨਾਲ ਸ਼ੁਰੂ " +-"ਹੁੰਦੀਆਂ ਸਾਰੀਆਂ ਕਮਾਂਡ ਲਾਈਨਾਂ ਵੀ ਮੇਲ ਖਾਣਗੀਆਂ। ਜੇ '*' ਨਹੀਂ ਲੱਗਾ ਤਾਂ ਕਮਾਂਡ " +-"ਆਰਗੂਮੈਂਟਾਂ ਸਮੇਤ ਪੂਰੀ ਤਰ੍ਹਾਂ ਮੇਲ ਖਾਂਦੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" ++"ਜੇ ਵਾਈ੍ਹਟਲਿਸਟ ਤੇ ਕੋਈ ਕਮਾਂਡ ਇੰਦਰਾਜ '*' ਨਾਲ ਖਤਮ ਹੁੰਦਾ ਹੈ, ਤਾਂ ਕਮਾਂਡ ਨਾਲ ਸ਼ੁਰੂ ਹੁੰਦੀਆਂ ਸਾਰੀਆਂ " ++"ਕਮਾਂਡ ਲਾਈਨਾਂ ਵੀ ਮੇਲ ਖਾਣਗੀਆਂ। ਜੇ '*' ਨਹੀਂ ਲੱਗਾ ਤਾਂ ਕਮਾਂਡ ਆਰਗੂਮੈਂਟਾਂ ਸਮੇਤ ਪੂਰੀ ਤਰ੍ਹਾਂ ਮੇਲ ਖਾਂਦੀ " ++"ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1862,8 +1848,7 @@ msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਉੱਚ-ਪੱਧਰੀ ਨਿ + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"ਮੇਜਬਾਨ ਜਾਂ ਨੈੱਟਵਰਕ ਲਈ ਵਾਈ੍ਹਟ ਜਾਂ ਬਲੈਕ-ਲਿਸਟਿੰਗ ਤੱਤ ਨੂੰ ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕਰਦਾ ਹੈ।" ++msgstr "ਮੇਜਬਾਨ ਜਾਂ ਨੈੱਟਵਰਕ ਲਈ ਵਾਈ੍ਹਟ ਜਾਂ ਬਲੈਕ-ਲਿਸਟਿੰਗ ਤੱਤ ਨੂੰ ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕਰਦਾ ਹੈ।" + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1891,11 +1876,10 @@ msgstr "ਪਲਟਾਇਆ" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"ਇਸ ਨੂੰ ਯੋਗ ਕਰਨ ਲਈ ਕਾਰਵਾਈ 'reject' ਅਤੇ ਟੱਬਰ ਜਾਂ ਤਾਂ 'ipv4' ਜਾਂ 'ipv6' (ਦੋਵੇਂ " +-"ਨਹੀਂ) ਹੋਵੇ।" ++"ਇਸ ਨੂੰ ਯੋਗ ਕਰਨ ਲਈ ਕਾਰਵਾਈ 'reject' ਅਤੇ ਟੱਬਰ ਜਾਂ ਤਾਂ 'ipv4' ਜਾਂ 'ipv6' (ਦੋਵੇਂ ਨਹੀਂ) ਹੋਵੇ।" + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/pl.po b/po/pl.po +index 6c4a1d1fe1a2..edbf00f68880 100644 +--- a/po/pl.po ++++ b/po/pl.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Andrzej Olszewski , 2004 + # Piotr Drąg , 2007,2013-2014 +@@ -17,15 +17,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:26+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Polish (http://www.transifex.com/projects/p/firewalld/" + "language/pl/)\n" + "Language: pl\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " + "|| n%100>=20) ? 1 : 2);\n" + "X-Generator: Zanata 4.6.2\n" +@@ -46,7 +46,8 @@ msgstr "Konfiguracja zapory sieciowej" + #: ../config/firewall-config.desktop.in.h:4 + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" +-"zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeństwo;zabezpieczenia;security;iptables;netfilter;" ++"zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeństwo;" ++"zabezpieczenia;security;iptables;netfilter;" + + #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 + #, c-format +@@ -214,8 +215,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Strefa „{zone}” jest aktywna dla połączenia „{connection}” na interfejsie " + "„{interface}”" +@@ -661,7 +661,8 @@ msgstr "IPv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Przekierowywanie do innego systemu jest przydatne tylko, jeśli interfejs " +@@ -992,8 +993,7 @@ msgstr "Skonfiguruj przypisanie automatycznego modułu pomocniczego" + + #: ../src/firewall-config.glade.h:67 + msgid "Configure Automatic Helper Assignment setting." +-msgstr "" +-"Skonfiguruj ustawienia przypisania automatycznego modułu pomocniczego." ++msgstr "Skonfiguruj ustawienia przypisania automatycznego modułu pomocniczego." + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +@@ -1549,7 +1549,6 @@ msgstr "" + msgid "Define ports or port ranges, which are monitored by the helper." + msgstr "" + "Proszę określić porty lub zakresy portów monitorowane przez moduł pomocniczy." +-"" + + #: ../src/firewall-config.glade.h:175 + msgid "" +@@ -1951,11 +1950,11 @@ msgstr "odwrócone" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"Aby to włączyć, działanie musi wynosić „reject”, a rodzina „ipv4” lub „ipv6” " +-"(nie oba)." ++"Aby to włączyć, działanie musi wynosić „reject”, a rodzina „ipv4” lub " ++"„ipv6” (nie oba)." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/pt.po b/po/pt.po +index 1be428f5c160..196f79a143f2 100644 +--- a/po/pt.po ++++ b/po/pt.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Pedro Marques Daniel , 2013 + # Pedro Marques Daniel , 2013 +@@ -11,15 +11,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-10-28 10:12+0000\n" + "Last-Translator: Miguel Sousa \n" + "Language-Team: Portuguese (http://www.transifex.com/projects/p/firewalld/" + "language/pt/)\n" + "Language: pt\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -200,8 +200,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zona '{zone}' ativa para conexão '{connection}' na interface '{interface}'" + +@@ -641,7 +640,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Forwarding para outro sistema só é útil se a interface estiver mascarada.\n" +@@ -1183,8 +1183,7 @@ msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." + msgstr "" +-"Se ativar as omascarar, o reencaminhamento de IP será ativado para o seu " +-"IPv4" ++"Se ativar as omascarar, o reencaminhamento de IP será ativado para o seu IPv4" + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1891,8 +1890,8 @@ msgstr "invertido" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Para ativar esta Ação tem de ser 'reject' e da Familia 'ipv4' ou 'ipv6' (não " + "ambos)" +diff --git a/po/pt_BR.po b/po/pt_BR.po +index dafe57381516..720507208dc8 100644 +--- a/po/pt_BR.po ++++ b/po/pt_BR.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # ataliba , 2013 + # ataliba , 2013 +@@ -34,15 +34,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:27+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" + "firewalld/language/pt_BR/)\n" + "Language: pt_BR\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n > 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -229,8 +229,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zona '{zone}' ativada para conexão '{connection}' na interface '{interface}'" + +@@ -675,7 +674,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "O encaminhamento para outro sistema só é útil se a interface estiver " +@@ -1251,8 +1251,8 @@ msgid "" + msgstr "" + "Adicione entradas para o encaminhamento de portas tanto de uma porta para " + "outra no sistema local, quanto do sistema local para outro sistema. O " +-"encaminhamento para outro sistema só é útil se a interface estiver mascarada." +-" O encaminhamento de portas é somente para IPv4." ++"encaminhamento para outro sistema só é útil se a interface estiver " ++"mascarada. O encaminhamento de portas é somente para IPv4." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1283,7 +1283,6 @@ msgid "" + msgstr "" + "Marque na lista os tipos de ICMP que devem ser rejeitados. Todos os outros " + "tipos serão permitidos passar pelo firewall. O padrão é não haver limitações." +-"" + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1292,7 +1291,6 @@ msgid "" + msgstr "" + "Se o Filtro Inverter está habilitado, entradas marcadas ICPM são aceitas e " + "as outras são rejeitadas. Em uma zona com o alvo DROP, elas serão rejeitadas." +-"" + + #: ../src/firewall-config.glade.h:119 + msgid "Invert Filter" +@@ -1423,8 +1421,7 @@ msgstr "Porta de Origem" + + #: ../src/firewall-config.glade.h:148 + msgid "Netfilter helper modules are needed for some services." +-msgstr "" +-"Módulos assistentes do Netfilter são necessários para alguns serviços." ++msgstr "Módulos assistentes do Netfilter são necessários para alguns serviços." + + #: ../src/firewall-config.glade.h:149 + msgid "Modules" +@@ -1502,8 +1499,8 @@ msgid "" + "The entries should be taken care directly with the ipset command." + msgstr "" + "Este IPSet utiliza a opção de limite de tempo, portanto nenhuma entrada é " +-"visível aqui. As entradas devem ser atendidas diretamente pelo comando ipset." +-" " ++"visível aqui. As entradas devem ser atendidas diretamente pelo comando " ++"ipset. " + + #: ../src/firewall-config.glade.h:162 + msgid "Add" +@@ -1979,8 +1976,8 @@ msgstr "inverso" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Para habilitar isto, o Action precisa estar definido como 'reject' e Family " + "como 'ipv4' ou 'ipv6' (não como ambos)" +diff --git a/po/ru.po b/po/ru.po +index fc55b58d8445..fbcf7f6c6170 100644 +--- a/po/ru.po ++++ b/po/ru.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Alexey Kostyuk , 2009 + # Andrew Martynov , 2004-2006,2008 +@@ -22,17 +22,17 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:27+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Russian (http://www.transifex.com/projects/p/firewalld/" + "language/ru/)\n" + "Language: ru\n" +-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +-"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" ++"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" ++"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + "X-Generator: Zanata 4.6.2\n" + + #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 +@@ -218,8 +218,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Зона '{zone}' активна для соединения '{connection}' на интерфейсе " + "'{interface}'" +@@ -664,7 +663,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Переадресация в другую систему поможет только при маскировании интерфейса.\n" +@@ -1541,8 +1541,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:174 + msgid "Define ports or port ranges, which are monitored by the helper." +-msgstr "" +-"Добавьте порты или диапазоны портов, контролируемые модулем поддержки." ++msgstr "Добавьте порты или диапазоны портов, контролируемые модулем поддержки." + + #: ../src/firewall-config.glade.h:175 + msgid "" +@@ -1939,8 +1938,8 @@ msgstr "инверсия" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Чтобы разрешить, поле «Действие» должно иметь значение «отказать», а " + "«Семейство протоколов» — «ipv4» или «ipv6»." +diff --git a/po/sk.po b/po/sk.po +index 8ba479ddbc41..c91435dc2e74 100644 +--- a/po/sk.po ++++ b/po/sk.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Dušan Kazik , 2012-2013 + # Marcel Telka , 2004 +@@ -14,15 +14,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-08-13 06:16+0000\n" + "Last-Translator: feonsu \n" + "Language-Team: Slovak (http://www.transifex.com/projects/p/firewalld/" + "language/sk/)\n" + "Language: sk\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -207,8 +207,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zóna '{zone}' je aktívna pre pripojenie '{connection}' na rozhraní " + "'{interface}'" +@@ -653,7 +652,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Preposielanie na iný systém je užitočné len ak je na rozhraní maškaráda. \n" +@@ -1660,7 +1660,6 @@ msgid "" + msgstr "" + "Kontext je kontext zabezpečenia (SELinux) bežiacej aplikácie alebo služby. " + "Ak chcete zistiť kontext bežiacej aplikácie použite ps -e --context." +-"" + + #: ../src/firewall-config.glade.h:196 + msgid "Add Context" +@@ -1930,8 +1929,8 @@ msgstr "invertované" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Ak chcete toto povoliť, akcia musí byť 'reject' a rodina buď 'ipv4' alebo " + "'ipv6' (nie obe)." +diff --git a/po/sq.po b/po/sq.po +index f02470c19a04..87502cb920c4 100644 +--- a/po/sq.po ++++ b/po/sq.po +@@ -4,14 +4,14 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2017-04-20 11:49+0000\n" + "Last-Translator: Sidorela Uku \n" + "Language-Team: Albanian\n" + "Language: sq\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "X-Generator: Zanata 4.6.2\n" + "Plural-Forms: nplurals=2; plural=(n != 1)\n" + +@@ -192,8 +192,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -630,7 +629,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1798,8 +1798,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/sr.po b/po/sr.po +index a7ccc20a302a..2e832ccd5b7b 100644 +--- a/po/sr.po ++++ b/po/sr.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Igor Miletic , 2008 + # Miloš Komarčević , 2005 +@@ -12,17 +12,17 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:42+0000\n" + "Last-Translator: Momcilo Medic \n" + "Language-Team: Serbian (http://www.transifex.com/projects/p/firewalld/" + "language/sr/)\n" + "Language: sr\n" +-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +-"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" ++"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" ++"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + "X-Generator: Zanata 4.6.2\n" + + #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 +@@ -205,8 +205,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Зона '{zone}' је активна за везу '{connection}' на интерфејсу '{interface}'" + +@@ -646,7 +645,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Преусмеравање на други систем је корисно само ако је интерфејс маскиран.\n" +@@ -1224,7 +1224,6 @@ msgstr "" + "Протокол за контролисање интернет порука (ICMP — Internet Control Message " + "Protocol) се углавном користи за слање порука о грешкама између умрежених " + "рачунара, али и додатно за информативне поруке попут пинг захтева и одговора." +-"" + + #: ../src/firewall-config.glade.h:117 + msgid "" +@@ -1885,11 +1884,11 @@ msgstr "обрнуто" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"Да омогућите ово Акција мора бити 'одбиј' и Породица или 'ipv4' или 'ipv6' " +-"(не оба)." ++"Да омогућите ово Акција мора бити 'одбиј' и Породица или 'ipv4' или " ++"'ipv6' (не оба)." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/sr@latin.po b/po/sr@latin.po +index 5cdc16cfd19b..c371df155106 100644 +--- a/po/sr@latin.po ++++ b/po/sr@latin.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Igor Miletic , 2008 + # Miloš Komarčević , 2005 +@@ -10,17 +10,17 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 10:03+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Serbian (Latin) (http://www.transifex.com/projects/p/" + "firewalld/language/sr@latin/)\n" + "Language: sr@latin\n" +-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +-"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" ++"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" ++"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + "X-Generator: Zanata 4.6.2\n" + + #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 +@@ -200,8 +200,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + + #: ../src/firewall-applet.in:892 +@@ -638,7 +637,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -1194,7 +1194,6 @@ msgstr "" + "Protokol za kontrolisanje internet poruka (ICMP — Internet Control Message " + "Protocol) se uglavnom koristi za slanje poruka o greškama između umreženih " + "računara, ali i dodatno za informativne poruke poput ping zahteva i odgovora." +-"" + + #: ../src/firewall-config.glade.h:117 + msgid "" +@@ -1822,8 +1821,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/sv.po b/po/sv.po +index 39d8df8ecf69..f88daed7f9fb 100644 +--- a/po/sv.po ++++ b/po/sv.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # denka , 2014 + # denka , 2014 +@@ -15,15 +15,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:28+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Swedish (http://www.transifex.com/projects/p/firewalld/" + "language/sv/)\n" + "Language: sv\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -210,8 +210,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Zonen ”{zone}” aktiv för anslutningen ”{connection}” på gränssnittet " + "”{interface}”" +@@ -656,7 +655,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Vidarebefordran till ett annat system är endast användbart om gränssnittet " +@@ -1487,7 +1487,6 @@ msgid "" + "IPSets can only be created or deleted in the permanent configuration view." + msgstr "" + "IPMängder kan endast skapas eller tas bort i vyn med permanent konfiguration." +-"" + + #: ../src/firewall-config.glade.h:166 + msgid "" +@@ -1940,8 +1939,8 @@ msgstr "inverterad" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "För att aktivera detta måste Åtgärd vara ”avvisa” och Familj antingen ”ipv4” " + "eller ”ipv6” (inte båda)." +diff --git a/po/ta.po b/po/ta.po +index 3f8debb7f1f1..f6cc00799192 100644 +--- a/po/ta.po ++++ b/po/ta.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Felix , 2006-2007 + # I felix , 2007 +@@ -16,15 +16,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2015-02-26 10:04+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Tamil (http://www.transifex.com/projects/p/firewalld/language/" + "ta/)\n" + "Language: ta\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -78,17 +78,16 @@ msgstr "ஷீல்டுகள் மேலே/கீழே மண்டலங + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." + msgstr "" +-"இங்கு நீங்கள் ஷீல்டுகள் மேலே மற்றும் ஷீல்டுகள் கீழே என்பவற்றுக்குப் " +-"பயன்படும் மண்டலங்களைத் தேர்ந்தெடுக்கலாம்." ++"இங்கு நீங்கள் ஷீல்டுகள் மேலே மற்றும் ஷீல்டுகள் கீழே என்பவற்றுக்குப் பயன்படும் மண்டலங்களைத் " ++"தேர்ந்தெடுக்கலாம்." + + #: ../src/firewall-applet.in:226 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"இந்த அம்சம் பெரும்பாலும் முன்னிருப்பு மண்டலங்களைப் பயன்படுத்தும் " +-"நபர்களுக்குப் பயனுள்ளது. இணைப்புகளின் மண்டலங்களை மாற்றும் பயனர்களுக்கு இது " +-"வரம்புக்குட்பட்ட பயனுள்ளதாக இருக்கும்." ++"இந்த அம்சம் பெரும்பாலும் முன்னிருப்பு மண்டலங்களைப் பயன்படுத்தும் நபர்களுக்குப் பயனுள்ளது. " ++"இணைப்புகளின் மண்டலங்களை மாற்றும் பயனர்களுக்கு இது வரம்புக்குட்பட்ட பயனுள்ளதாக இருக்கும்." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -210,11 +209,9 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" +-"இடைமுகம் '{interface}' இல் உள்ள இணைப்பு '{connection}' க்கு மண்டலம் '{zone}' " +-"செயலில் " ++"இடைமுகம் '{interface}' இல் உள்ள இணைப்பு '{connection}' க்கு மண்டலம் '{zone}' செயலில் " + + #: ../src/firewall-applet.in:892 + msgid "Zone '{zone}' active for interface '{interface}'" +@@ -652,11 +649,12 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" +-"இடைமுகம் போலித்தோற்றமாக்கப்பட்டிருந்தால் மட்டுமே மற்றொரு கணினிக்கு " +-"முன்னனுப்புதல் என்பது பயனுள்ளதாக இருக்கும்.\n" ++"இடைமுகம் போலித்தோற்றமாக்கப்பட்டிருந்தால் மட்டுமே மற்றொரு கணினிக்கு முன்னனுப்புதல் என்பது " ++"பயனுள்ளதாக இருக்கும்.\n" + "இந்த மண்டலத்தை போலித்தோற்றமாக்க வேண்டுமா ?" + + #: ../src/firewall-config.in:5376 +@@ -761,8 +759,7 @@ msgstr "சூழலை உள்ளிடவும்." + + #: ../src/firewall-config.glade.h:9 + msgid "Please select default zone from the list below." +-msgstr "" +-"கீழே உள்ள பட்டியலில் இருந்து முன்னிருப்பு மண்டலத்தைத் தேர்ந்தெடுக்கவும்." ++msgstr "கீழே உள்ள பட்டியலில் இருந்து முன்னிருப்பு மண்டலத்தைத் தேர்ந்தெடுக்கவும்." + + #: ../src/firewall-config.glade.h:10 + msgid "Direct Chain" +@@ -842,8 +839,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"நீங்கள் உள்ளமை முன்னனுப்புதலை செயல்படுத்தினால், நீங்கள் ஒரு துறையை குறிப்பிட " +-"வேண்டும். இந்த துறை மூல துறைக்கு வேறாக இருக்கும்." ++"நீங்கள் உள்ளமை முன்னனுப்புதலை செயல்படுத்தினால், நீங்கள் ஒரு துறையை குறிப்பிட வேண்டும். இந்த " ++"துறை மூல துறைக்கு வேறாக இருக்கும்." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -951,10 +948,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ஃபயர்வால் விதிகளை மீளேற்றும். நடப்பு நிரந்தர அமைவாக்கம் புதிய நிகழ் நேர " +-"அமைவாக்கமாக மாறும். அதாவது, மீளேற்றம் வரை செய்த நிகழ் நேரத்திற்கு மட்டுமான " +-"மாற்றங்கள் அனைத்தும், அவை நிரந்தர அமைவாக்கத்திலும் இல்லாமல் இருந்தால், " +-"மீளேற்றும் போது இழக்கப்படும்." ++"ஃபயர்வால் விதிகளை மீளேற்றும். நடப்பு நிரந்தர அமைவாக்கம் புதிய நிகழ் நேர அமைவாக்கமாக " ++"மாறும். அதாவது, மீளேற்றம் வரை செய்த நிகழ் நேரத்திற்கு மட்டுமான மாற்றங்கள் அனைத்தும், அவை " ++"நிரந்தர அமைவாக்கத்திலும் இல்லாமல் இருந்தால், மீளேற்றும் போது இழக்கப்படும்." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -987,8 +983,8 @@ msgstr "" + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." + msgstr "" +-"பேனிக் பயன்முறை என்பது, உள்வரும் மற்றும் வெளிச்செல்லும் சிப்பங்கள் அனைத்தும் " +-"கைவிடப்பட்டன என்பதைக் குறிக்கிறது." ++"பேனிக் பயன்முறை என்பது, உள்வரும் மற்றும் வெளிச்செல்லும் சிப்பங்கள் அனைத்தும் கைவிடப்பட்டன " ++"என்பதைக் குறிக்கிறது." + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -999,8 +995,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"லாக்டவுன் என்பது ஃபயர்வால் அமைவாக்கத்தைப் பூட்டும், இதனால் லாக்டவுன் " +-"வெண்பட்டியலில் உள்ள பயன்பாடுகள் மட்டுமே இதை மாற்ற முடியும்." ++"லாக்டவுன் என்பது ஃபயர்வால் அமைவாக்கத்தைப் பூட்டும், இதனால் லாக்டவுன் வெண்பட்டியலில் உள்ள " ++"பயன்பாடுகள் மட்டுமே இதை மாற்ற முடியும்." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1075,8 +1071,8 @@ msgid "" + "system reload or restart." + msgstr "" + "தற்போது புலனாகும் அமைவாக்கம். நிகழ்நேர அமைவாக்கமானது உண்மையில் செயலில் உள்ள " +-"அமைவாக்கமாகும். சேவை அல்லது கணினி மீளேற்றியதும் அல்லது மறுதொடக்கப்பட்டதும் " +-"நிரந்த அமைவாக்கம் செயலாகும்." ++"அமைவாக்கமாகும். சேவை அல்லது கணினி மீளேற்றியதும் அல்லது மறுதொடக்கப்பட்டதும் நிரந்த " ++"அமைவாக்கம் செயலாகும்." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1086,11 +1082,11 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"ஒரு firewalld மண்டலமானது அந்த மண்டலத்துக்குரிய பிணைய இணைப்புகள், இடைமுகங்கள் " +-"மற்றும் மூல முகவரிகளின் நம்பகத்தன்மையின் நிலையை வரையறுக்கிறது. மண்டலமானது " +-"சேவைகள், முனையங்கள், நெறிமுறைகள், masquerading, முனையம்/பேக்கெட் பகிர்தல், " +-"icmp வடிகட்டிகள் மற்றும் உயர் விதிகள் ஆகியவற்றை உள்ளடக்கியது. மண்டலமானது " +-"இடைமுகங்கள் மற்றும் மூல முகவரிகளுக்கு கட்டுப்பட்டவையாக இருக்கலாம்." ++"ஒரு firewalld மண்டலமானது அந்த மண்டலத்துக்குரிய பிணைய இணைப்புகள், இடைமுகங்கள் மற்றும் " ++"மூல முகவரிகளின் நம்பகத்தன்மையின் நிலையை வரையறுக்கிறது. மண்டலமானது சேவைகள், முனையங்கள், " ++"நெறிமுறைகள், masquerading, முனையம்/பேக்கெட் பகிர்தல், icmp வடிகட்டிகள் மற்றும் உயர் " ++"விதிகள் ஆகியவற்றை உள்ளடக்கியது. மண்டலமானது இடைமுகங்கள் மற்றும் மூல முகவரிகளுக்கு " ++"கட்டுப்பட்டவையாக இருக்கலாம்." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1114,10 +1110,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"இங்கு மண்டலத்தில் எந்த சேவைகளை நம்பலாம் என நீங்கள் குறிப்பிடலாம். நம்பப்பட்ட " +-"சேவைகள் இந்த மண்டலத்துக்குரிய இணைப்புகள், இடைமுகங்கள் மற்றும் " +-"மூலங்களிலிருந்து கணினியை அணுகக்கூடிய அனைத்து புரவலன்கள் மற்றும் " +-"பிணையங்களிலிருந்து அணுகப்பட முடியும்." ++"இங்கு மண்டலத்தில் எந்த சேவைகளை நம்பலாம் என நீங்கள் குறிப்பிடலாம். நம்பப்பட்ட சேவைகள் இந்த " ++"மண்டலத்துக்குரிய இணைப்புகள், இடைமுகங்கள் மற்றும் மூலங்களிலிருந்து கணினியை அணுகக்கூடிய " ++"அனைத்து புரவலன்கள் மற்றும் பிணையங்களிலிருந்து அணுகப்பட முடியும்." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1128,9 +1123,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"கணினியுடன் இணைக்க முடிகின்ற அனைத்து வழங்கிகள் அல்லது பிணையங்களுக்கும் " +-"அணுகக்கூடியதாக இருக்க வேண்டிய கூடுதல் முனையங்கள் அல்லது முனைய வரம்புகளைச் " +-"சேர்க்கவும்." ++"கணினியுடன் இணைக்க முடிகின்ற அனைத்து வழங்கிகள் அல்லது பிணையங்களுக்கும் அணுகக்கூடியதாக " ++"இருக்க வேண்டிய கூடுதல் முனையங்கள் அல்லது முனைய வரம்புகளைச் சேர்க்கவும்." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1184,10 +1178,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"Masquerading உங்களை ஒரு புரவலன் அல்லது ரௌட்டரை அமைக்கிறது, இது இணையத்தில் " +-"உங்கள் உள்ளமை பிணையத்தில் இணைக்கிறது. உங்கள் உள்ளமை பிணையம் தெரியாது மற்றும் " +-"புரவலன்கள் ஒரு ஒற்றை முகவரியில் இணையத்தில் தோன்றும் Masquerading IPv4 " +-"மட்டுமே." ++"Masquerading உங்களை ஒரு புரவலன் அல்லது ரௌட்டரை அமைக்கிறது, இது இணையத்தில் உங்கள் " ++"உள்ளமை பிணையத்தில் இணைக்கிறது. உங்கள் உள்ளமை பிணையம் தெரியாது மற்றும் புரவலன்கள் ஒரு " ++"ஒற்றை முகவரியில் இணையத்தில் தோன்றும் Masquerading IPv4 மட்டுமே." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1198,8 +1191,8 @@ msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." + msgstr "" +-"நீங்கள் masquerading ஐ செயல்படுத்தினால், உங்கள் IPv4 பிணையங்களுக்கு IP " +-"முன்னனுப்புதலும் செயல்படுத்தப்படும்." ++"நீங்கள் masquerading ஐ செயல்படுத்தினால், உங்கள் IPv4 பிணையங்களுக்கு IP முன்னனுப்புதலும் " ++"செயல்படுத்தப்படும்." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1213,8 +1206,8 @@ msgid "" + "IPv4 only." + msgstr "" + "உள்ளீடுகளை சேர்க்க ஒரு துறையிலிருந்து மற்றொன்றிற்கு உள்ளமை கணினி அல்லது வேறு " +-"கணினியிலிருந்த சேர்க்கவும். வேறு கணினியை முன்னனுப்புவது முகப்பு சரியாக " +-"இருந்தால் மட்டுமே பயனாக இருக்கும். துறை முன்னனுப்புதல் IPv4 இல் மட்டும்." ++"கணினியிலிருந்த சேர்க்கவும். வேறு கணினியை முன்னனுப்புவது முகப்பு சரியாக இருந்தால் " ++"மட்டுமே பயனாக இருக்கும். துறை முன்னனுப்புதல் IPv4 இல் மட்டும்." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1235,17 +1228,16 @@ msgid "" + "messages like ping requests and replies." + msgstr "" + "Internet Control Message Protocol (ICMP) என்பது முக்கியமாக பயன்படுத்தப்படும் " +-"பிணையப்பட்ட கணினிகளுக்கிடையே அனுப்பப்படும் பிழை செய்திகள் ஆனால் கூடுதலாக " +-"தகவல் செய்திகளே வருகிறது." ++"பிணையப்பட்ட கணினிகளுக்கிடையே அனுப்பப்படும் பிழை செய்திகள் ஆனால் கூடுதலாக தகவல் " ++"செய்திகளே வருகிறது." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"பட்டியலில் ICMP வகைகளை குறிக்கவும், அது நிராகரிக்கப்பட வேண்டும். மற்ற " +-"அனைத்து ICMP வகைகளும் ஃபயர்வாலின் வழியாக செல்லும். முன்னிருப்புக்கு வரம்பு " +-"இல்லை." ++"பட்டியலில் ICMP வகைகளை குறிக்கவும், அது நிராகரிக்கப்பட வேண்டும். மற்ற அனைத்து ICMP " ++"வகைகளும் ஃபயர்வாலின் வழியாக செல்லும். முன்னிருப்புக்கு வரம்பு இல்லை." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1286,9 +1278,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"மண்டலத்திற்கு இடைமுகங்களைப் பிணைக்க உள்ளீடுகளைச் சேர்க்கவும். இடைமுகம் ஒரு " +-"இணைப்பால் பயன்படுத்தப்படும் எனில், மண்டலமானது இணைப்பில் குறிப்பிடப்பட்ட " +-"மண்டலமாக அமைக்கப்படும்." ++"மண்டலத்திற்கு இடைமுகங்களைப் பிணைக்க உள்ளீடுகளைச் சேர்க்கவும். இடைமுகம் ஒரு இணைப்பால் " ++"பயன்படுத்தப்படும் எனில், மண்டலமானது இணைப்பில் குறிப்பிடப்பட்ட மண்டலமாக அமைக்கப்படும்." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1330,8 +1321,8 @@ msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." + msgstr "" +-"ஒரு firewalld சேவையானது முனையங்கள், நெறிமுறைகள், தொகுதிக்கூறுகள் மற்றும் " +-"இலக்கு முகவரிகள் ஆகியவற்றின் சேர்க்கையாகும்." ++"ஒரு firewalld சேவையானது முனையங்கள், நெறிமுறைகள், தொகுதிக்கூறுகள் மற்றும் இலக்கு " ++"முகவரிகள் ஆகியவற்றின் சேர்க்கையாகும்." + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1387,9 +1378,9 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"நீங்கள் இலக்கு முகவரிகளைக் குறிப்பிட்டால், சேவையின் நுழைவானது அந்த இலக்கு " +-"முகவரி மற்றும் வகைக்கு மட்டும் என வரம்புடையதாக இருக்கும். இரண்டு " +-"உள்ளீடுகளும் காலியாக இருந்தால் வரம்பு ஏதும் இல்லை." ++"நீங்கள் இலக்கு முகவரிகளைக் குறிப்பிட்டால், சேவையின் நுழைவானது அந்த இலக்கு முகவரி மற்றும் " ++"வகைக்கு மட்டும் என வரம்புடையதாக இருக்கும். இரண்டு உள்ளீடுகளும் காலியாக இருந்தால் வரம்பு " ++"ஏதும் இல்லை." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1404,8 +1395,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"சேவைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்ற முடியும். சேவைகளின் " +-"நிகழ்நேர அமைவாக்கம் நிலையானது. " ++"சேவைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்ற முடியும். சேவைகளின் நிகழ்நேர " ++"அமைவாக்கம் நிலையானது. " + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1465,8 +1456,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld icmptype ஆனது firewalld இன் இணைய கட்டுப்பாட்டு செய்தி " +-"நெறிமுறைக்கான (ICMP) தகவலை வழங்குகிறது." ++"firewalld icmptype ஆனது firewalld இன் இணைய கட்டுப்பாட்டு செய்தி நெறிமுறைக்கான " ++"(ICMP) தகவலை வழங்குகிறது." + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1486,17 +1477,15 @@ msgstr "ICMP வகை முன்னிருப்பு மதிப்ப + + #: ../src/firewall-config.glade.h:171 + msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." +-msgstr "" +-"இந்த ICMP வகை IPv4 மற்றும்/அல்லது IPv6 க்குக் கிடைக்குமா என்பதைக் " +-"குறிப்பிடவும்." ++msgstr "இந்த ICMP வகை IPv4 மற்றும்/அல்லது IPv6 க்குக் கிடைக்குமா என்பதைக் குறிப்பிடவும்." + + #: ../src/firewall-config.glade.h:172 + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP வகைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்றச் முடியும். ICMP " +-"வகைகளின் நிகழ்நேர அமைவாக்கம் நிலையானது." ++"ICMP வகைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்றச் முடியும். ICMP வகைகளின் " ++"நிகழ்நேர அமைவாக்கம் நிலையானது." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1518,11 +1507,10 @@ msgid "" + "as a last resort when it is not possible to use other firewalld features." + msgstr "" + "நேரடி அமைவாக்கமானது ஃபயர்வாலுக்கான கூடுதல் நேரடி அணுகலைக் கொடுக்கிறது. இந்த " +-"விருப்பங்களைப் பயன்படுத்த, பயனருக்கு அடிப்படை iptables கருத்துகள் " +-"தெரிந்திருக்க வேண்டும் அதாவது, அட்டவணைகள், சங்கிலிகள், கட்டளைகள், " +-"அளவுருக்கள் மற்றும் இலக்குகள் போன்றவை தெரிந்திருக்க வேண்டும். மற்ற ஃபயர்வால் " +-"அம்சங்களை பயன்படுத்த முடியாது போகும் போது கடைசி விருப்பமாகவே நேரடி " +-"அமைவாக்கமானது பயன்படுத்தப்பட வேண்டும்." ++"விருப்பங்களைப் பயன்படுத்த, பயனருக்கு அடிப்படை iptables கருத்துகள் தெரிந்திருக்க வேண்டும் " ++"அதாவது, அட்டவணைகள், சங்கிலிகள், கட்டளைகள், அளவுருக்கள் மற்றும் இலக்குகள் போன்றவை " ++"தெரிந்திருக்க வேண்டும். மற்ற ஃபயர்வால் அம்சங்களை பயன்படுத்த முடியாது போகும் போது கடைசி " ++"விருப்பமாகவே நேரடி அமைவாக்கமானது பயன்படுத்தப்பட வேண்டும்." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1530,9 +1518,9 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"ஒவ்வொரு விருப்பத்தின் ipv மதிப்புருவும் ipv4 அல்லது ipv6 அல்லது eb ஆக இருக்க " +-"வேண்டும். ipv4 உடன் அது iptables க்காக இருக்கும், ipv6 உடன் ip6tables க்காக " +-"இருக்கும், eb உடன் ஈத்தர்நெட் பாலங்களுக்காக (ebtables) இருக்கும்." ++"ஒவ்வொரு விருப்பத்தின் ipv மதிப்புருவும் ipv4 அல்லது ipv6 அல்லது eb ஆக இருக்க வேண்டும். " ++"ipv4 உடன் அது iptables க்காக இருக்கும், ipv6 உடன் ip6tables க்காக இருக்கும், eb உடன் " ++"ஈத்தர்நெட் பாலங்களுக்காக (ebtables) இருக்கும்." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1558,8 +1546,8 @@ msgstr "சங்கிலிகள்" + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." + msgstr "" +-"ஒரு அட்டவணையில் உள்ள ஒரு சங்கிலிக்கு மதிப்புருக்களுடன் முன்னுரிமையையுடன் ஒரு " +-"விதியைச் சேர்க்கவும்." ++"ஒரு அட்டவணையில் உள்ள ஒரு சங்கிலிக்கு மதிப்புருக்களுடன் முன்னுரிமையையுடன் ஒரு விதியைச் " ++"சேர்க்கவும்." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1570,13 +1558,12 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"முன்னுரிமையானது விதிகளை வரிசைப்படுத்தப் பயன்படுகிறது. முன்னுரிமை 0 என்றால், " +-"விதியை சங்கிலியின் மேல்மட்டத்தில் சேர்க்கவும் என்று பொருள், முன்னுரிமை " +-"அதிகம் எனில் விதியானது சங்கிலியின் கீழ் பகுதிக்குச் செல்லும். ஒரே முன்னுரிமை " +-"கொண்ட விதிகள், ஒரே நிலையில் இருக்கும், இந்த விதிகளின் வரிசை நிலையானதாக " +-"இருக்காது, மாறக்கூடும். ஒரு விதியானது மற்றொன்றுகுப் பிறகு சேர்க்கப்படுவதை " +-"நீங்கள் உறுதிப்படுத்த விரும்பினால், முதல் விதிக்கு குறைந்த முன்னுரிமையையும் " +-"அடுத்ததற்கு அதிக முன்னுரிமையையும் பயன்படுத்தவும்." ++"முன்னுரிமையானது விதிகளை வரிசைப்படுத்தப் பயன்படுகிறது. முன்னுரிமை 0 என்றால், விதியை " ++"சங்கிலியின் மேல்மட்டத்தில் சேர்க்கவும் என்று பொருள், முன்னுரிமை அதிகம் எனில் விதியானது " ++"சங்கிலியின் கீழ் பகுதிக்குச் செல்லும். ஒரே முன்னுரிமை கொண்ட விதிகள், ஒரே நிலையில் " ++"இருக்கும், இந்த விதிகளின் வரிசை நிலையானதாக இருக்காது, மாறக்கூடும். ஒரு விதியானது " ++"மற்றொன்றுகுப் பிறகு சேர்க்கப்படுவதை நீங்கள் உறுதிப்படுத்த விரும்பினால், முதல் விதிக்கு " ++"குறைந்த முன்னுரிமையையும் அடுத்ததற்கு அதிக முன்னுரிமையையும் பயன்படுத்தவும்." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1600,9 +1587,9 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"பாஸ்த்ரூ விதிகள், நேரடியாக ஃபயர்வாலுக்கு அனுப்பப்படுகின்றன, இவை சிறப்பு " +-"சங்கிலிகளில் வைக்கப்படுவதில்லை. iptables, ip6tables மற்றும் ebtables " +-"விருப்பங்கள் அனைத்தும் பயன்படுத்தப்படலாம்." ++"பாஸ்த்ரூ விதிகள், நேரடியாக ஃபயர்வாலுக்கு அனுப்பப்படுகின்றன, இவை சிறப்பு சங்கிலிகளில் " ++"வைக்கப்படுவதில்லை. iptables, ip6tables மற்றும் ebtables விருப்பங்கள் அனைத்தும் " ++"பயன்படுத்தப்படலாம்." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1630,10 +1617,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"லாக்டவுன் வசதியானது firewalld க்கான பயனர் மற்றும் பயன்பாட்டுக் கொள்கைகளின் " +-"லேசான பதிப்பாகும். இது ஃபயர்வாலுக்கான மாற்றங்களை வரம்புக்குட்படுத்துகிறது. " +-"லாக்டவுன் வெண்பட்டியலில் கட்டளைகள், சூழல்கள், பயனர்கள் மற்றும் பயனர் idகள் " +-"ஆகியவை இருக்கலாம்." ++"லாக்டவுன் வசதியானது firewalld க்கான பயனர் மற்றும் பயன்பாட்டுக் கொள்கைகளின் லேசான " ++"பதிப்பாகும். இது ஃபயர்வாலுக்கான மாற்றங்களை வரம்புக்குட்படுத்துகிறது. லாக்டவுன் " ++"வெண்பட்டியலில் கட்டளைகள், சூழல்கள், பயனர்கள் மற்றும் பயனர் idகள் ஆகியவை இருக்கலாம்." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1664,9 +1650,9 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"வெண்பட்டியலில் உள்ள ஒரு கட்டளை உள்ளீடு நட்சத்திரக்குறியுடன் '*' முடிந்தால், " +-"கட்டளையுடன் தொடங்கும் அனைத்து கட்டளை வரிகளும் பொருந்தும். '*' இல்லாவிட்டால், " +-"மதிப்புருக்கள் உட்பட கட்டளை மட்டும் துல்லியமாகப் பொருந்த வேண்டும்." ++"வெண்பட்டியலில் உள்ள ஒரு கட்டளை உள்ளீடு நட்சத்திரக்குறியுடன் '*' முடிந்தால், கட்டளையுடன் " ++"தொடங்கும் அனைத்து கட்டளை வரிகளும் பொருந்தும். '*' இல்லாவிட்டால், மதிப்புருக்கள் உட்பட " ++"கட்டளை மட்டும் துல்லியமாகப் பொருந்த வேண்டும்." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1857,8 +1843,7 @@ msgstr "நேரடி விதி" + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." + msgstr "" +-"ipv மற்றும் அட்டவணை, சங்கிலி முன்னுரிமையைத் தேர்ந்தெடுத்து மதிப்புருக்களை " +-"உள்ளிடவும்." ++"ipv மற்றும் அட்டவணை, சங்கிலி முன்னுரிமையைத் தேர்ந்தெடுத்து மதிப்புருக்களை உள்ளிடவும்." + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1882,9 +1867,7 @@ msgstr "ஒரு உயர் விதியை உள்ளிடவும் + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"புரவலன் அல்லது பிணைய வெண் அல்லது கருப்புப் பட்டியலிடுதலுக்கு கூறை முடக்கவும்." +-"" ++msgstr "புரவலன் அல்லது பிணைய வெண் அல்லது கருப்புப் பட்டியலிடுதலுக்கு கூறை முடக்கவும்." + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1912,8 +1895,8 @@ msgstr "தலைகீழ்" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "இதைச் செயல்படுத்த செயல் 'நிராகரி' என்றும் குடும்பம் 'ipv4' அல்லது 'ipv6' " + "என்று(இரண்டுமல்ல) இருக்க வேண்டும்." +diff --git a/po/te.po b/po/te.po +index b60e3592c10e..75653919c1b0 100644 +--- a/po/te.po ++++ b/po/te.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Krishnababu Krothapalli , 2007-2010 + # Krishnababu Krothapalli , 2013 +@@ -15,15 +15,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:44+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Telugu (http://www.transifex.com/projects/p/firewalld/" + "language/te/)\n" + "Language: te\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n != 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -76,17 +76,15 @@ msgstr "అప్ / జోన్స్ డౌన్ షీల్డ్స్ క + + #: ../src/firewall-applet.in:220 + msgid "Here you can select the zones used for Shields Up and Shields Down." +-msgstr "" +-"ఇక్కడ మీరు టాప్ షీల్డ్స్ మరియు డౌన్ షీల్డ్స్ ఉపయోగించే మండలాలు ఎంచుకోవచ్చు." ++msgstr "ఇక్కడ మీరు టాప్ షీల్డ్స్ మరియు డౌన్ షీల్డ్స్ ఉపయోగించే మండలాలు ఎంచుకోవచ్చు." + + #: ../src/firewall-applet.in:226 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." + msgstr "" +-"ఈ ఫీచర్ ఎక్కువగా డిఫాల్ట్ మండలాల్లో ఉపయోగించడం ప్రజలు కోసం ఉపయోగపడుతుంది. " +-"వినియోగదారులు కోసం, కనెక్షన్ల మండలాలు మారుతున్న, అది పరిమిత వినియోగం కావచ్చు." +-"" ++"ఈ ఫీచర్ ఎక్కువగా డిఫాల్ట్ మండలాల్లో ఉపయోగించడం ప్రజలు కోసం ఉపయోగపడుతుంది. వినియోగదారులు కోసం, " ++"కనెక్షన్ల మండలాలు మారుతున్న, అది పరిమిత వినియోగం కావచ్చు." + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -208,8 +206,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "ఇంటర్ఫేస్ '{interface}' పైన అనుసంధానం '{connection}' కొరకు జోన్ '{zone}' " + "క్రియాశీలపరచబడెను" +@@ -266,8 +263,8 @@ msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"జోన్ '{zone}' {activated_deactivated} అనుసంధానం '{connection}' కొరకు " +-"ఇంటర్ఫేస్ '{interface}' పైన" ++"జోన్ '{zone}' {activated_deactivated} అనుసంధానం '{connection}' కొరకు ఇంటర్ఫేస్ " ++"'{interface}' పైన" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -650,7 +647,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "ఇంటర్ఫేస్ మారువేషంలో వుంటేనే వేరొక వ్యవస్థకు పంపుట వుపయోగకరంగా వుంటుంది.\n" +@@ -815,8 +813,7 @@ msgstr "పోర్టు ఫార్వార్డింగ్" + #: ../src/firewall-config.glade.h:23 + msgid "" + "Please select the source and destination options according to your needs." +-msgstr "" +-"మీ అవసరములకు తగినట్లు ములం మరియు గమ్యం ఐచ్చికాలను దయచేసి ఎంపికచేసికొనుము." ++msgstr "మీ అవసరములకు తగినట్లు ములం మరియు గమ్యం ఐచ్చికాలను దయచేసి ఎంపికచేసికొనుము." + + #: ../src/firewall-config.glade.h:24 + msgid "Port / Port Range:" +@@ -839,8 +836,8 @@ msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." + msgstr "" +-"మీరు స్థానిక ఫార్వార్డింగ్‌ను చేతనం చేస్తే, మీరు పోర్ట్‍‌ను తెలుపవలసి " +-"వుంటుంది. మూలం పోర్ట్‍‌కు ఈ పోర్ట్‍ భిన్నంగా వుండాలి." ++"మీరు స్థానిక ఫార్వార్డింగ్‌ను చేతనం చేస్తే, మీరు పోర్ట్‍‌ను తెలుపవలసి వుంటుంది. మూలం పోర్ట్‍‌కు ఈ పోర్ట్‍ " ++"భిన్నంగా వుండాలి." + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -948,9 +945,8 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"ఫైర్‌వాల్ నియమాలు తిరిగిలోడుచేయి. ప్రస్తుత శాశ్వత ఆకృతీకరణ కొత్త రన్‌టైమ్ " +-"ఆకృతీకరణగా ఆగును. అనగా తిరిగిలోడు చేసే వరకు చేసిన అన్ని రన్‌టైమ్ మార్పులూ " +-"శాశ్వత ఆకృతీకరణనందు లేకపోతే తిరిగిలోడు చేయగానే పోతాయి." ++"ఫైర్‌వాల్ నియమాలు తిరిగిలోడుచేయి. ప్రస్తుత శాశ్వత ఆకృతీకరణ కొత్త రన్‌టైమ్ ఆకృతీకరణగా ఆగును. అనగా తిరిగిలోడు " ++"చేసే వరకు చేసిన అన్ని రన్‌టైమ్ మార్పులూ శాశ్వత ఆకృతీకరణనందు లేకపోతే తిరిగిలోడు చేయగానే పోతాయి." + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -982,8 +978,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." +-msgstr "" +-"పానిక్ రీతి అనగా లోనికివచ్చు మరియు బయటకిపోవు అన్ని పాకెట్లు వదిలివేయబడును." ++msgstr "పానిక్ రీతి అనగా లోనికివచ్చు మరియు బయటకిపోవు అన్ని పాకెట్లు వదిలివేయబడును." + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -994,8 +989,8 @@ msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." + msgstr "" +-"లాక్‌డౌన్ అనునది ఫైర్‌వాల్ ఆకృతీకరణను లాక్ చేయును అలా లాక్‌డౌన్ వైట్‌లిస్ట్ " +-"పైని అనువర్తనాలు మాత్రమే దానిని మార్చగలవు." ++"లాక్‌డౌన్ అనునది ఫైర్‌వాల్ ఆకృతీకరణను లాక్ చేయును అలా లాక్‌డౌన్ వైట్‌లిస్ట్ పైని అనువర్తనాలు మాత్రమే దానిని " ++"మార్చగలవు." + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1069,9 +1064,8 @@ msgid "" + "configuration. Permanent configuration will be active after service or " + "system reload or restart." + msgstr "" +-"ప్రస్తుతం దర్శనీయమైన ఆకృతీకరణ. రన్‌టైమ్ ఆకృతీకరణ అనునది యథార్ధ క్రియాశీల " +-"ఆకృతీకరణ. శాశ్వత ఆకృతీకరణ అనునది సేవ తర్వాత లేదా వ్యవస్థ తిరిగిలోడైన తర్వాత " +-"లేదా పునఃప్రారంభం తరువాత క్రియాశీలమగును." ++"ప్రస్తుతం దర్శనీయమైన ఆకృతీకరణ. రన్‌టైమ్ ఆకృతీకరణ అనునది యథార్ధ క్రియాశీల ఆకృతీకరణ. శాశ్వత ఆకృతీకరణ " ++"అనునది సేవ తర్వాత లేదా వ్యవస్థ తిరిగిలోడైన తర్వాత లేదా పునఃప్రారంభం తరువాత క్రియాశీలమగును." + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1081,11 +1075,10 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld జోన్ అనునది జోన్‌కు బందనమైన నెట్వర్కు అనుసంధానాలు, ఇంటర్ఫేసులు " +-"మరియు మూలపు చిరునామాల నమ్మిక స్థాయిను నిర్వచించును. జోన్ అనునది సేవలను, " +-"పోర్టులను, ప్రొటోకాల్సును, మాస్క్వారేడింగ్‌ను, పోర్ట్/పాకెట్ " +-"ఫార్వార్డింగ్‌ను, icmp ఫిల్టర్లను మరియు రిచ్ నియమాలను కలుపును. జోన్ అనునది " +-"ఇంటర్ఫేసులకు మరియు మూలపు చిరునామాలకు బందనం కాగలదు." ++"firewalld జోన్ అనునది జోన్‌కు బందనమైన నెట్వర్కు అనుసంధానాలు, ఇంటర్ఫేసులు మరియు మూలపు చిరునామాల " ++"నమ్మిక స్థాయిను నిర్వచించును. జోన్ అనునది సేవలను, పోర్టులను, ప్రొటోకాల్సును, మాస్క్వారేడింగ్‌ను, పోర్ట్/" ++"పాకెట్ ఫార్వార్డింగ్‌ను, icmp ఫిల్టర్లను మరియు రిచ్ నియమాలను కలుపును. జోన్ అనునది ఇంటర్ఫేసులకు మరియు " ++"మూలపు చిరునామాలకు బందనం కాగలదు." + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1109,9 +1102,9 @@ msgid "" + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." + msgstr "" +-"జోన్ నందు ఏ సేవలు నమ్మదగినవో మీరు యిక్కడ నిర్వచించవచ్చు. ఈ జోన్‌కు బందనం " +-"అయిన అనుసంధానాలు, ఇంటర్ఫేసులు మరియు మూలాల నుండి మిషన్‌ను చేరగల అన్ని " +-"అతిధేయలు మరియు నెట్వర్కుల నుండి నమ్మదగిన సేవలు ఏక్సెస్ చేయవచ్చు." ++"జోన్ నందు ఏ సేవలు నమ్మదగినవో మీరు యిక్కడ నిర్వచించవచ్చు. ఈ జోన్‌కు బందనం అయిన అనుసంధానాలు, " ++"ఇంటర్ఫేసులు మరియు మూలాల నుండి మిషన్‌ను చేరగల అన్ని అతిధేయలు మరియు నెట్వర్కుల నుండి నమ్మదగిన సేవలు " ++"ఏక్సెస్ చేయవచ్చు." + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1122,8 +1115,8 @@ msgid "" + "Add additional ports or port ranges, which need to be accessible for all " + "hosts or networks that can connect to the machine." + msgstr "" +-"మిషన్‌కు అనుసంధానం కాగల అన్ని అతిధేయలు లేదా నెట్వర్కుల నుండి ఏక్సెస్ " +-"కావలసిన, పోర్టులు లేదా పోర్టుల విస్తృతిని జతచేయి." ++"మిషన్‌కు అనుసంధానం కాగల అన్ని అతిధేయలు లేదా నెట్వర్కుల నుండి ఏక్సెస్ కావలసిన, పోర్టులు లేదా పోర్టుల " ++"విస్తృతిని జతచేయి." + + #: ../src/firewall-config.glade.h:97 + msgid "Add Port" +@@ -1177,10 +1170,9 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"మీరు అతిధేయ నుగాని లేదా రూటర్ ను గాని మీ స్థానిక నెట్వర్కును ఇంటర్‌నెట్ కు " +-"అనుసంధానించుటకు మారువేషదారణ ఉపయోగకరంగా ఉంటుంది.మీ స్థానిక నెట్వర్కు " +-"కనిపించదు మరియు ఇంటర్‌నెట్ కు ఒక అతిధేయ లాగా కనబడుతుంది. మారువేషదారణ IPv4 " +-"మాత్రమే." ++"మీరు అతిధేయ నుగాని లేదా రూటర్ ను గాని మీ స్థానిక నెట్వర్కును ఇంటర్‌నెట్ కు అనుసంధానించుటకు " ++"మారువేషదారణ ఉపయోగకరంగా ఉంటుంది.మీ స్థానిక నెట్వర్కు కనిపించదు మరియు ఇంటర్‌నెట్ కు ఒక అతిధేయ లాగా " ++"కనబడుతుంది. మారువేషదారణ IPv4 మాత్రమే." + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1190,9 +1182,7 @@ msgstr "మాస్క్వరేడ్ జోన్" + msgid "" + "If you enable masquerading, IP forwarding will be enabled for your IPv4 " + "networks." +-msgstr "" +-"మీరు మాస్క్వరేడింగ్ చేతనంచేస్తే, ఐపి ఫార్వార్డింగ్ అనునది మీ IPv4 నెట్వర్కుల " +-"కొరకు చేతనమగును." ++msgstr "మీరు మాస్క్వరేడింగ్ చేతనంచేస్తే, ఐపి ఫార్వార్డింగ్ అనునది మీ IPv4 నెట్వర్కుల కొరకు చేతనమగును." + + #: ../src/firewall-config.glade.h:111 + msgid "Masquerading" +@@ -1205,10 +1195,9 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"ఒక పర్ట్‍ నుండి వేరక పోర్ట్‍‌కు స్థానిక సిస్టమ్ నందు పంపుటకు లేదా స్థానిక " +-"సిస్టమ్ నుండి వేరొక సిస్టమ్‌కు పంపుటకు ప్రవేశాలను పోర్ట్స్‍‌కు జతచేయుము. " +-"వేరొక సిస్టమ్‌కు పంపుట ఇంటర్‌ఫేస్ మారువేషంలోవుంటేనే ఉపయోగకరంగా వుంటుంది. " +-"పోర్ట్‍ పంపుట IPv4 మాత్రమే." ++"ఒక పర్ట్‍ నుండి వేరక పోర్ట్‍‌కు స్థానిక సిస్టమ్ నందు పంపుటకు లేదా స్థానిక సిస్టమ్ నుండి వేరొక సిస్టమ్‌కు " ++"పంపుటకు ప్రవేశాలను పోర్ట్స్‍‌కు జతచేయుము. వేరొక సిస్టమ్‌కు పంపుట ఇంటర్‌ఫేస్ మారువేషంలోవుంటేనే " ++"ఉపయోగకరంగా వుంటుంది. పోర్ట్‍ పంపుట IPv4 మాత్రమే." + + #: ../src/firewall-config.glade.h:113 + msgid "Add Forward Port" +@@ -1228,17 +1217,17 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రోటోకాల్ (ICMP) ముఖ్యంగా నెట్వర్క్‍‌డ్ " +-"కంప్యూటర్స్‍ మద్య దోషపు సందేశాలను పంపుటకు ఉపయోగించబడుతుంది, అయితే అదనంగా " +-"పింగ్ అభ్యర్దనలు మరియు ప్రత్యుత్తరాలు వంటి సమాచార సందేశాలు కు." ++"ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రోటోకాల్ (ICMP) ముఖ్యంగా నెట్వర్క్‍‌డ్ కంప్యూటర్స్‍ మద్య దోషపు సందేశాలను " ++"పంపుటకు ఉపయోగించబడుతుంది, అయితే అదనంగా పింగ్ అభ్యర్దనలు మరియు ప్రత్యుత్తరాలు వంటి సమాచార " ++"సందేశాలు కు." + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." + msgstr "" +-"జాబితానందు ICMP రకాలను గుర్తుంచుము, ఏవైతే తిరస్కరించాలో. అన్ని ఇతర ICMP " +-"రకములు ఫైర్‌వాల్ దాటుటకు అనుమతించబడినవి. అప్రమేయంగా ఏ పరిమితి లేదు." ++"జాబితానందు ICMP రకాలను గుర్తుంచుము, ఏవైతే తిరస్కరించాలో. అన్ని ఇతర ICMP రకములు ఫైర్‌వాల్ దాటుటకు " ++"అనుమతించబడినవి. అప్రమేయంగా ఏ పరిమితి లేదు." + + #: ../src/firewall-config.glade.h:118 + msgid "" +@@ -1279,9 +1268,8 @@ msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." + msgstr "" +-"ఇంటర్ఫేసులను జోన్‌కు బందనం చేయుటకు ప్రవేశాలను జతచేయి. ఒకవేళ ఇంటర్ఫేస్ అనునది " +-"అనుసంధానం చేత వుపయోగించబడితే, జోన్ అనునది అనుసంధానం నందు తెలిపిన జోన్‌కు " +-"అమర్చబడును." ++"ఇంటర్ఫేసులను జోన్‌కు బందనం చేయుటకు ప్రవేశాలను జతచేయి. ఒకవేళ ఇంటర్ఫేస్ అనునది అనుసంధానం చేత " ++"వుపయోగించబడితే, జోన్ అనునది అనుసంధానం నందు తెలిపిన జోన్‌కు అమర్చబడును." + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1322,9 +1310,7 @@ msgstr "జోన్స్" + msgid "" + "A firewalld service is a combination of ports, protocols, modules and " + "destination addresses." +-msgstr "" +-"firewalld సేవ అనునది పోర్టులు, ప్రొటోకాల్స్, మాడ్యూళ్ళు మరియు గమ్యపు " +-"చిరునామాల సమ్మేళనం." ++msgstr "firewalld సేవ అనునది పోర్టులు, ప్రొటోకాల్స్, మాడ్యూళ్ళు మరియు గమ్యపు చిరునామాల సమ్మేళనం." + + #: ../src/firewall-config.glade.h:139 + msgid "Add Service" +@@ -1380,9 +1366,8 @@ msgid "" + "the destination address and type. If both entries are empty, there is no " + "limitation." + msgstr "" +-"ఒకవేళ మీరు గమ్యపు చిరునామాలను తెలిపితే, సేవా ప్రవేశం అనునది గమ్యపు చిరునామా " +-"మరియు రకమునకు పరిమితం అగును. ఒకవేళ రెండు ప్రవేశాలు ఖాళీ అయితే, అప్పుడు ఏ " +-"పరిమితి వుండదు." ++"ఒకవేళ మీరు గమ్యపు చిరునామాలను తెలిపితే, సేవా ప్రవేశం అనునది గమ్యపు చిరునామా మరియు రకమునకు పరిమితం " ++"అగును. ఒకవేళ రెండు ప్రవేశాలు ఖాళీ అయితే, అప్పుడు ఏ పరిమితి వుండదు." + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1397,8 +1382,8 @@ msgid "" + "Services can only be changed in the permanent configuration view. The " + "runtime configuration of services is fixed." + msgstr "" +-"సేవలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. సేవల యొక్క " +-"రన్‌టైమ్ ఆకృతీకరణ అనునది నిర్ధిష్టం." ++"సేవలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. సేవల యొక్క రన్‌టైమ్ ఆకృతీకరణ అనునది " ++"నిర్ధిష్టం." + + #: ../src/firewall-config.glade.h:154 + msgid "" +@@ -1458,8 +1443,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld icmptype అనునది firewalld కొరకు ఇంటర్నెట్ కంట్రోల్ మెసేజ్ " +-"ప్రొటోకాల్ (ICMP) కు చెందిన సమాచారం ఇచ్చును." ++"firewalld icmptype అనునది firewalld కొరకు ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రొటోకాల్ (ICMP) కు " ++"చెందిన సమాచారం ఇచ్చును." + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1486,8 +1471,8 @@ msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." + msgstr "" +-"ICMP రకాలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. ICMP రకాల " +-"యొక్క రన్‌టైమ్ ఆకృతీకరణ అనునది నిర్ధిష్టం." ++"ICMP రకాలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. ICMP రకాల యొక్క రన్‌టైమ్ " ++"ఆకృతీకరణ అనునది నిర్ధిష్టం." + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1508,10 +1493,9 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"సూటి ఆకృతీకరణ అనునది ఫైర్‌వాల్‌కు మరింత సూటిగా ఏక్సెస్ ఇచ్చును. ఈ ఐచ్చికాలు " +-"వుపయోగించుటకు వాడుకరికి ప్రాథమిక ఐపిపట్టికల విషయాలు తెలవాలి, అనగా పట్టికలు, " +-"చైన్స్, ఆదేశాలు, పారామితులు మరియు లక్ష్యాలు. ఇతర firewalld విశేషణాలు ఏవీ " +-"వుపయోగించుటకు సాధ్యకానప్పుడు మాత్రమే సూటి ఆకృతీకరణను వుపయోగించాలి." ++"సూటి ఆకృతీకరణ అనునది ఫైర్‌వాల్‌కు మరింత సూటిగా ఏక్సెస్ ఇచ్చును. ఈ ఐచ్చికాలు వుపయోగించుటకు వాడుకరికి " ++"ప్రాథమిక ఐపిపట్టికల విషయాలు తెలవాలి, అనగా పట్టికలు, చైన్స్, ఆదేశాలు, పారామితులు మరియు లక్ష్యాలు. ఇతర " ++"firewalld విశేషణాలు ఏవీ వుపయోగించుటకు సాధ్యకానప్పుడు మాత్రమే సూటి ఆకృతీకరణను వుపయోగించాలి." + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1519,9 +1503,8 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"ప్రతి ఐచ్చికం యొక్క ipv ఆర్గుమెంట్ ipv4 లేదా ipv6 లేదా eb కావాలి. ipv4 తో " +-"అది ఐపిపట్టికల కొరకు, ipv6 కొరకు ఐపి6పట్టికల కొరకు మరియు eb తో ఈథర్నెట్ " +-"బ్రిడ్జులు (ఈబిపట్టికలు) కొరకు." ++"ప్రతి ఐచ్చికం యొక్క ipv ఆర్గుమెంట్ ipv4 లేదా ipv6 లేదా eb కావాలి. ipv4 తో అది ఐపిపట్టికల కొరకు, " ++"ipv6 కొరకు ఐపి6పట్టికల కొరకు మరియు eb తో ఈథర్నెట్ బ్రిడ్జులు (ఈబిపట్టికలు) కొరకు." + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1546,8 +1529,7 @@ msgstr "చైన్స్" + #: ../src/firewall-config.glade.h:182 + msgid "" + "Add a rule with the arguments args to a chain in a table with a priority." +-msgstr "" +-"పట్టిక నందలి చైన్‌కు ప్రాముఖ్యతతో ఆర్గుమెంట్స్ args వుపయోగించి నియమం జతచేయి." ++msgstr "పట్టిక నందలి చైన్‌కు ప్రాముఖ్యతతో ఆర్గుమెంట్స్ args వుపయోగించి నియమం జతచేయి." + + #: ../src/firewall-config.glade.h:183 + msgid "" +@@ -1558,12 +1540,10 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"ఆర్డర్ నియమాలను వుపయోగించటమే ప్రాముఖ్యం. ప్రాముఖ్యత 0 అనగా నియమాన్ని చైన్ " +-"పైన జతచేయమని, అత్యధిక ప్రాముఖ్యతతో నియమం అనునది ఇంకా కిందకు చేర్చబడును. ఒకే " +-"ప్రాముఖ్యతతో వున్న నియమాలు ఒకే స్థాయిలో వుంటాయి మరియు ఈ నియమాల క్రమం " +-"నిర్దిష్టంకాదు మారవచ్చు. ఒకదాని తరువాత మళ్ళీ ఒక నియమం జతచేయబడును అనేది " +-"నిర్థారించుకొనుటకు, ఒకదానికి తక్కువ ప్రాముఖ్యత ఇచ్చి తరువాతదానికి ఎక్కువ " +-"ప్రాముఖ్యత ఇవ్వండి." ++"ఆర్డర్ నియమాలను వుపయోగించటమే ప్రాముఖ్యం. ప్రాముఖ్యత 0 అనగా నియమాన్ని చైన్ పైన జతచేయమని, అత్యధిక " ++"ప్రాముఖ్యతతో నియమం అనునది ఇంకా కిందకు చేర్చబడును. ఒకే ప్రాముఖ్యతతో వున్న నియమాలు ఒకే స్థాయిలో వుంటాయి " ++"మరియు ఈ నియమాల క్రమం నిర్దిష్టంకాదు మారవచ్చు. ఒకదాని తరువాత మళ్ళీ ఒక నియమం జతచేయబడును అనేది " ++"నిర్థారించుకొనుటకు, ఒకదానికి తక్కువ ప్రాముఖ్యత ఇచ్చి తరువాతదానికి ఎక్కువ ప్రాముఖ్యత ఇవ్వండి." + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1587,15 +1567,12 @@ msgid "" + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." + msgstr "" +-"పాస్‌త్రూ నియమాలు అనునవి నేరుగా ఫైర్‌వాల్‌కు పంపుబడును మరియు ప్రత్యేక చైన్స్ " +-"నందు వుంచబడవు. అన్ని ఐపిపట్టికలు, ఐపి6పట్టికలు మరియు ఈబిపట్టికల ఐచ్చికాలు " +-"వుపయోగించవచ్చు." ++"పాస్‌త్రూ నియమాలు అనునవి నేరుగా ఫైర్‌వాల్‌కు పంపుబడును మరియు ప్రత్యేక చైన్స్ నందు వుంచబడవు. అన్ని " ++"ఐపిపట్టికలు, ఐపి6పట్టికలు మరియు ఈబిపట్టికల ఐచ్చికాలు వుపయోగించవచ్చు." + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +-msgstr "" +-"ఫైర్‌వాల్‌కు నష్టంవాటిల్లకుండా వుండుటకు పాస్‌త్రూ నియమాలతో జాగ్రత్తగా " +-"వుండండి." ++msgstr "ఫైర్‌వాల్‌కు నష్టంవాటిల్లకుండా వుండుటకు పాస్‌త్రూ నియమాలతో జాగ్రత్తగా వుండండి." + + #: ../src/firewall-config.glade.h:190 + msgid "Add Passthrough" +@@ -1619,10 +1596,9 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"లాక్‌డౌన్ విశేషణం అనునది firewalld కొరకు వాడుకరి మరియు అనువర్తనం విధానాల " +-"లైట్ వర్షన్. ఇది మార్పులను ఫైర్‌వాల్‌కు పరిమితం చేయును. లాక్‌డౌన్ " +-"వైట్‌లిస్ట్ అనునది ఆదేశాలను, సందర్భాలను, వాడుకరులను మరియు వాడుకరి ఐడిలను " +-"కలిగివుండవచ్చు." ++"లాక్‌డౌన్ విశేషణం అనునది firewalld కొరకు వాడుకరి మరియు అనువర్తనం విధానాల లైట్ వర్షన్. ఇది మార్పులను " ++"ఫైర్‌వాల్‌కు పరిమితం చేయును. లాక్‌డౌన్ వైట్‌లిస్ట్ అనునది ఆదేశాలను, సందర్భాలను, వాడుకరులను మరియు వాడుకరి " ++"ఐడిలను కలిగివుండవచ్చు." + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1653,9 +1629,8 @@ msgid "" + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." + msgstr "" +-"వైట్‌లిస్ట్ పైన ఆదేశం ప్రవేశం ఏస్ట్రిక్ '*' తో ముగిస్తే, అప్పుడు ఆ ఆదేశంతో " +-"ప్రారంభమయ్యే అన్ని ఆదేశ వరుసలు సరిపోలును. ఒకవేళ '*' లేకపోతే అప్పుడు ఆదేశం " +-"అనునది ఆర్గుమెంట్లతో సహా ఖచ్చితంగా సరిపోలాలి." ++"వైట్‌లిస్ట్ పైన ఆదేశం ప్రవేశం ఏస్ట్రిక్ '*' తో ముగిస్తే, అప్పుడు ఆ ఆదేశంతో ప్రారంభమయ్యే అన్ని ఆదేశ " ++"వరుసలు సరిపోలును. ఒకవేళ '*' లేకపోతే అప్పుడు ఆదేశం అనునది ఆర్గుమెంట్లతో సహా ఖచ్చితంగా సరిపోలాలి." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1845,9 +1820,7 @@ msgstr "సూటి నియమం" + + #: ../src/firewall-config.glade.h:248 + msgid "Please select ipv and table, chain priority and enter the args." +-msgstr "" +-"దయచేసి ipv మరియు పట్టిక, చైన్ ప్రాముఖ్యత ఎంపికచేసి ఆర్గుమెంట్లు ప్రవేశపెట్టు." +-"" ++msgstr "దయచేసి ipv మరియు పట్టిక, చైన్ ప్రాముఖ్యత ఎంపికచేసి ఆర్గుమెంట్లు ప్రవేశపెట్టు." + + #: ../src/firewall-config.glade.h:249 + msgid "Priority:" +@@ -1871,9 +1844,7 @@ msgstr "దయచేసి రిట్ నియమం ప్రవేశపె + + #: ../src/firewall-config.glade.h:255 + msgid "For host or network white or blacklisting deactivate the element." +-msgstr "" +-"అతిధేయ లేదా నెట్వర్కునకు వైట్ లేదా బ్లాక్‌లిస్టింగ్ అనునది మూలకం క్రియాహీనం " +-"చేయును." ++msgstr "అతిధేయ లేదా నెట్వర్కునకు వైట్ లేదా బ్లాక్‌లిస్టింగ్ అనునది మూలకం క్రియాహీనం చేయును." + + #: ../src/firewall-config.glade.h:256 + msgid "Source:" +@@ -1901,11 +1872,11 @@ msgstr "తిరగతిప్పిన" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" +-"దీనిని చేతనం చేయుటకు చర్య అనేది 'తిరస్కరించు' అవ్వాలి మరియు ఫ్యామిలీ 'ipv4' " +-"లేదా 'ipv6' అవ్వాలి (రెండూ కాదు)." ++"దీనిని చేతనం చేయుటకు చర్య అనేది 'తిరస్కరించు' అవ్వాలి మరియు ఫ్యామిలీ 'ipv4' లేదా 'ipv6' అవ్వాలి " ++"(రెండూ కాదు)." + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +diff --git a/po/tr.po b/po/tr.po +index 7da35aea825d..2d13d81307ef 100644 +--- a/po/tr.po ++++ b/po/tr.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Automatically generated, 2004 + # Hasan Alp İNAN, 2011 +@@ -12,15 +12,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2016-01-04 12:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Turkish (http://www.transifex.com/projects/p/firewalld/" + "language/tr/)\n" + "Language: tr\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=2; plural=(n > 1);\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -206,8 +206,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Alanı '{zone}' etkin bağlantısı '{connection}' arayüzünde '{interface}'" + +@@ -647,7 +646,8 @@ msgstr "" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + +@@ -856,8 +856,7 @@ msgstr "" + + #: ../src/firewall-config.glade.h:34 + msgid "Bold entries are mandatory, all others are optional." +-msgstr "" +-"Kalın girişlerin hepsi zorunludur. Diğer tüm girişler isteğe bağlıdır." ++msgstr "Kalın girişlerin hepsi zorunludur. Diğer tüm girişler isteğe bağlıdır." + + #: ../src/firewall-config.glade.h:35 + msgid "Name:" +@@ -1207,9 +1206,10 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"İnternet Kontrol Mesaj Protokolü \"The Internet Control Message Protocol\" " +-"(ICMP) genellikle bilgisayarlar arasındaki hata mesajları için kullanılır, " +-"fakat ek olarak bilgi mesajları ping istek ve cevapları içinde kullanılır." ++"İnternet Kontrol Mesaj Protokolü \"The Internet Control Message Protocol" ++"\" (ICMP) genellikle bilgisayarlar arasındaki hata mesajları için " ++"kullanılır, fakat ek olarak bilgi mesajları ping istek ve cevapları içinde " ++"kullanılır." + + #: ../src/firewall-config.glade.h:117 + msgid "" +@@ -1840,8 +1840,8 @@ msgstr "" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/uk.po b/po/uk.po +index 9c5f867f07e7..17157399e211 100644 +--- a/po/uk.po ++++ b/po/uk.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Maxim Dubovoy , 2003 + # Yuri Chornoivan , 2010-2014 +@@ -14,17 +14,17 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-07-29 04:00+0000\n" + "Last-Translator: Yuri Chornoivan \n" + "Language-Team: Ukrainian (http://www.transifex.com/projects/p/firewalld/" + "language/uk/)\n" + "Language: uk\n" +-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " +-"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" ++"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" ++"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + "X-Generator: Zanata 4.6.2\n" + + #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 +@@ -43,7 +43,8 @@ msgstr "Налаштовування мережного екрану" + #: ../config/firewall-config.desktop.in.h:4 + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" +-"firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;безпека;захист;айпітейблс;нетфільтр;" ++"firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;" ++"безпека;захист;айпітейблс;нетфільтр;" + + #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 + #, c-format +@@ -210,8 +211,7 @@ msgstr "" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "" + "Зона «{zone}» використовується для з’єднання «{connection}» на інтерфейсі " + "«{interface}»" +@@ -656,7 +656,8 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" + msgstr "" + "Переспрямовування до іншої системи працюватиме, лише якщо інтерфейс " +@@ -778,7 +779,6 @@ msgstr "Безпосередній ланцюжок" + msgid "Please select ipv and table and enter the chain name." + msgstr "" + "Будь ласка виберіть версію протоколу IP та таблицю та введіть назву ланцюжка." +-"" + + #: ../src/firewall-config.glade.h:12 + msgid "ipv:" +@@ -992,14 +992,12 @@ msgstr "Налаштовування автоматичного призначе + + #: ../src/firewall-config.glade.h:67 + msgid "Configure Automatic Helper Assignment setting." +-msgstr "" +-"Налаштовування параметра автоматичного призначення допоміжних засобів." ++msgstr "Налаштовування параметра автоматичного призначення допоміжних засобів." + + #: ../src/firewall-config.glade.h:68 + msgid "Panic mode means that all incoming and outgoing packets are dropped." + msgstr "" + "Режим супербезпеки означає, що усіх вхідні та вихідні пакети відкидатимуться." +-"" + + #: ../src/firewall-config.glade.h:69 + msgid "Panic Mode" +@@ -1069,8 +1067,7 @@ msgstr "Змінити зону прив’язки" + msgid "" + "Hide active runtime bindings of connections, interfaces and sources to zones" + msgstr "" +-"Приховати активні динамічні прив’язки з’єднань, інтерфейсів або джерел до " +-"зон" ++"Приховати активні динамічні прив’язки з’єднань, інтерфейсів або джерел до зон" + + #: ../src/firewall-config.glade.h:85 + msgid "" +@@ -1401,8 +1398,7 @@ msgstr "Порт джерела" + + #: ../src/firewall-config.glade.h:148 + msgid "Netfilter helper modules are needed for some services." +-msgstr "" +-"Модулі допоміжних засобів фільтрування мережі потребують певних служб." ++msgstr "Модулі допоміжних засобів фільтрування мережі потребують певних служб." + + #: ../src/firewall-config.glade.h:149 + msgid "Modules" +@@ -1440,8 +1436,8 @@ msgid "" + "example IP addresses, port numbers or MAC addresses. " + msgstr "" + "IPSet може бути використано для створення «білих» або «чорних» списків, у " +-"ньому можуть зберігатися, наприклад, IP-адреси, номери портів або MAC-адреси." +-" " ++"ньому можуть зберігатися, наприклад, IP-адреси, номери портів або MAC-" ++"адреси. " + + #: ../src/firewall-config.glade.h:155 + msgid "IPSet" +@@ -1553,7 +1549,6 @@ msgstr "" + msgid "Define ports or port ranges, which are monitored by the helper." + msgstr "" + "Визначення портів або діапазонів портів, за якими стежитиме допоміжний засіб." +-"" + + #: ../src/firewall-config.glade.h:175 + msgid "" +@@ -1714,9 +1709,9 @@ msgid "" + "the absolute command inclusive arguments must match." + msgstr "" + "Якщо запис команди у «білому» списку завершується зірочкою, «*», його буде " +-"використано для обробки усіх рядків команд, що починаються відповідним чином." +-" Якщо у записі немає «*», обробка виконуватиметься лише для вказано разом з " +-"аргументами команди." ++"використано для обробки усіх рядків команд, що починаються відповідним " ++"чином. Якщо у записі немає «*», обробка виконуватиметься лише для вказано " ++"разом з аргументами команди." + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1965,8 +1960,8 @@ msgstr "інвертування" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "" + "Щоб можна було скористатися цим, значення «Дія» має бути «відмова», а " + "«Сімейством» має бути «ipv4» або «ipv6» (не обидва)." +diff --git a/po/zh_CN.po b/po/zh_CN.po +index a6229bee26ce..d9804a90231b 100644 +--- a/po/zh_CN.po ++++ b/po/zh_CN.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Alick Zhao , 2013 + # Christopher Meng , 2012-2013 +@@ -19,19 +19,20 @@ + # Zamir SUN , 2017. #zanata + # Eric Garver , 2018. #zanata + # Qiyu Yan , 2018. #zanata ++# Pany , 2019. #zanata + msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" +-"PO-Revision-Date: 2018-11-16 08:29+0000\n" +-"Last-Translator: Copied by Zanata \n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"PO-Revision-Date: 2019-03-10 05:13+0000\n" ++"Last-Translator: Pany \n" + "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/" + "firewalld/language/zh_CN/)\n" + "Language: zh_CN\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -71,7 +72,7 @@ msgstr "为连接 '%s' 选择区域" + + #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3910 + msgid "Failed to set zone {zone} for connection {connection_name}" +-msgstr "" ++msgstr "设置 {connection_name} 的区 {zone} 失败" + + #: ../src/firewall-applet.in:190 + #, c-format +@@ -90,7 +91,9 @@ msgstr "在这里您可以选择开启保护和关闭保护的区域。" + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." +-msgstr "这项功能对于在绝大多数时间里使用默认区域的人有用。对于经常改变连接区域的用户来说,用处有限。" ++msgstr "" ++"这项功能对于在绝大多数时间里使用默认区域的人有用。对于经常改变连接区域的用户" ++"来说,用处有限。" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -208,12 +211,12 @@ msgstr "默认区域: '%s'" + msgid "" + "Default Zone '{default_zone}' active for connection '{connection}' on " + "interface '{interface}'" +-msgstr "接口 '{interface}' 上连接 '{connection}' 的活动默认区 '{default_zone}'" ++msgstr "" ++"接口 '{interface}' 上连接 '{connection}' 的活动默认区 '{default_zone}'" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "在接口 '{interface}' 启用连接 '{connection}' 的区域 '{zone}'" + + #: ../src/firewall-applet.in:892 +@@ -262,15 +265,16 @@ msgid "" + "Default zone '{default_zone}' {activated_deactivated} for connection " + "'{connection}' on interface '{interface}'" + msgstr "" +-"接口 '{interface}' 上连接 '{connection}' 的默认区 '{default_zone}' " +-"{activated_deactivated}" ++"接口 '{interface}' 上连接 '{connection}' 的默认区 " ++"'{default_zone}' {activated_deactivated}" + + #: ../src/firewall-applet.in:1042 + msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" + msgstr "" +-"在接口 '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 '{zone}' " ++"在接口 '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 " ++"'{zone}' " + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -653,9 +657,11 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" +-msgstr "转发至其他系统琴在端口伪装时才有用。\n" ++msgstr "" ++"转发至其他系统琴在端口伪装时才有用。\n" + "您想要伪装该区域吗?" + + #: ../src/firewall-config.in:5376 +@@ -686,7 +692,8 @@ msgstr "请输入 ipv4 或者 ipv6 地址,格式为 address[/mask]。" + msgid "" + "The mask can be a network mask or a number for ipv4.\n" + "The mask is a number for ipv6." +-msgstr "对于 ipv4 地址,该掩码必须为网络掩码或一个数字。\n" ++msgstr "" ++"对于 ipv4 地址,该掩码必须为网络掩码或一个数字。\n" + "对于 ipv6 地址,则该掩码为一个数字。" + + #: ../src/firewall-config.in:5776 +@@ -947,7 +954,9 @@ msgid "" + "Reloads firewall rules. Current permanent configuration will become new " + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." +-msgstr "重载防火墙规则。当前永久配置将变成新的运行时配置。例如所有仅在运行时配置所做的变更若未在永久配置中操作,将在重载后丢失。" ++msgstr "" ++"重载防火墙规则。当前永久配置将变成新的运行时配置。例如所有仅在运行时配置所做" ++"的变更若未在永久配置中操作,将在重载后丢失。" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -1062,7 +1071,9 @@ msgid "" + "Currently visible configuration. Runtime configuration is the actual active " + "configuration. Permanent configuration will be active after service or " + "system reload or restart." +-msgstr "当前可见配置。运行时配置为实际启用的配置。永久配置则会在服务或系统重载或重启时启用。" ++msgstr "" ++"当前可见配置。运行时配置为实际启用的配置。永久配置则会在服务或系统重载或重启" ++"时启用。" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1072,8 +1083,9 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"FirewallD 区域定义了绑定的网络连接、接口以及源地址的可信程度。区域是服务、端口、协议、IP伪装、端口/" +-"报文转发、ICMP过滤以及富规则的组合。区域可以绑定到接口以及源地址。" ++"FirewallD 区域定义了绑定的网络连接、接口以及源地址的可信程度。区域是服务、端" ++"口、协议、IP伪装、端口/报文转发、ICMP过滤以及富规则的组合。区域可以绑定到接口" ++"以及源地址。" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1096,7 +1108,9 @@ msgid "" + "Here you can define which services are trusted in the zone. Trusted services " + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." +-msgstr "可以在这里定义区域中哪些服务是可信的。可连接至绑定到这个区域的连接、接口和源的所有主机和网络及丶可以访问可信服务。" ++msgstr "" ++"可以在这里定义区域中哪些服务是可信的。可连接至绑定到这个区域的连接、接口和源" ++"的所有主机和网络及丶可以访问可信服务。" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1148,7 +1162,9 @@ msgstr "协议" + msgid "" + "Add additional source ports or port ranges, which need to be accessible for " + "all hosts or networks that can connect to the machine." +-msgstr "添加额外的源端口或范围,它们对于所有可以连接至这台主机的所有主机或网络都需要是可以访问的。" ++msgstr "" ++"添加额外的源端口或范围,它们对于所有可以连接至这台主机的所有主机或网络都需要" ++"是可以访问的。" + + #: ../src/firewall-config.glade.h:107 + msgid "Source Ports" +@@ -1160,7 +1176,8 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"如果您要设置一台将您的本地网络连接到互联网的主机或者路由器,伪装是很有用的。您的本地网络将不可见,且该主机是以单一地址的形式出现在互联网中。伪装仅适用于 " ++"如果您要设置一台将您的本地网络连接到互联网的主机或者路由器,伪装是很有用的。" ++"您的本地网络将不可见,且该主机是以单一地址的形式出现在互联网中。伪装仅适用于 " + "IPv4。" + + #: ../src/firewall-config.glade.h:109 +@@ -1184,7 +1201,8 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"添加条目来转发端口,可以是从本地系统的一个端口到另一个端口,也可以是从本地系统到另一个系统。转发到另一个系统只在接口是伪装的时候有用。端口转发只适用于 " ++"添加条目来转发端口,可以是从本地系统的一个端口到另一个端口,也可以是从本地系" ++"统到另一个系统。转发到另一个系统只在接口是伪装的时候有用。端口转发只适用于 " + "IPv4。" + + #: ../src/firewall-config.glade.h:113 +@@ -1204,21 +1222,25 @@ msgid "" + "The Internet Control Message Protocol (ICMP) is mainly used to send error " + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." +-msgstr "互联网控制报文协议(ICMP)主要用于在联网的计算机间发送出错信息,但也发送类似 ping 请求以及回应等信息。" ++msgstr "" ++"互联网控制报文协议(ICMP)主要用于在联网的计算机间发送出错信息,但也发送类似 " ++"ping 请求以及回应等信息。" + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." +-msgstr "在列表中标记应该被拒绝的 ICMP 类型。所有其它 ICMP 类型则被允许通过防火墙。默认设置是没有限制。" ++msgstr "" ++"在列表中标记应该被拒绝的 ICMP 类型。所有其它 ICMP 类型则被允许通过防火墙。默" ++"认设置是没有限制。" + + #: ../src/firewall-config.glade.h:118 + msgid "" + "If Invert Filter is enabled, marked ICMP entries are accepted and the others " + "are rejected. In a zone with the target DROP, they are dropped." + msgstr "" +-"如果启用了反向过滤器(Invert Filter),作了标记的 ICMP 条目都被会被接受,而其他条目则会被拒绝。在带有目标 DROP " +-"的区里,它们会被丢弃。" ++"如果启用了反向过滤器(Invert Filter),作了标记的 ICMP 条目都被会被接受,而其" ++"他条目则会被拒绝。在带有目标 DROP 的区里,它们会被丢弃。" + + #: ../src/firewall-config.glade.h:119 + msgid "Invert Filter" +@@ -1252,7 +1274,9 @@ msgstr "富规则" + msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." +-msgstr "增加入口以将接口加入区域。若接口已经被连接占用,区域将被设定为连接所指定的区域。" ++msgstr "" ++"增加入口以将接口加入区域。若接口已经被连接占用,区域将被设定为连接所指定的区" ++"域。" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1271,7 +1295,9 @@ msgid "" + "Add entries to bind source addresses or areas to the zone. You can also bind " + "to a MAC source address, but with limitations. Port forwarding and " + "masquerading will not work for MAC source bindings." +-msgstr "添加条目以便在该区域绑定源地址或范围。还可以绑定到 MAC 源地址,但会有所限制。端口转发及伪装不适用于 MAC 源绑定。" ++msgstr "" ++"添加条目以便在该区域绑定源地址或范围。还可以绑定到 MAC 源地址,但会有所限制。" ++"端口转发及伪装不适用于 MAC 源绑定。" + + #: ../src/firewall-config.glade.h:132 + msgid "Add Source" +@@ -1348,7 +1374,9 @@ msgid "" + "If you specify destination addresses, the service entry will be limited to " + "the destination address and type. If both entries are empty, there is no " + "limitation." +-msgstr "如果您指定了目的地址,服务项目将仅限于目的地址和类型。如果两个项目均为空,则没有限制。" ++msgstr "" ++"如果您指定了目的地址,服务项目将仅限于目的地址和类型。如果两个项目均为空,则" ++"没有限制。" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1368,7 +1396,8 @@ msgstr "仅可以在永久配置视图中修改服务。运行时配置中的服 + msgid "" + "An IPSet can be used to create white or black lists and is able to store for " + "example IP addresses, port numbers or MAC addresses. " +-msgstr "可使用 IPSet 创建白名单或黑名单,以便保存 IP 地址、端口号或者 MAC 地址。" ++msgstr "" ++"可使用 IPSet 创建白名单或黑名单,以便保存 IP 地址、端口号或者 MAC 地址。" + + #: ../src/firewall-config.glade.h:155 + msgid "IPSet" +@@ -1397,14 +1426,16 @@ msgid "" + "added by firewalld. Entries, that have been directly added with the ipset " + "command wil not be listed here." + msgstr "" +-"IPSet 条目。只能看到不使用 timeout 选项的 ipset 条目以及已经由 firewalld 添加的条目。这里不会列出直接由 ipset " +-"命令添加的条目。" ++"IPSet 条目。只能看到不使用 timeout 选项的 ipset 条目以及已经由 firewalld 添加" ++"的条目。这里不会列出直接由 ipset 命令添加的条目。" + + #: ../src/firewall-config.glade.h:161 + msgid "" + "This IPSet uses the timeout option, therefore no entries are visible here. " + "The entries should be taken care directly with the ipset command." +-msgstr "这个 IPSet 使用 timeout 选项,因此在这个看不到。应直接使用 ipset 命令处理该条目。" ++msgstr "" ++"这个 IPSet 使用 timeout 选项,因此在这个看不到。应直接使用 ipset 命令处理该条" ++"目。" + + #: ../src/firewall-config.glade.h:162 + msgid "Add" +@@ -1449,7 +1480,8 @@ msgstr "指定是否该 ICMP 类型可用于 IPv4 和/或 IPv6。" + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." +-msgstr "仅可以在永久配置视图中修改 ICMP 类型。运行时配置中的 ICMP 类型是固定的。" ++msgstr "" ++"仅可以在永久配置视图中修改 ICMP 类型。运行时配置中的 ICMP 类型是固定的。" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1458,7 +1490,9 @@ msgid "" + "are using ports that are unrelated to the signaling connection and are " + "therefore blocked by the firewall without the helper." + msgstr "" +-"正在指派连接跟踪帮助程序,以确保使用不同信号发送和数据传输流程的协议正常工作。数据传输使用的是与信号发送连接不相关的端口,因此若没有该帮助程序将会被防火墙阻挡。" ++"正在指派连接跟踪帮助程序,以确保使用不同信号发送和数据传输流程的协议正常工" ++"作。数据传输使用的是与信号发送连接不相关的端口,因此若没有该帮助程序将会被防" ++"火墙阻挡。" + + #: ../src/firewall-config.glade.h:174 + msgid "Define ports or port ranges, which are monitored by the helper." +@@ -1471,8 +1505,9 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"直接配置给予直接访问防火墙方式。这些选项需要用户了解基本的 iptables 概念,比如表、链、命令、参数和目标。直接配置应该仅用于当其他 " +-"firewalld 功能都不可用时的最后手段。" ++"直接配置给予直接访问防火墙方式。这些选项需要用户了解基本的 iptables 概念,比" ++"如表、链、命令、参数和目标。直接配置应该仅用于当其他 firewalld 功能都不可用时" ++"的最后手段。" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1480,8 +1515,8 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"每个操作的 IPV 参数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 ip6tables,eb " +-"用于以太网桥接(ebtables)。" ++"每个操作的 IPV 参数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 " ++"ip6tables,eb 用于以太网桥接(ebtables)。" + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1517,8 +1552,9 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"优先级用于规则排序。优先级0 " +-"代表在链顶端添加规则,更大的优先级将添加到链下方。优先级相同的规则将具备相同的级别,排序并不固定并有可能变化。如果您想要确保一个规则会在另外一个后添加,需为前者指定低优先级而为后者指定高优先级。" ++"优先级用于规则排序。优先级0 代表在链顶端添加规则,更大的优先级将添加到链下" ++"方。优先级相同的规则将具备相同的级别,排序并不固定并有可能变化。如果您想要确" ++"保一个规则会在另外一个后添加,需为前者指定低优先级而为后者指定高优先级。" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1541,7 +1577,9 @@ msgid "" + "The passthrough rules are directly passed through to the firewall and are " + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." +-msgstr "穿通规则将被直接传递给防火墙而不会放置到特殊链中。可以使用所有 iptables、ip6tables 和 ebtables 选项。" ++msgstr "" ++"穿通规则将被直接传递给防火墙而不会放置到特殊链中。可以使用所有 iptables、" ++"ip6tables 和 ebtables 选项。" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1569,7 +1607,8 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"锁定功能是适用于 firewalld 的轻量级用户和应用程序规范。它保证变更仅限于防火墙。锁定白名单可以包含命令、上下文、用户和用户 ID。" ++"锁定功能是适用于 firewalld 的轻量级用户和应用程序规范。它保证变更仅限于防火" ++"墙。锁定白名单可以包含命令、上下文、用户和用户 ID。" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1577,8 +1616,8 @@ msgid "" + "service. To get the context of a running application use ps -e --" + "context." + msgstr "" +-"上下文是正在运行的应用程序或服务的安全(SELinux)上下文。请使用 ps -e --context " +-"获取正在运行的应用程序的上下文。" ++"上下文是正在运行的应用程序或服务的安全(SELinux)上下文。请使用 ps -e --" ++"context 获取正在运行的应用程序的上下文。" + + #: ../src/firewall-config.glade.h:196 + msgid "Add Context" +@@ -1601,7 +1640,9 @@ msgid "" + "If a command entry on the whitelist ends with an asterisk '*', then all " + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." +-msgstr "如果在白名单输入的命令以 '*' 星号结尾,则匹配所有以其开头的命令。如果不含 '*' 则命令和其中的参数必须绝对匹配。" ++msgstr "" ++"如果在白名单输入的命令以 '*' 星号结尾,则匹配所有以其开头的命令。如果不含 " ++"'*' 则命令和其中的参数必须绝对匹配。" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1843,8 +1884,8 @@ msgstr "反转" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." + msgstr "若启用该项,操作需为'reject'并且家族选择'ipv4'或'ipv6'(但不能同时选择)" + + #: ../src/firewall-config.glade.h:267 +diff --git a/po/zh_TW.po b/po/zh_TW.po +index 02970d500a31..ac8b32c0d9e3 100644 +--- a/po/zh_TW.po ++++ b/po/zh_TW.po +@@ -1,7 +1,7 @@ + # SOME DESCRIPTIVE TITLE. + # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER + # This file is distributed under the same license as the PACKAGE package. +-# ++# + # Translators: + # Ben Wu , 2002-2004 + # Chester Cheng , 2004-2006,2010,2014 +@@ -21,15 +21,15 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2018-10-11 15:05-0400\n" +-"MIME-Version: 1.0\n" +-"Content-Type: text/plain; charset=UTF-8\n" +-"Content-Transfer-Encoding: 8bit\n" ++"POT-Creation-Date: 2019-05-17 12:53-0400\n" + "PO-Revision-Date: 2018-11-16 08:29+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" + "firewalld/language/zh_TW/)\n" + "Language: zh_TW\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=1; plural=0;\n" + "X-Generator: Zanata 4.6.2\n" + +@@ -88,7 +88,9 @@ msgstr "您可以在這裡選取「防禦展開」與「防禦卸下」所要使 + msgid "" + "This feature is useful for people using the default zones mostly. For users, " + "that are changing zones of connections, it might be of limited use." +-msgstr "此功能對於大多數使用預設界域的人來說很有用處。至於更改連線的界域之使用者,這可能用處不大。" ++msgstr "" ++"此功能對於大多數使用預設界域的人來說很有用處。至於更改連線的界域之使用者,這" ++"可能用處不大。" + + #: ../src/firewall-applet.in:235 + msgid "Shields Up Zone:" +@@ -206,12 +208,12 @@ msgstr "預設界域:「%s」" + msgid "" + "Default Zone '{default_zone}' active for connection '{connection}' on " + "interface '{interface}'" +-msgstr "預設界域「{default_zone}」使用中:連線「{connection}」,介面「{interface}」" ++msgstr "" ++"預設界域「{default_zone}」使用中:連線「{connection}」,介面「{interface}」" + + #: ../src/firewall-applet.in:880 + msgid "" +-"Zone '{zone}' active for connection '{connection}' on interface " +-"'{interface}'" ++"Zone '{zone}' active for connection '{connection}' on interface '{interface}'" + msgstr "界域「{zone}」使用中:連線「{connection}」,介面「{interface}」" + + #: ../src/firewall-applet.in:892 +@@ -260,13 +262,16 @@ msgid "" + "Default zone '{default_zone}' {activated_deactivated} for connection " + "'{connection}' on interface '{interface}'" + msgstr "" +-"預設界域「{default_zone}」{activated_deactivated}:連線「{connection}」,介面「{interface}」" ++"預設界域「{default_zone}」{activated_deactivated}:連線「{connection}」,介面" ++"「{interface}」" + + #: ../src/firewall-applet.in:1042 + msgid "" + "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " + "interface '{interface}'" +-msgstr "界域「{zone}」{activated_deactivated}:連線「{connection}」,介面「{interface}」" ++msgstr "" ++"界域「{zone}」{activated_deactivated}:連線「{connection}」,介面" ++"「{interface}」" + + #: ../src/firewall-applet.in:1047 + msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" +@@ -649,9 +654,11 @@ msgstr "ipv6" + + #: ../src/firewall-config.in:5014 + msgid "" +-"Forwarding to another system is only useful if the interface is masqueraded.\n" ++"Forwarding to another system is only useful if the interface is " ++"masqueraded.\n" + "Do you want to masquerade this zone ?" +-msgstr "轉送至其他系統的功能僅在介面為偽裝之時才會有用。\n" ++msgstr "" ++"轉送至其他系統的功能僅在介面為偽裝之時才會有用。\n" + "您是否想要偽裝此界域?" + + #: ../src/firewall-config.in:5376 +@@ -682,7 +689,8 @@ msgstr "請從格式位址(或遮罩)輸入 IPV4 或 IPV6 位址。" + msgid "" + "The mask can be a network mask or a number for ipv4.\n" + "The mask is a number for ipv6." +-msgstr "IPv4 遮罩可以是網路遮罩或數字。\n" ++msgstr "" ++"IPv4 遮罩可以是網路遮罩或數字。\n" + "IPv6 遮罩是數字。" + + #: ../src/firewall-config.in:5776 +@@ -836,7 +844,8 @@ msgstr "目的地" + msgid "" + "If you enable local forwarding, you have to specify a port. This port has to " + "be different to the source port." +-msgstr "若您啟用本地端轉送,您就必須要指定連接埠。這個連接埠必須和來源連接埠不同。" ++msgstr "" ++"若您啟用本地端轉送,您就必須要指定連接埠。這個連接埠必須和來源連接埠不同。" + + #: ../src/firewall-config.glade.h:30 + msgid "Local forwarding" +@@ -944,7 +953,9 @@ msgid "" + "runtime configuration. i.e. all runtime only changes done until reload are " + "lost with reload if they have not been also in permanent configuration." + msgstr "" +-"重新載入防火牆規則。目前的永久組態會變成新的執行時期組態。舉例,所有的執行時期下的變動直到重新載入前都會有效:只要改變不是設在永久組態中,那麼一旦重新載入後所有改動都會消失。" ++"重新載入防火牆規則。目前的永久組態會變成新的執行時期組態。舉例,所有的執行時" ++"期下的變動直到重新載入前都會有效:只要改變不是設在永久組態中,那麼一旦重新載" ++"入後所有改動都會消失。" + + #: ../src/firewall-config.glade.h:60 + msgid "Change which zone a network connection belongs to." +@@ -986,7 +997,8 @@ msgstr "恐慌模式" + msgid "" + "Lockdown locks firewall configuration so that only applications on lockdown " + "whitelist are able to change it." +-msgstr "封鎖管制會鎖上防火牆組態,只有封鎖管制白名單中列出的應用程式可以改動組態。" ++msgstr "" ++"封鎖管制會鎖上防火牆組態,只有封鎖管制白名單中列出的應用程式可以改動組態。" + + #: ../src/firewall-config.glade.h:71 + msgid "Lockdown" +@@ -1059,7 +1071,9 @@ msgid "" + "Currently visible configuration. Runtime configuration is the actual active " + "configuration. Permanent configuration will be active after service or " + "system reload or restart." +-msgstr "目前可見的組態。執行時期組態為實際使用中組態。永久組態將在服務或系統重新載入或重新啟動之後啟動。" ++msgstr "" ++"目前可見的組態。執行時期組態為實際使用中組態。永久組態將在服務或系統重新載入" ++"或重新啟動之後啟動。" + + #: ../src/firewall-config.glade.h:88 + msgid "" +@@ -1069,8 +1083,9 @@ msgid "" + "filters and rich rules. The zone can be bound to interfaces and source " + "addresses." + msgstr "" +-"firewalld 界域所定義的是綁定該界域之網路連線、介面、來源位址的信任等級。界域能結合服務、連接埠、協定、偽裝、連接埠/封包轉送、icmp " +-"過濾、豐富規則等。界域可以與介面、來源位址等綁定。" ++"firewalld 界域所定義的是綁定該界域之網路連線、介面、來源位址的信任等級。界域" ++"能結合服務、連接埠、協定、偽裝、連接埠/封包轉送、icmp 過濾、豐富規則等。界域" ++"可以與介面、來源位址等綁定。" + + #: ../src/firewall-config.glade.h:90 + msgid "Add Zone" +@@ -1093,7 +1108,9 @@ msgid "" + "Here you can define which services are trusted in the zone. Trusted services " + "are accessible from all hosts and networks that can reach the machine from " + "connections, interfaces and sources bound to this zone." +-msgstr "你可以在此處定義該界域中有哪些服務值得信任。只要此界域所綁定之連線、介面、來源的主機與網路能觸及本機,則皆可存取這些信任的服務。" ++msgstr "" ++"你可以在此處定義該界域中有哪些服務值得信任。只要此界域所綁定之連線、介面、來" ++"源的主機與網路能觸及本機,則皆可存取這些信任的服務。" + + #: ../src/firewall-config.glade.h:95 + msgid "Services" +@@ -1157,8 +1174,8 @@ msgid "" + "network to the internet. Your local network will not be visible and the " + "hosts appear as a single address on the internet. Masquerading is IPv4 only." + msgstr "" +-"偽裝可讓您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路不會被看見,且眾主機在網際網路上會顯示成單一位址。偽裝功能僅適用於 " +-"IPv4。" ++"偽裝可讓您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路" ++"不會被看見,且眾主機在網際網路上會顯示成單一位址。偽裝功能僅適用於 IPv4。" + + #: ../src/firewall-config.glade.h:109 + msgid "Masquerade zone" +@@ -1181,7 +1198,8 @@ msgid "" + "system is only useful if the interface is masqueraded. Port forwarding is " + "IPv4 only." + msgstr "" +-"新增條目來從本地端系統上的一個連接埠轉送至另一個連接埠,或由本地端系統轉送至另一部系統。僅在介面卡偽裝時才能轉送至另一部系統。連接埠轉送功能僅適用於 " ++"新增條目來從本地端系統上的一個連接埠轉送至另一個連接埠,或由本地端系統轉送至" ++"另一部系統。僅在介面卡偽裝時才能轉送至另一部系統。連接埠轉送功能僅適用於 " + "IPv4。" + + #: ../src/firewall-config.glade.h:113 +@@ -1202,20 +1220,24 @@ msgid "" + "messages between networked computers, but additionally for informational " + "messages like ping requests and replies." + msgstr "" +-"網際網路控制訊息通訊協定 (Internet Control Message Protocol, ICMP) " +-"主要用在連網電腦間錯誤訊息的傳送,不過也能被用來傳送像是 ping 請求和回應的資訊訊息。" ++"網際網路控制訊息通訊協定 (Internet Control Message Protocol, ICMP) 主要用在連" ++"網電腦間錯誤訊息的傳送,不過也能被用來傳送像是 ping 請求和回應的資訊訊息。" + + #: ../src/firewall-config.glade.h:117 + msgid "" + "Mark the ICMP types in the list, which should be rejected. All other ICMP " + "types are allowed to pass the firewall. The default is no limitation." +-msgstr "將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則允許通過防火牆。預設值為無限制。" ++msgstr "" ++"將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則允許通過防火牆。預設值" ++"為無限制。" + + #: ../src/firewall-config.glade.h:118 + msgid "" + "If Invert Filter is enabled, marked ICMP entries are accepted and the others " + "are rejected. In a zone with the target DROP, they are dropped." +-msgstr "如果啟用了反轉篩選器,系統會接受已標示的 ICMP 項目,但拒絕其他項目。在目標為 DROP 的界域中,它們會被丟棄。" ++msgstr "" ++"如果啟用了反轉篩選器,系統會接受已標示的 ICMP 項目,但拒絕其他項目。在目標為 " ++"DROP 的界域中,它們會被丟棄。" + + #: ../src/firewall-config.glade.h:119 + msgid "Invert Filter" +@@ -1249,7 +1271,9 @@ msgstr "豐富規則" + msgid "" + "Add entries to bind interfaces to the zone. If the interface will be used by " + "a connection, the zone will be set to the zone specified in the connection." +-msgstr "請添加條目來將介面與此界域綁定。如果介面會被某連線使用,則界域將被設為連線中所指定的界域。" ++msgstr "" ++"請添加條目來將介面與此界域綁定。如果介面會被某連線使用,則界域將被設為連線中" ++"所指定的界域。" + + #: ../src/firewall-config.glade.h:127 + msgid "Add Interface" +@@ -1269,8 +1293,8 @@ msgid "" + "to a MAC source address, but with limitations. Port forwarding and " + "masquerading will not work for MAC source bindings." + msgstr "" +-"請添加條目來將來源位址或區域與此界域綁定。您也可以綁定至 MAC 來源位址,但有限制。port forwarding 與 masquerading " +-"都無法在 MAC 來源綁定上運作。" ++"請添加條目來將來源位址或區域與此界域綁定。您也可以綁定至 MAC 來源位址,但有限" ++"制。port forwarding 與 masquerading 都無法在 MAC 來源綁定上運作。" + + #: ../src/firewall-config.glade.h:132 + msgid "Add Source" +@@ -1347,7 +1371,8 @@ msgid "" + "If you specify destination addresses, the service entry will be limited to " + "the destination address and type. If both entries are empty, there is no " + "limitation." +-msgstr "若您指定目標位址,服務條目將限於目的地位址與類型。若兩條目皆空,則沒有限制。" ++msgstr "" ++"若您指定目標位址,服務條目將限於目的地位址與類型。若兩條目皆空,則沒有限制。" + + #: ../src/firewall-config.glade.h:151 + msgid "IPv4:" +@@ -1367,7 +1392,9 @@ msgstr "服務僅可以在永久組態檢視下更動。服務的執行時期組 + msgid "" + "An IPSet can be used to create white or black lists and is able to store for " + "example IP addresses, port numbers or MAC addresses. " +-msgstr "IPSet 可以用來建立白名單或黑名單,且可以儲存例如 IP 位址、連接埠號、或 MAC 位址等。" ++msgstr "" ++"IPSet 可以用來建立白名單或黑名單,且可以儲存例如 IP 位址、連接埠號、或 MAC 位" ++"址等。" + + #: ../src/firewall-config.glade.h:155 + msgid "IPSet" +@@ -1396,14 +1423,16 @@ msgid "" + "added by firewalld. Entries, that have been directly added with the ipset " + "command wil not be listed here." + msgstr "" +-"IPSet 的條目。您只能看到未使用逾時選項的 IPset 條目,以及加入 firewalld 的條目。已經透過 ipset " +-"指令直接加入的條目不會在此列出。" ++"IPSet 的條目。您只能看到未使用逾時選項的 IPset 條目,以及加入 firewalld 的條" ++"目。已經透過 ipset 指令直接加入的條目不會在此列出。" + + #: ../src/firewall-config.glade.h:161 + msgid "" + "This IPSet uses the timeout option, therefore no entries are visible here. " + "The entries should be taken care directly with the ipset command." +-msgstr "這 IPSet 使用逾時值,因此此處看不到任何條目。這些條目應該直接透過 ipset 指令來處理。" ++msgstr "" ++"這 IPSet 使用逾時值,因此此處看不到任何條目。這些條目應該直接透過 ipset 指令" ++"來處理。" + + #: ../src/firewall-config.glade.h:162 + msgid "Add" +@@ -1423,8 +1452,8 @@ msgid "" + "A firewalld icmptype provides the information for an Internet Control " + "Message Protocol (ICMP) type for firewalld." + msgstr "" +-"firewalld icmptype 為 firewalld 提供網際網路控制訊息協定 (ICMP,Internet Control Message " +-"Protocol) 類型資訊。" ++"firewalld icmptype 為 firewalld 提供網際網路控制訊息協定 (ICMP,Internet " ++"Control Message Protocol) 類型資訊。" + + #: ../src/firewall-config.glade.h:167 + msgid "Add ICMP Type" +@@ -1450,7 +1479,8 @@ msgstr "指明此 ICMP 類型在 IPv4 與/或 IPv6 中是否可用。" + msgid "" + "ICMP Types can only be changed in the permanent configuration view. The " + "runtime configuration of ICMP Types is fixed." +-msgstr "ICMP 類型僅可以在永久組態檢視下更動。ICMP 類型的執行時期組態是固定不變的。" ++msgstr "" ++"ICMP 類型僅可以在永久組態檢視下更動。ICMP 類型的執行時期組態是固定不變的。" + + #: ../src/firewall-config.glade.h:173 + msgid "" +@@ -1458,7 +1488,9 @@ msgid "" + "using different flows for signaling and data transfers. The data transfers " + "are using ports that are unrelated to the signaling connection and are " + "therefore blocked by the firewall without the helper." +-msgstr "連線追蹤輔助器是要輔助使用不同訊號、資料傳輸流向的協定運作。資料傳輸若使用無關訊號連線的連接埠,在沒有輔助器的情況下會被防火牆封鎖。" ++msgstr "" ++"連線追蹤輔助器是要輔助使用不同訊號、資料傳輸流向的協定運作。資料傳輸若使用無" ++"關訊號連線的連接埠,在沒有輔助器的情況下會被防火牆封鎖。" + + #: ../src/firewall-config.glade.h:174 + msgid "Define ports or port ranges, which are monitored by the helper." +@@ -1471,8 +1503,9 @@ msgid "" + "commands, parameters and targets. Direct configuration should be used only " + "as a last resort when it is not possible to use other firewalld features." + msgstr "" +-"直接組態讓您可以更直接地存取防火牆。這些選項需要使用者知曉基礎的 iptables " +-"概念,例如表格、鏈條、指令、參數、目標等。直接組態應該謹以「最後的避風港」的心態對待,只在無法使用其他 firewalld 功能時才使用。" ++"直接組態讓您可以更直接地存取防火牆。這些選項需要使用者知曉基礎的 iptables 概" ++"念,例如表格、鏈條、指令、參數、目標等。直接組態應該謹以「最後的避風港」的心" ++"態對待,只在無法使用其他 firewalld 功能時才使用。" + + #: ../src/firewall-config.glade.h:176 + msgid "" +@@ -1480,8 +1513,8 @@ msgid "" + "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " + "bridges (ebtables)." + msgstr "" +-"每個選項的 ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 ip6tables,而 eb " +-"用於乙太網路接橋 (ebtables)。" ++"每個選項的 ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 " ++"ip6tables,而 eb 用於乙太網路接橋 (ebtables)。" + + #: ../src/firewall-config.glade.h:177 + msgid "Additional chains for use with rules." +@@ -1517,8 +1550,10 @@ msgid "" + "after another one, use a low priority for the first and a higher for the " + "following." + msgstr "" +-"優先等級用來排序規則。優先等級 0 " +-"代表將規則加到鏈條頂端;優先等級數字越高,規則會越往後擺放。相同優先等級的規則位在同個等級中,而這些規則的順序並非固定而可能變動。如果您想要確保某規則在某個規則之後才加入,前者請使用較低的優先等級,後者請使用較高的優先等級。" ++"優先等級用來排序規則。優先等級 0 代表將規則加到鏈條頂端;優先等級數字越高,規" ++"則會越往後擺放。相同優先等級的規則位在同個等級中,而這些規則的順序並非固定而" ++"可能變動。如果您想要確保某規則在某個規則之後才加入,前者請使用較低的優先等" ++"級,後者請使用較高的優先等級。" + + #: ../src/firewall-config.glade.h:184 + msgid "Add Rule" +@@ -1541,7 +1576,9 @@ msgid "" + "The passthrough rules are directly passed through to the firewall and are " + "not placed in special chains. All iptables, ip6tables and ebtables options " + "can be used." +-msgstr "通透規則會直接傳遞給防火牆,而不會放入特殊鏈條中。所有的 iptabls、ip6tables 與 ebtables 選項皆可使用。" ++msgstr "" ++"通透規則會直接傳遞給防火牆,而不會放入特殊鏈條中。所有的 iptabls、ip6tables " ++"與 ebtables 選項皆可使用。" + + #: ../src/firewall-config.glade.h:189 + msgid "Please be careful with passthrough rules to not damage the firewall." +@@ -1569,7 +1606,8 @@ msgid "" + "firewalld. It limits changes to the firewall. The lockdown whitelist can " + "contain commands, contexts, users and user ids." + msgstr "" +-"封鎖管制功能是 firewalld 其使用者與應用程式方針的輕量版。它會限制防火牆的更動。封鎖管制白名單可以包含指令、情境、使用者與使用者 ID。" ++"封鎖管制功能是 firewalld 其使用者與應用程式方針的輕量版。它會限制防火牆的更" ++"動。封鎖管制白名單可以包含指令、情境、使用者與使用者 ID。" + + #: ../src/firewall-config.glade.h:195 + msgid "" +@@ -1577,8 +1615,8 @@ msgid "" + "service. To get the context of a running application use ps -e --" + "context." + msgstr "" +-"情境是指執行中應用程式或服務的安全情境 (SELinux 情境)。若要取得執行中應用程式的情境,請使用指令 ps -e --context。" ++"情境是指執行中應用程式或服務的安全情境 (SELinux 情境)。若要取得執行中應用程式" ++"的情境,請使用指令 ps -e --context。" + + #: ../src/firewall-config.glade.h:196 + msgid "Add Context" +@@ -1601,7 +1639,9 @@ msgid "" + "If a command entry on the whitelist ends with an asterisk '*', then all " + "command lines starting with the command will match. If the '*' is not there " + "the absolute command inclusive arguments must match." +-msgstr "如果白名單中的指令條目是以米字號「*」結尾,則所有以該指令列開頭的任何指令皆會匹配。如果「*」並非結尾,則必須精確符合該指令與相關引數。" ++msgstr "" ++"如果白名單中的指令條目是以米字號「*」結尾,則所有以該指令列開頭的任何指令皆會" ++"匹配。如果「*」並非結尾,則必須精確符合該指令與相關引數。" + + #: ../src/firewall-config.glade.h:201 + msgid "Add Command Line" +@@ -1843,9 +1883,11 @@ msgstr "反轉" + + #: ../src/firewall-config.glade.h:266 + msgid "" +-"To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' " +-"(not both)." +-msgstr "要啟用此功能,「動作」必須是「拒絕」而「家族」必須是「ipv4」或「ipv6」(而非兩者)。" ++"To enable this Action has to be 'reject' and Family either 'ipv4' or " ++"'ipv6' (not both)." ++msgstr "" ++"要啟用此功能,「動作」必須是「拒絕」而「家族」必須是「ipv4」或「ipv6」(而非" ++"兩者)。" + + #: ../src/firewall-config.glade.h:267 + msgid "with Type:" +-- +2.20.1 + diff --git a/SOURCES/0056-Change-interface-can-accept-permanent-option.patch b/SOURCES/0056-Change-interface-can-accept-permanent-option.patch new file mode 100644 index 0000000..1f97069 --- /dev/null +++ b/SOURCES/0056-Change-interface-can-accept-permanent-option.patch @@ -0,0 +1,41 @@ +From 084d390730a0007da369a1a1b25265e6da624446 Mon Sep 17 00:00:00 2001 +From: Ondrej Holecek +Date: Mon, 29 Apr 2019 17:26:25 +0200 +Subject: [PATCH 56/73] Change-interface can accept permanent option + +(cherry picked from commit 2f0293141e2e1468fa1fe8a0293905595a06587c) +(cherry picked from commit 3d211246d85afd230cda41c08c6fa27acc4a8c04) +--- + doc/xml/firewall-cmd.xml.in | 2 +- + src/firewall-cmd.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/xml/firewall-cmd.xml.in b/doc/xml/firewall-cmd.xml.in +index 5f25661b4a0e..cd4aa47addb2 100644 +--- a/doc/xml/firewall-cmd.xml.in ++++ b/doc/xml/firewall-cmd.xml.in +@@ -935,7 +935,7 @@ For interfaces that are not under control of NetworkManager, firewalld tries to + + + +- =zone =interface ++ =zone =interface + + + If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. +diff --git a/src/firewall-cmd.in b/src/firewall-cmd.in +index d44f00a67a93..2aed703103d3 100755 +--- a/src/firewall-cmd.in ++++ b/src/firewall-cmd.in +@@ -309,7 +309,7 @@ Options to Handle Bindings of Interfaces + --add-interface= + Bind the to a zone [P] [Z] + --change-interface= +- Change zone the is bound to [Z] ++ Change zone the is bound to [P] [Z] + --query-interface= + Query whether is bound to a zone [P] [Z] + --remove-interface= +-- +2.20.1 + diff --git a/SOURCES/0057-fix-tests-update-package.m4-if-makefile-changed.patch b/SOURCES/0057-fix-tests-update-package.m4-if-makefile-changed.patch new file mode 100644 index 0000000..b289902 --- /dev/null +++ b/SOURCES/0057-fix-tests-update-package.m4-if-makefile-changed.patch @@ -0,0 +1,30 @@ +From 64d1c943789a56ae57415d22dbc449e338ee72dd Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 30 May 2019 09:45:07 -0400 +Subject: [PATCH 57/73] fix: tests: update package.m4 if makefile changed + +A common case is if we've done another ./configure and changed variables +that get passed down via package.m4. + +(cherry picked from commit b2c98d9aadc3c4bc7306240381f1750a36850d09) +(cherry picked from commit 98509ff38257a7c43f6878030806035d7b54d23f) +--- + src/tests/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index 2a5645ba81d8..7a644ca915c1 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -9,7 +9,7 @@ EXTRA_DIST = \ + $(TESTSUITE_FILES) \ + $(srcdir)/package.m4 + +-$(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec ++$(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile + :;{ \ + echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ + echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ +-- +2.20.1 + diff --git a/SOURCES/0058-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch b/SOURCES/0058-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch new file mode 100644 index 0000000..d2db431 --- /dev/null +++ b/SOURCES/0058-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch @@ -0,0 +1,35 @@ +From 8123b9f3a3f114588ca3feea6386da2a3618dbca Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 30 May 2019 09:45:59 -0400 +Subject: [PATCH 58/73] fix: tests/functions: define HOST_SUPPORTS_IP6TABLES + value immediately + +(cherry picked from commit 6644eddbb219d83f4cb59523bfa873b4b1869e78) +(cherry picked from commit 92d2b3673de44b2c1bb6cdfd1ff49df0158df374) +--- + src/tests/functions.at | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 4edc484ca402..542b6b4bfc25 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -385,13 +385,13 @@ m4_ifnblank( + + m4_define([NFT_NUMERIC_ARGS], m4_esyscmd([nft -h |grep "numeric-protocol" >/dev/null && echo -n "" || { echo -n "-" && echo -n "nn"; } ])) + +-m4_define([HOST_SUPPORTS_IP6TABLES], [m4_esyscmd( ++m4_define([HOST_SUPPORTS_IP6TABLES], m4_esyscmd( + if IP6TABLES -L >/dev/null 2>&1; then + echo -n "yes" + else + echo -n "no" + fi +-)]) ++)) + + m4_define([IF_IPV6_SUPPORTED], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ +-- +2.20.1 + diff --git a/SOURCES/0059-fix-do-not-allow-zone-drifting.patch b/SOURCES/0059-fix-do-not-allow-zone-drifting.patch new file mode 100644 index 0000000..d8bae0a --- /dev/null +++ b/SOURCES/0059-fix-do-not-allow-zone-drifting.patch @@ -0,0 +1,426 @@ +From 74760c43588be65303795397717d4aa5ef5e4236 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 29 May 2019 15:21:34 -0400 +Subject: [PATCH 59/73] fix: do not allow zone drifting + +Chain zone dispatch together and always use "goto". This guarantees +there is no fall through to other zones. This was especially problematic +in regards to the default zone. + +This removes the _ZONES_SOURCE chains, but adds _ZONES_IFACES. At the +end of _ZONES we do a goto to _ZONES_IFACES. This is so sources always +take precedence over interfaces. + +Fixes: #258 +Fixes: #441 +(cherry picked from commit 70993581d79beb40a3d23bd8cbfb776ad5df5dca) +(cherry picked from commit 16c7603b57d5b07389e9c2ba0ca8b4836b2aaf93) +--- + src/firewall/core/fw_zone.py | 6 +-- + src/firewall/core/ipXtables.py | 70 ++++++++++++++++------------------ + src/firewall/core/nftables.py | 67 +++++++++++++++----------------- + src/tests/firewall-cmd.at | 8 ++-- + 4 files changed, 69 insertions(+), 82 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index ee02a161bcfb..90ae1036f124 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -1514,8 +1514,7 @@ class FirewallZone(object): + zone_transaction.add_chain(table, chain) + + rules = backend.build_zone_source_interface_rules(enable, +- zone, self._zones[zone].target, +- interface, table, chain, append) ++ zone, interface, table, chain, append) + zone_transaction.add_rules(backend, rules) + + # IPSETS +@@ -1555,8 +1554,7 @@ class FirewallZone(object): + zone_transaction.add_chain(table, chain) + + rules = backend.build_zone_source_address_rules(enable, zone, +- self._zones[zone].target, source, table, +- chain) ++ source, table, chain) + zone_transaction.add_rules(backend, rules) + + def _rule_prepare(self, enable, zone, rule, mark_id, zone_transaction): +diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py +index 4a9c06242f08..c2339e40539a 100644 +--- a/src/firewall/core/ipXtables.py ++++ b/src/firewall/core/ipXtables.py +@@ -526,11 +526,11 @@ class ip4tables(object): + self.our_chains["raw"].add("%s_direct" % chain) + + if chain == "PREROUTING": +- default_rules["raw"].append("-N %s_ZONES_SOURCE" % chain) + default_rules["raw"].append("-N %s_ZONES" % chain) +- default_rules["raw"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) ++ default_rules["raw"].append("-N %s_ZONES_IFACES" % chain) + default_rules["raw"].append("-A %s -j %s_ZONES" % (chain, chain)) +- self.our_chains["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ default_rules["raw"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) ++ self.our_chains["raw"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) + + if self.get_available_tables("mangle"): + default_rules["mangle"] = [ ] +@@ -541,11 +541,11 @@ class ip4tables(object): + self.our_chains["mangle"].add("%s_direct" % chain) + + if chain == "PREROUTING": +- default_rules["mangle"].append("-N %s_ZONES_SOURCE" % chain) + default_rules["mangle"].append("-N %s_ZONES" % chain) +- default_rules["mangle"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) ++ default_rules["mangle"].append("-N %s_ZONES_IFACES" % chain) + default_rules["mangle"].append("-A %s -j %s_ZONES" % (chain, chain)) +- self.our_chains["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ default_rules["mangle"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) ++ self.our_chains["mangle"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) + + if self.get_available_tables("nat"): + default_rules["nat"] = [ ] +@@ -556,22 +556,22 @@ class ip4tables(object): + self.our_chains["nat"].add("%s_direct" % chain) + + if chain in [ "PREROUTING", "POSTROUTING" ]: +- default_rules["nat"].append("-N %s_ZONES_SOURCE" % chain) + default_rules["nat"].append("-N %s_ZONES" % chain) +- default_rules["nat"].append("-A %s -j %s_ZONES_SOURCE" % (chain, chain)) ++ default_rules["nat"].append("-N %s_ZONES_IFACES" % chain) + default_rules["nat"].append("-A %s -j %s_ZONES" % (chain, chain)) +- self.our_chains["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ default_rules["nat"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) ++ self.our_chains["nat"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) + + default_rules["filter"] = [ + "-N INPUT_direct", +- "-N INPUT_ZONES_SOURCE", + "-N INPUT_ZONES", ++ "-N INPUT_ZONES_IFACES", + + "-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", + "-A INPUT -i lo -j ACCEPT", + "-A INPUT -j INPUT_direct", +- "-A INPUT -j INPUT_ZONES_SOURCE", + "-A INPUT -j INPUT_ZONES", ++ "-A INPUT_ZONES -g INPUT_ZONES_IFACES", + ] + if log_denied != "off": + default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") +@@ -582,18 +582,18 @@ class ip4tables(object): + + default_rules["filter"] += [ + "-N FORWARD_direct", +- "-N FORWARD_IN_ZONES_SOURCE", + "-N FORWARD_IN_ZONES", +- "-N FORWARD_OUT_ZONES_SOURCE", + "-N FORWARD_OUT_ZONES", ++ "-N FORWARD_IN_ZONES_IFACES", ++ "-N FORWARD_OUT_ZONES_IFACES", + + "-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", + "-A FORWARD -i lo -j ACCEPT", + "-A FORWARD -j FORWARD_direct", +- "-A FORWARD -j FORWARD_IN_ZONES_SOURCE", + "-A FORWARD -j FORWARD_IN_ZONES", +- "-A FORWARD -j FORWARD_OUT_ZONES_SOURCE", + "-A FORWARD -j FORWARD_OUT_ZONES", ++ "-A FORWARD_IN_ZONES -g FORWARD_IN_ZONES_IFACES", ++ "-A FORWARD_OUT_ZONES -g FORWARD_OUT_ZONES_IFACES", + ] + if log_denied != "off": + default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") +@@ -609,10 +609,10 @@ class ip4tables(object): + "-A OUTPUT -j OUTPUT_direct", + ] + +- self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES_SOURCE", "INPUT_ZONES", +- "FORWARD_direct", "FORWARD_IN_ZONES_SOURCE", +- "FORWARD_IN_ZONES", "FORWARD_OUT_ZONES_SOURCE", +- "FORWARD_OUT_ZONES", "OUTPUT_direct"]) ++ self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES", "INPUT_ZONES_IFACES" ++ "FORWARD_direct", "FORWARD_IN_ZONES", ++ "FORWARD_IN_ZONES_IFACES" "FORWARD_OUT_ZONES", ++ "FORWARD_OUT_ZONES_IFACES", "OUTPUT_direct"]) + + final_default_rules = [] + for table in default_rules: +@@ -639,9 +639,8 @@ class ip4tables(object): + + return {} + +- def build_zone_source_interface_rules(self, enable, zone, zone_target, +- interface, table, chain, +- append=False): ++ def build_zone_source_interface_rules(self, enable, zone, interface, ++ table, chain, append=False): + # handle all zones in the same way here, now + # trust and block zone targets are handled now in __chain + opt = { +@@ -654,22 +653,20 @@ class ip4tables(object): + }[chain] + + target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) +- if zone_target == DEFAULT_ZONE_TARGET: +- action = "-g" +- else: +- action = "-j" ++ action = "-g" ++ + if enable and not append: +- rule = [ "-I", "%s_ZONES" % chain, "1" ] ++ rule = [ "-I", "%s_ZONES_IFACES" % chain, "1" ] + elif enable: +- rule = [ "-A", "%s_ZONES" % chain ] ++ rule = [ "-A", "%s_ZONES_IFACES" % chain ] + else: +- rule = [ "-D", "%s_ZONES" % chain ] ++ rule = [ "-D", "%s_ZONES_IFACES" % chain ] + rule += [ "-t", table, opt, interface, action, target ] + return [rule] + +- def build_zone_source_address_rules(self, enable, zone, zone_target, ++ def build_zone_source_address_rules(self, enable, zone, + address, table, chain): +- add_del = { True: "-A", False: "-D" }[enable] ++ add_del = { True: "-I", False: "-D" }[enable] + + opt = { + "PREROUTING": "-s", +@@ -681,10 +678,7 @@ class ip4tables(object): + }[chain] + + target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) +- if zone_target == DEFAULT_ZONE_TARGET: +- action = "-g" +- else: +- action = "-j" ++ action = "-g" + + if address.startswith("ipset:"): + name = address[6:] +@@ -694,7 +688,7 @@ class ip4tables(object): + opt = "src" + flags = ",".join([opt] * self._fw.ipset.get_dimension(name)) + rule = [ add_del, +- "%s_ZONES_SOURCE" % chain, "-t", table, ++ "%s_ZONES" % chain, "-t", table, + "-m", "set", "--match-set", name, + flags, action, target ] + else: +@@ -703,12 +697,12 @@ class ip4tables(object): + if opt == "-d": + return "" + rule = [ add_del, +- "%s_ZONES_SOURCE" % chain, "-t", table, ++ "%s_ZONES" % chain, "-t", table, + "-m", "mac", "--mac-source", address.upper(), + action, target ] + else: + rule = [ add_del, +- "%s_ZONES_SOURCE" % chain, "-t", table, ++ "%s_ZONES" % chain, "-t", table, + opt, address, action, target ] + return [rule] + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index bf41ed98a542..0fe686a01878 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -358,11 +358,11 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["raw"][chain][0], + IPTABLES_TO_NFT_HOOK["raw"][chain][1])) + +- default_rules.append("add chain inet %s raw_%s_ZONES_SOURCE" % (TABLE_NAME, chain)) + default_rules.append("add chain inet %s raw_%s_ZONES" % (TABLE_NAME, chain)) +- default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES_SOURCE" % (TABLE_NAME, chain, chain)) ++ default_rules.append("add chain inet %s raw_%s_ZONES_IFACES" % (TABLE_NAME, chain)) + default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES" % (TABLE_NAME, chain, chain)) +- OUR_CHAINS["inet"]["raw"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ default_rules.append("add rule inet %s raw_%s_ZONES goto raw_%s_ZONES_IFACES" % (TABLE_NAME, chain, chain)) ++ OUR_CHAINS["inet"]["raw"].update(set(["%s_ZONES_IFACES" % chain, "%s_ZONES" % chain])) + + OUR_CHAINS["inet"]["mangle"] = set() + for chain in IPTABLES_TO_NFT_HOOK["mangle"].keys(): +@@ -371,11 +371,11 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["mangle"][chain][0], + IPTABLES_TO_NFT_HOOK["mangle"][chain][1])) + +- default_rules.append("add chain inet %s mangle_%s_ZONES_SOURCE" % (TABLE_NAME, chain)) + default_rules.append("add chain inet %s mangle_%s_ZONES" % (TABLE_NAME, chain)) +- default_rules.append("add rule inet %s mangle_%s jump mangle_%s_ZONES_SOURCE" % (TABLE_NAME, chain, chain)) ++ default_rules.append("add chain inet %s mangle_%s_ZONES_IFACES" % (TABLE_NAME, chain)) + default_rules.append("add rule inet %s mangle_%s jump mangle_%s_ZONES" % (TABLE_NAME, chain, chain)) +- OUR_CHAINS["inet"]["mangle"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ default_rules.append("add rule inet %s mangle_%s_ZONES goto mangle_%s_ZONES_IFACES" % (TABLE_NAME, chain, chain)) ++ OUR_CHAINS["inet"]["mangle"].update(set(["%s_ZONES_IFACES" % chain, "%s_ZONES" % chain])) + + OUR_CHAINS["ip"]["nat"] = set() + OUR_CHAINS["ip6"]["nat"] = set() +@@ -386,11 +386,11 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["nat"][chain][0], + IPTABLES_TO_NFT_HOOK["nat"][chain][1])) + +- default_rules.append("add chain %s %s nat_%s_ZONES_SOURCE" % (family, TABLE_NAME, chain)) + default_rules.append("add chain %s %s nat_%s_ZONES" % (family, TABLE_NAME, chain)) +- default_rules.append("add rule %s %s nat_%s jump nat_%s_ZONES_SOURCE" % (family, TABLE_NAME, chain, chain)) ++ default_rules.append("add chain %s %s nat_%s_ZONES_IFACES" % (family, TABLE_NAME, chain)) + default_rules.append("add rule %s %s nat_%s jump nat_%s_ZONES" % (family, TABLE_NAME, chain, chain)) +- OUR_CHAINS[family]["nat"].update(set(["%s_ZONES_SOURCE" % chain, "%s_ZONES" % chain])) ++ default_rules.append("add rule %s %s nat_%s_ZONES goto nat_%s_ZONES_IFACES" % (family, TABLE_NAME, chain, chain)) ++ OUR_CHAINS[family]["nat"].update(set(["%s_ZONES_IFACES" % chain, "%s_ZONES" % chain])) + + OUR_CHAINS["inet"]["filter"] = set() + for chain in IPTABLES_TO_NFT_HOOK["filter"].keys(): +@@ -400,12 +400,12 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["filter"][chain][1])) + + # filter, INPUT +- default_rules.append("add chain inet %s filter_%s_ZONES_SOURCE" % (TABLE_NAME, "INPUT")) + default_rules.append("add chain inet %s filter_%s_ZONES" % (TABLE_NAME, "INPUT")) ++ default_rules.append("add chain inet %s filter_%s_ZONES_IFACES" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct state established,related accept" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s iifname lo accept" % (TABLE_NAME, "INPUT")) +- default_rules.append("add rule inet %s filter_%s jump filter_%s_ZONES_SOURCE" % (TABLE_NAME, "INPUT", "INPUT")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_ZONES" % (TABLE_NAME, "INPUT", "INPUT")) ++ default_rules.append("add rule inet %s filter_%s_ZONES goto filter_%s_ZONES_IFACES" % (TABLE_NAME, "INPUT", "INPUT")) + if log_denied != "off": + default_rules.append("add rule inet %s filter_%s ct state invalid %%%%LOGTYPE%%%% log prefix '\"STATE_INVALID_DROP: \"'" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct state invalid drop" % (TABLE_NAME, "INPUT")) +@@ -414,16 +414,16 @@ class nftables(object): + default_rules.append("add rule inet %s filter_%s reject with icmpx type admin-prohibited" % (TABLE_NAME, "INPUT")) + + # filter, FORWARD +- default_rules.append("add chain inet %s filter_%s_IN_ZONES_SOURCE" % (TABLE_NAME, "FORWARD")) + default_rules.append("add chain inet %s filter_%s_IN_ZONES" % (TABLE_NAME, "FORWARD")) +- default_rules.append("add chain inet %s filter_%s_OUT_ZONES_SOURCE" % (TABLE_NAME, "FORWARD")) ++ default_rules.append("add chain inet %s filter_%s_IN_ZONES_IFACES" % (TABLE_NAME, "FORWARD")) + default_rules.append("add chain inet %s filter_%s_OUT_ZONES" % (TABLE_NAME, "FORWARD")) ++ default_rules.append("add chain inet %s filter_%s_OUT_ZONES_IFACES" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct state established,related accept" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s iifname lo accept" % (TABLE_NAME, "FORWARD")) +- default_rules.append("add rule inet %s filter_%s jump filter_%s_IN_ZONES_SOURCE" % (TABLE_NAME, "FORWARD", "FORWARD")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_IN_ZONES" % (TABLE_NAME, "FORWARD", "FORWARD")) +- default_rules.append("add rule inet %s filter_%s jump filter_%s_OUT_ZONES_SOURCE" % (TABLE_NAME, "FORWARD", "FORWARD")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_OUT_ZONES" % (TABLE_NAME, "FORWARD", "FORWARD")) ++ default_rules.append("add rule inet %s filter_%s_IN_ZONES goto filter_%s_IN_ZONES_IFACES" % (TABLE_NAME, "FORWARD", "FORWARD")) ++ default_rules.append("add rule inet %s filter_%s_OUT_ZONES goto filter_%s_OUT_ZONES_IFACES" % (TABLE_NAME, "FORWARD", "FORWARD")) + if log_denied != "off": + default_rules.append("add rule inet %s filter_%s ct state invalid %%%%LOGTYPE%%%% log prefix '\"STATE_INVALID_DROP: \"'" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct state invalid drop" % (TABLE_NAME, "FORWARD")) +@@ -452,16 +452,16 @@ class nftables(object): + + return {} + +- def build_zone_source_interface_rules(self, enable, zone, zone_target, +- interface, table, chain, +- append=False, family="inet"): ++ def build_zone_source_interface_rules(self, enable, zone, interface, ++ table, chain, append=False, ++ family="inet"): + # nat tables needs to use ip/ip6 family + if table == "nat" and family == "inet": + rules = [] + rules.extend(self.build_zone_source_interface_rules(enable, zone, +- zone_target, interface, table, chain, append, "ip")) ++ interface, table, chain, append, "ip")) + rules.extend(self.build_zone_source_interface_rules(enable, zone, +- zone_target, interface, table, chain, append, "ip6")) ++ interface, table, chain, append, "ip6")) + return rules + + # handle all zones in the same way here, now +@@ -479,36 +479,34 @@ class nftables(object): + interface = interface[:len(interface)-1] + "*" + + target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) +- if zone_target == DEFAULT_ZONE_TARGET: +- action = "goto" +- else: +- action = "jump" ++ action = "goto" ++ + if enable and not append: +- rule = ["insert", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] ++ rule = ["insert", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] + elif enable: +- rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] ++ rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] + else: +- rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] ++ rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] + if interface == "*": + rule += [action, "%s_%s" % (table, target)] + else: + rule += [opt, "\"" + interface + "\"", action, "%s_%s" % (table, target)] + return [rule] + +- def build_zone_source_address_rules(self, enable, zone, zone_target, ++ def build_zone_source_address_rules(self, enable, zone, + address, table, chain, family="inet"): + # nat tables needs to use ip/ip6 family + if table == "nat" and family == "inet": + rules = [] + if check_address("ipv4", address) or check_mac(address): + rules.extend(self.build_zone_source_address_rules(enable, zone, +- zone_target, address, table, chain, "ip")) ++ address, table, chain, "ip")) + if check_address("ipv6", address) or check_mac(address): + rules.extend(self.build_zone_source_address_rules(enable, zone, +- zone_target, address, table, chain, "ip6")) ++ address, table, chain, "ip6")) + return rules + +- add_del = { True: "add", False: "delete" }[enable] ++ add_del = { True: "insert", False: "delete" }[enable] + + opt = { + "PREROUTING": "saddr", +@@ -520,10 +518,7 @@ class nftables(object): + }[chain] + + target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) +- if zone_target == DEFAULT_ZONE_TARGET: +- action = "goto" +- else: +- action = "jump" ++ action = "goto" + + if address.startswith("ipset:"): + ipset = address[len("ipset:"):] +@@ -541,7 +536,7 @@ class nftables(object): + rule_family = "ip6" + + rule = [add_del, "rule", family, "%s" % TABLE_NAME, +- "%s_%s_ZONES_SOURCE" % (table, chain), ++ "%s_%s_ZONES" % (table, chain), + rule_family, opt, address, action, "%s_%s" % (table, target)] + return [rule] + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index a3844151aeb3..0f9cac204ccd 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -138,14 +138,14 @@ FWD_START_TEST([zone interfaces]) + FWD_CHECK([--add-interface=foobar+++], 0, ignore) + FWD_CHECK([--add-interface=foobar+], 0, ignore) + m4_if(nftables, FIREWALL_BACKEND, [ +- NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl ++ NFT_LIST_RULES([inet], [filter_INPUT_ZONES_IFACES], 0, [dnl + table inet firewalld { +- chain filter_INPUT_ZONES { ++ chain filter_INPUT_ZONES_IFACES { + iifname "foobar*" goto filter_IN_public + iifname "foobar++*" goto filter_IN_public +- jump filter_IN_trusted ++ goto filter_IN_trusted + iifname "perm_dummy" goto filter_IN_work +- iifname "perm_dummy2" jump filter_IN_trusted ++ iifname "perm_dummy2" goto filter_IN_trusted + goto filter_IN_public + } + } +-- +2.20.1 + diff --git a/SOURCES/0060-test-add-coverage-for-258-and-441.patch b/SOURCES/0060-test-add-coverage-for-258-and-441.patch new file mode 100644 index 0000000..362e9bf --- /dev/null +++ b/SOURCES/0060-test-add-coverage-for-258-and-441.patch @@ -0,0 +1,472 @@ +From 959584ced5e1c1853b62ff5e15c3e9fa49837ea4 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 30 May 2019 16:16:51 -0400 +Subject: [PATCH 60/73] test: add coverage for #258 and #441 + +(cherry picked from commit 0c49548a4954a0c5f2a982fd3a46b135afa74965) +(cherry picked from commit 87235daf6290eba20c38178edca6c9bd7475caf3) +--- + src/tests/regression.at | 1 + + src/tests/regression/gh258.at | 441 ++++++++++++++++++++++++++++++++++ + 2 files changed, 442 insertions(+) + create mode 100644 src/tests/regression/gh258.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 8bcb576238e6..00690fc6459e 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -19,3 +19,4 @@ m4_include([regression/gh335.at]) + m4_include([regression/gh482.at]) + m4_include([regression/gh478.at]) + m4_include([regression/gh453.at]) ++m4_include([regression/gh258.at]) +diff --git a/src/tests/regression/gh258.at b/src/tests/regression/gh258.at +new file mode 100644 +index 000000000000..d0c4f2fa7432 +--- /dev/null ++++ b/src/tests/regression/gh258.at +@@ -0,0 +1,441 @@ ++FWD_START_TEST([zone dispatch layout]) ++AT_KEYWORDS(zone gh258 gh441) ++ ++FWD_CHECK([--zone=work --add-source="1.2.3.0/24"], 0, ignore) ++IF_IPV6_SUPPORTED([ ++FWD_CHECK([--zone=public --add-source="dead:beef::/54"], 0, ignore) ++]) ++FWD_CHECK([--zone=work --add-interface=dummy0], 0, ignore) ++FWD_CHECK([--zone=public --add-interface=dummy1], 0, ignore) ++ ++dnl verify layout of zone dispatch ++m4_if(nftables, FIREWALL_BACKEND, [ ++NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT { ++ ct state established,related accept ++ iifname "lo" accept ++ jump filter_INPUT_ZONES ++ ct state invalid drop ++ reject with icmpx type admin-prohibited ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT_ZONES { ++ ip6 saddr dead:beef::/54 goto filter_IN_public ++ ip saddr 1.2.3.0/24 goto filter_IN_work ++ goto filter_INPUT_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_INPUT_ZONES_IFACES], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT_ZONES_IFACES { ++ iifname "dummy1" goto filter_IN_public ++ iifname "dummy0" goto filter_IN_work ++ goto filter_IN_public ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD { ++ ct state established,related accept ++ iifname "lo" accept ++ jump filter_FORWARD_IN_ZONES ++ jump filter_FORWARD_OUT_ZONES ++ ct state invalid drop ++ reject with icmpx type admin-prohibited ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD_IN_ZONES { ++ ip6 saddr dead:beef::/54 goto filter_FWDI_public ++ ip saddr 1.2.3.0/24 goto filter_FWDI_work ++ goto filter_FORWARD_IN_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES_IFACES], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD_IN_ZONES_IFACES { ++ iifname "dummy1" goto filter_FWDI_public ++ iifname "dummy0" goto filter_FWDI_work ++ goto filter_FWDI_public ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD_OUT_ZONES { ++ ip6 daddr dead:beef::/54 goto filter_FWDO_public ++ ip daddr 1.2.3.0/24 goto filter_FWDO_work ++ goto filter_FORWARD_OUT_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES_IFACES], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD_OUT_ZONES_IFACES { ++ oifname "dummy1" goto filter_FWDO_public ++ oifname "dummy0" goto filter_FWDO_work ++ goto filter_FWDO_public ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl ++ table inet firewalld { ++ chain raw_PREROUTING { ++ m4_if(yes, HOST_SUPPORTS_NFT_FIB, [dnl ++ icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept ++ meta nfproto ipv6 fib saddr . iif oif missing drop ++ ])dnl ++ jump raw_PREROUTING_ZONES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES], 0, [dnl ++ table inet firewalld { ++ chain raw_PREROUTING_ZONES { ++ ip6 saddr dead:beef::/54 goto raw_PRE_public ++ ip saddr 1.2.3.0/24 goto raw_PRE_work ++ goto raw_PREROUTING_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES_IFACES], 0, [dnl ++ table inet firewalld { ++ chain raw_PREROUTING_ZONES_IFACES { ++ iifname "dummy1" goto raw_PRE_public ++ iifname "dummy0" goto raw_PRE_work ++ goto raw_PRE_public ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [mangle_PREROUTING], 0, [dnl ++ table inet firewalld { ++ chain mangle_PREROUTING { ++ jump mangle_PREROUTING_ZONES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES], 0, [dnl ++ table inet firewalld { ++ chain mangle_PREROUTING_ZONES { ++ ip6 saddr dead:beef::/54 goto mangle_PRE_public ++ ip saddr 1.2.3.0/24 goto mangle_PRE_work ++ goto mangle_PREROUTING_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES_IFACES], 0, [dnl ++ table inet firewalld { ++ chain mangle_PREROUTING_ZONES_IFACES { ++ iifname "dummy1" goto mangle_PRE_public ++ iifname "dummy0" goto mangle_PRE_work ++ goto mangle_PRE_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_PREROUTING], 0, [dnl ++ table ip firewalld { ++ chain nat_PREROUTING { ++ jump nat_PREROUTING_ZONES ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES], 0, [dnl ++ table ip firewalld { ++ chain nat_PREROUTING_ZONES { ++ ip saddr 1.2.3.0/24 goto nat_PRE_work ++ goto nat_PREROUTING_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES_IFACES], 0, [dnl ++ table ip firewalld { ++ chain nat_PREROUTING_ZONES_IFACES { ++ iifname "dummy1" goto nat_PRE_public ++ iifname "dummy0" goto nat_PRE_work ++ goto nat_PRE_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_POSTROUTING], 0, [dnl ++ table ip firewalld { ++ chain nat_POSTROUTING { ++ jump nat_POSTROUTING_ZONES ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl ++ table ip firewalld { ++ chain nat_POSTROUTING_ZONES { ++ ip daddr 1.2.3.0/24 goto nat_POST_work ++ goto nat_POSTROUTING_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_IFACES], 0, [dnl ++ table ip firewalld { ++ chain nat_POSTROUTING_ZONES_IFACES { ++ oifname "dummy1" goto nat_POST_public ++ oifname "dummy0" goto nat_POST_work ++ goto nat_POST_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_PREROUTING], 0, [dnl ++ table ip6 firewalld { ++ chain nat_PREROUTING { ++ jump nat_PREROUTING_ZONES ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES], 0, [dnl ++ table ip6 firewalld { ++ chain nat_PREROUTING_ZONES { ++ ip6 saddr dead:beef::/54 goto nat_PRE_public ++ goto nat_PREROUTING_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES_IFACES], 0, [dnl ++ table ip6 firewalld { ++ chain nat_PREROUTING_ZONES_IFACES { ++ iifname "dummy1" goto nat_PRE_public ++ iifname "dummy0" goto nat_PRE_work ++ goto nat_PRE_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_POSTROUTING], 0, [dnl ++ table ip6 firewalld { ++ chain nat_POSTROUTING { ++ jump nat_POSTROUTING_ZONES ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl ++ table ip6 firewalld { ++ chain nat_POSTROUTING_ZONES { ++ ip6 daddr dead:beef::/54 goto nat_POST_public ++ goto nat_POSTROUTING_ZONES_IFACES ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_IFACES], 0, [dnl ++ table ip firewalld { ++ chain nat_POSTROUTING_ZONES_IFACES { ++ oifname "dummy1" goto nat_POST_public ++ oifname "dummy0" goto nat_POST_work ++ goto nat_POST_public ++ } ++ } ++]) ++], [ ++ ++IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ++ INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ++ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ++]) ++IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [dnl ++ IN_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ ++ INPUT_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([filter], [INPUT_ZONES_IFACES], 0, [dnl ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ IN_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ++ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ++]) ++IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [dnl ++ FWDI_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ ++ FORWARD_IN_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_IFACES], 0, [dnl ++ FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ FWDI_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [dnl ++ FWDO_work all -- 0.0.0.0/0 1.2.3.0/24 @<:@goto@:>@ ++ FORWARD_OUT_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_IFACES], 0, [dnl ++ FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ FWDO_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl ++ PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++]) ++IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [dnl ++ PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ ++ PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES_IFACES], 0, [dnl ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl ++ PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++]) ++IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [dnl ++ PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ ++ PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES_IFACES], 0, [dnl ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl ++ PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++]) ++IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [dnl ++ PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ ++ PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES_IFACES], 0, [dnl ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl ++ POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++]) ++IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [dnl ++ POST_work all -- 0.0.0.0/0 1.2.3.0/24 @<:@goto@:>@ ++ POSTROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES_IFACES], 0, [dnl ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ POST_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ ++]) ++ ++ ++IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ++ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all ::/0 ::/0 ++ INPUT_direct all ::/0 ::/0 ++ INPUT_ZONES all ::/0 ::/0 ++ DROP all ::/0 ::/0 ctstate INVALID ++ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ++]) ++IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [dnl ++ IN_public all dead:beef::/54 ::/0 @<:@goto@:>@ ++ INPUT_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([filter], [INPUT_ZONES_IFACES], 0, [dnl ++ IN_public all ::/0 ::/0 @<:@goto@:>@ ++ IN_work all ::/0 ::/0 @<:@goto@:>@ ++ IN_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ++ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all ::/0 ::/0 ++ FORWARD_direct all ::/0 ::/0 ++ FORWARD_IN_ZONES all ::/0 ::/0 ++ FORWARD_OUT_ZONES all ::/0 ::/0 ++ DROP all ::/0 ::/0 ctstate INVALID ++ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [dnl ++ FWDI_public all dead:beef::/54 ::/0 @<:@goto@:>@ ++ FORWARD_IN_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_IFACES], 0, [dnl ++ FWDI_public all ::/0 ::/0 @<:@goto@:>@ ++ FWDI_work all ::/0 ::/0 @<:@goto@:>@ ++ FWDI_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [dnl ++ FWDO_public all ::/0 dead:beef::/54 @<:@goto@:>@ ++ FORWARD_OUT_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_IFACES], 0, [dnl ++ FWDO_public all ::/0 ::/0 @<:@goto@:>@ ++ FWDO_work all ::/0 ::/0 @<:@goto@:>@ ++ FWDO_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl ++ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ++ ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 ++ DROP all ::/0 ::/0 rpfilter invert ++ PREROUTING_direct all ::/0 ::/0 ++ PREROUTING_ZONES all ::/0 ::/0 ++]) ++IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [dnl ++ PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ ++ PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES_IFACES], 0, [dnl ++ PRE_public all ::/0 ::/0 @<:@goto@:>@ ++ PRE_work all ::/0 ::/0 @<:@goto@:>@ ++ PRE_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl ++ PREROUTING_direct all ::/0 ::/0 ++ PREROUTING_ZONES all ::/0 ::/0 ++]) ++IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [dnl ++ PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ ++ PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES_IFACES], 0, [dnl ++ PRE_public all ::/0 ::/0 @<:@goto@:>@ ++ PRE_work all ::/0 ::/0 @<:@goto@:>@ ++ PRE_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl ++ PREROUTING_direct all ::/0 ::/0 ++ PREROUTING_ZONES all ::/0 ::/0 ++]) ++IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [dnl ++ PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ ++ PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES_IFACES], 0, [dnl ++ PRE_public all ::/0 ::/0 @<:@goto@:>@ ++ PRE_work all ::/0 ::/0 @<:@goto@:>@ ++ PRE_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl ++ POSTROUTING_direct all ::/0 ::/0 ++ POSTROUTING_ZONES all ::/0 ::/0 ++]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [dnl ++ POST_public all ::/0 dead:beef::/54 @<:@goto@:>@ ++ POSTROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ ++]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES_IFACES], 0, [dnl ++ POST_public all ::/0 ::/0 @<:@goto@:>@ ++ POST_work all ::/0 ::/0 @<:@goto@:>@ ++ POST_public all ::/0 ::/0 @<:@goto@:>@ ++]) ++]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0061-fix-test-regression-gh258-add-missing-keyword-for-rh.patch b/SOURCES/0061-fix-test-regression-gh258-add-missing-keyword-for-rh.patch new file mode 100644 index 0000000..0e9b788 --- /dev/null +++ b/SOURCES/0061-fix-test-regression-gh258-add-missing-keyword-for-rh.patch @@ -0,0 +1,27 @@ +From d9d654c9ade21ce186da75239cc4dd75a4bccd4f Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 31 May 2019 10:28:08 -0400 +Subject: [PATCH 61/73] fix: test/regression/gh258: add missing keyword for + rhbz 1713823 + +Fixes: 0c49548a4954 ("test: add coverage for #258 and #441") +(cherry picked from commit 3903776a4f77698c42b629616b6b8db3d8906281) +(cherry picked from commit 32cea061aa8246f002c89fe45fb8546b57ef6339) +--- + src/tests/regression/gh258.at | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/regression/gh258.at b/src/tests/regression/gh258.at +index d0c4f2fa7432..3e5e961f6599 100644 +--- a/src/tests/regression/gh258.at ++++ b/src/tests/regression/gh258.at +@@ -1,5 +1,5 @@ + FWD_START_TEST([zone dispatch layout]) +-AT_KEYWORDS(zone gh258 gh441) ++AT_KEYWORDS(zone gh258 gh441 rhbz1713823) + + FWD_CHECK([--zone=work --add-source="1.2.3.0/24"], 0, ignore) + IF_IPV6_SUPPORTED([ +-- +2.20.1 + diff --git a/SOURCES/0062-fix-rich-rule-destination-with-services.patch b/SOURCES/0062-fix-rich-rule-destination-with-services.patch new file mode 100644 index 0000000..5ed91bb --- /dev/null +++ b/SOURCES/0062-fix-rich-rule-destination-with-services.patch @@ -0,0 +1,41 @@ +From 75ab7dbbf5a14be70d054fa153390d32acc5f805 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 6 Jun 2019 12:25:08 -0400 +Subject: [PATCH 62/73] fix: rich rule destination with services + +Fixes: rhbz 1715977 +(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57) +(cherry picked from commit 9cd642933d41a983c4cbdef6aa936151e89a05ef) +--- + src/firewall/core/fw_zone.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index 90ae1036f124..1f33b5504d54 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -1582,17 +1582,18 @@ class FirewallZone(object): + if type(rule.element) == Rich_Service: + svc = self._fw.service.get_service(rule.element.name) + +- destinations = [rule.destination] if rule.destination else [None] +- ++ destinations = [] + if len(svc.destination) > 0: + if rule.destination: + # we can not use two destinations at the same time + raise FirewallError(errors.INVALID_RULE, + "Destination conflict with service.") +- destinations = [] + for ipv in ipvs: + if ipv in svc.destination and backend.is_ipv_supported(ipv): + destinations.append(svc.destination[ipv]) ++ else: ++ # dummy for the following for loop ++ destinations.append(None) + + for destination in destinations: + if enable: +-- +2.20.1 + diff --git a/SOURCES/0063-test-coverage-for-rhbz-1715977.patch b/SOURCES/0063-test-coverage-for-rhbz-1715977.patch new file mode 100644 index 0000000..a25ead6 --- /dev/null +++ b/SOURCES/0063-test-coverage-for-rhbz-1715977.patch @@ -0,0 +1,44 @@ +From 18ca39a4e89297e61819aeab83b6e77c05d97f44 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 6 Jun 2019 11:51:11 -0400 +Subject: [PATCH 63/73] test: coverage for rhbz 1715977 + +(cherry picked from commit 3fb02f8d6648906bdf089a4734c939c809f85583) +(cherry picked from commit 819e7196c1aa79998b3b094805c51e4caf49a572) +--- + src/tests/regression.at | 1 + + src/tests/regression/rhbz1715977.at | 13 +++++++++++++ + 2 files changed, 14 insertions(+) + create mode 100644 src/tests/regression/rhbz1715977.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 00690fc6459e..3438c97f4633 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -20,3 +20,4 @@ m4_include([regression/gh482.at]) + m4_include([regression/gh478.at]) + m4_include([regression/gh453.at]) + m4_include([regression/gh258.at]) ++m4_include([regression/rhbz1715977.at]) +diff --git a/src/tests/regression/rhbz1715977.at b/src/tests/regression/rhbz1715977.at +new file mode 100644 +index 000000000000..0a05b14f9e3e +--- /dev/null ++++ b/src/tests/regression/rhbz1715977.at +@@ -0,0 +1,13 @@ ++FWD_START_TEST([rich rule destination with service destination]) ++AT_KEYWORDS(rich service rhbz1715977) ++ ++FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) ++FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept']) ++FWD_RELOAD ++ ++FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore]) ++FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept']) ++FWD_RELOAD ++FWD_GREP_LOG([WARNING: internal: INVALID_RULE: Destination conflict with service.]) ++ ++FWD_END_TEST([-e '/INVALID_RULE: Destination conflict with service/d']) +-- +2.20.1 + diff --git a/SOURCES/0064-fix-src-test-Makefile-dist-python-tests-as-well.patch b/SOURCES/0064-fix-src-test-Makefile-dist-python-tests-as-well.patch new file mode 100644 index 0000000..91da64a --- /dev/null +++ b/SOURCES/0064-fix-src-test-Makefile-dist-python-tests-as-well.patch @@ -0,0 +1,29 @@ +From 8b474e4c1afd56547d8bc7a52ac95c3938994555 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 13 Jun 2019 09:57:35 -0400 +Subject: [PATCH 64/73] fix: src/test/Makefile: dist python tests as well + +Python based tests were mistakenly left out of the tarball on "make +dist". + +(cherry picked from commit 937d2551da1053248bb35c55743e4b2fdad57e5c) +(cherry picked from commit 31b21d555e6fa44b4602ba1daee49d1c89977dee) +--- + src/tests/Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index 7a644ca915c1..571e743a1d02 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -7,6 +7,7 @@ TESTSUITE_FILES = \ + EXTRA_DIST = \ + $(TESTSUITE) \ + $(TESTSUITE_FILES) \ ++ $(srcdir)/python/*.py \ + $(srcdir)/package.m4 + + $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile +-- +2.20.1 + diff --git a/SOURCES/0065-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch b/SOURCES/0065-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch new file mode 100644 index 0000000..24e05ff --- /dev/null +++ b/SOURCES/0065-fix-src-test-Makefile-use-wildcard-in-variable-expan.patch @@ -0,0 +1,30 @@ +From 39d202e8aec4584ce4971219cbdafcae759c3594 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 13 Jun 2019 10:48:38 -0400 +Subject: [PATCH 65/73] fix: src/test/Makefile: use wildcard in variable + expansion + +It's more correct to use the wildcard function when setting a variable. + +(cherry picked from commit 40fc3b5fd327ec4a8bcbd3f6a2b34047ef16b732) +(cherry picked from commit 80f33dbd74c10f53032206cbb647386e718b8651) +--- + src/tests/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index 571e743a1d02..2fb3b6b9980d 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -7,7 +7,7 @@ TESTSUITE_FILES = \ + EXTRA_DIST = \ + $(TESTSUITE) \ + $(TESTSUITE_FILES) \ +- $(srcdir)/python/*.py \ ++ $(wildcard $(srcdir)/python/*.py) \ + $(srcdir)/package.m4 + + $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile +-- +2.20.1 + diff --git a/SOURCES/0066-fix-tests-always-list-rules-using-macros.patch b/SOURCES/0066-fix-tests-always-list-rules-using-macros.patch new file mode 100644 index 0000000..c4abc45 --- /dev/null +++ b/SOURCES/0066-fix-tests-always-list-rules-using-macros.patch @@ -0,0 +1,147 @@ +From 83c620c895a03d9e99997d61ee532869ae3ef906 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 14 Jun 2019 09:44:41 -0400 +Subject: [PATCH 66/73] fix: tests: always list rules using macros + +This is to make sure certain flags are used, e.g. "-w" for iptables. + +Fixes: rhbz 1720650 +(cherry picked from commit e527818500be462a724cd34c94948a2704560eb1) +(cherry picked from commit e074dc55257bfd7e8b8e2805d2c46b58545aec05) +--- + .../regression/icmp_block_in_forward_chain.at | 28 +++++-- + src/tests/regression/rhbz1514043.at | 77 ++++++++++++++++++- + 2 files changed, 96 insertions(+), 9 deletions(-) + +diff --git a/src/tests/regression/icmp_block_in_forward_chain.at b/src/tests/regression/icmp_block_in_forward_chain.at +index 3c8766a2b23b..bf834b1a1711 100644 +--- a/src/tests/regression/icmp_block_in_forward_chain.at ++++ b/src/tests/regression/icmp_block_in_forward_chain.at +@@ -1,12 +1,30 @@ + FWD_START_TEST([ICMP block present FORWARD chain]) + + FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) +-m4_if(iptables, FIREWALL_BACKEND, [ +- NS_CHECK([IPTABLES -L IN_public_deny | grep "host-prohibited"], 0, ignore) +- NS_CHECK([IPTABLES -L FWDI_public_deny | grep "host-prohibited"], 0, ignore) ++ ++m4_if(nftables, FIREWALL_BACKEND, [ ++NFT_LIST_RULES([inet], [filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl ++ table inet firewalld { ++ chain filter_IN_public_deny { ++ icmp type destination-unreachable icmp code host-prohibited reject with icmp type admin-prohibited ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FWDI_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl ++ table inet firewalld { ++ chain filter_FWDI_public_deny { ++ icmp type destination-unreachable icmp code host-prohibited reject with icmp type admin-prohibited ++ } ++ } ++]) + ], [ +- NS_CHECK([nft list chain inet firewalld filter_IN_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) +- NS_CHECK([nft list chain inet firewalld filter_FWDI_public_deny | grep "destination-unreachable" |grep "\(code 10\|host-prohibited\)"], 0, ignore) ++ ++IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ++ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited ++]) ++IPTABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl ++ REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited ++]) + ]) + + FWD_END_TEST +diff --git a/src/tests/regression/rhbz1514043.at b/src/tests/regression/rhbz1514043.at +index a9750a584898..ff2ede2ece71 100644 +--- a/src/tests/regression/rhbz1514043.at ++++ b/src/tests/regression/rhbz1514043.at +@@ -5,11 +5,80 @@ FWD_RELOAD + FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl + services: dhcpv6-client samba ssh + ]) ++ + dnl check that log denied actually took effect +-m4_if(iptables, FIREWALL_BACKEND, [ +- NS_CHECK([IPTABLES -t filter -L | grep "FINAL_REJECT:"], 0, ignore) ++m4_if(nftables, FIREWALL_BACKEND, [ ++NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT { ++ ct state established,related accept ++ iifname "lo" accept ++ jump filter_INPUT_ZONES ++ ct state invalid log prefix "STATE_INVALID_DROP: " ++ ct state invalid drop ++ log prefix "FINAL_REJECT: " ++ reject with icmpx type admin-prohibited ++ } ++ } ++]) ++NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl ++ table inet firewalld { ++ chain filter_FORWARD { ++ ct state established,related accept ++ iifname "lo" accept ++ jump filter_FORWARD_IN_ZONES ++ jump filter_FORWARD_OUT_ZONES ++ ct state invalid log prefix "STATE_INVALID_DROP: " ++ ct state invalid drop ++ log prefix "FINAL_REJECT: " ++ reject with icmpx type admin-prohibited ++ } ++ } ++]) + ], [ +- NS_CHECK([nft list chain inet firewalld filter_INPUT | grep "FINAL_REJECT"], 0, ignore) +- NS_CHECK([nft list chain inet firewalld filter_FORWARD | grep "FINAL_REJECT"], 0, ignore) ++ ++IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ++ INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ++]) ++IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ++ LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ++]) ++IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ++ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all ::/0 ::/0 ++ INPUT_direct all ::/0 ::/0 ++ INPUT_ZONES all ::/0 ::/0 ++ LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all ::/0 ::/0 ctstate INVALID ++ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ++]) ++IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ++ ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ++ ACCEPT all ::/0 ::/0 ++ FORWARD_direct all ::/0 ::/0 ++ FORWARD_IN_ZONES all ::/0 ::/0 ++ FORWARD_OUT_ZONES all ::/0 ::/0 ++ LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " ++ DROP all ::/0 ::/0 ctstate INVALID ++ LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " ++ REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ++]) + ]) ++ + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0067-test-new-macro-CHECK_MODULE_PROTO_GRE.patch b/SOURCES/0067-test-new-macro-CHECK_MODULE_PROTO_GRE.patch new file mode 100644 index 0000000..5c86c04 --- /dev/null +++ b/SOURCES/0067-test-new-macro-CHECK_MODULE_PROTO_GRE.patch @@ -0,0 +1,29 @@ +From 0fb627bd56419dc38cde90bf6d23312e59b8627e Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 14:30:34 -0400 +Subject: [PATCH 67/73] test: new macro CHECK_MODULE_PROTO_GRE + +(cherry picked from commit af89dacab41d6dc6a42e992aa74a2d6f4a420abc) +(cherry picked from commit d855fc018a76385992fc7a71f6f460963de92cd9) +--- + src/tests/functions.at | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 542b6b4bfc25..b6831f61d806 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -383,6 +383,10 @@ m4_ifnblank( + [m4_define([HOST_SUPPORTS_NFT_FIB], [no])] + ) + ++m4_define([CHECK_MODULE_PROTO_GRE], [ ++ AT_SKIP_IF([! NS_CMD([modinfo nf_conntrack_proto_gre])]) ++]) ++ + m4_define([NFT_NUMERIC_ARGS], m4_esyscmd([nft -h |grep "numeric-protocol" >/dev/null && echo -n "" || { echo -n "-" && echo -n "nn"; } ])) + + m4_define([HOST_SUPPORTS_IP6TABLES], m4_esyscmd( +-- +2.20.1 + diff --git a/SOURCES/0068-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch b/SOURCES/0068-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch new file mode 100644 index 0000000..1683024 --- /dev/null +++ b/SOURCES/0068-fix-test-regression-pr323-skip-if-GRE-module-doesn-t.patch @@ -0,0 +1,30 @@ +From fe7d0355cf54a1718157f1b5141f86771ee5e414 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 17 Jun 2019 14:31:15 -0400 +Subject: [PATCH 68/73] fix: test/regression/pr323: skip if GRE module doesn't + exist + +Newer kernels use a built-in so the module nf_conntrack_proto_gre +doesn't exist. + +(cherry picked from commit 6cda87d3a532c5ca6e8ef74c03f2e7a6bb45627a) +(cherry picked from commit 8565abe623c3f057d551ea2f2f36d9ec62592076) +--- + src/tests/regression/pr323.at | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tests/regression/pr323.at b/src/tests/regression/pr323.at +index e229a3f81178..e1a030b822d4 100644 +--- a/src/tests/regression/pr323.at ++++ b/src/tests/regression/pr323.at +@@ -1,5 +1,7 @@ + FWD_START_TEST([GRE proto helper]) + ++CHECK_MODULE_PROTO_GRE ++ + FWD_CHECK([-q --add-protocol=gre]) + FWD_CHECK([-q --remove-protocol=gre]) + +-- +2.20.1 + diff --git a/SOURCES/0069-test-service-coverage-for-import-from-file.patch b/SOURCES/0069-test-service-coverage-for-import-from-file.patch new file mode 100644 index 0000000..e94e2b1 --- /dev/null +++ b/SOURCES/0069-test-service-coverage-for-import-from-file.patch @@ -0,0 +1,37 @@ +From 1a03a6f5c63fde715388d5afa0a80912860963c6 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 3 Jul 2019 10:41:07 -0400 +Subject: [PATCH 69/73] test: service: coverage for import from file + +(cherry picked from commit 40d8d6a105a7212db138e3afacf0f471676a8b78) +(cherry picked from commit f1919a7b3048a8d8c9cff0f442de31bb73f24ca0) +--- + src/tests/firewall-cmd.at | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index 0f9cac204ccd..28948636172d 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -305,6 +305,18 @@ FWD_START_TEST([user services]) + FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore) + FWD_CHECK([--permanent --delete-service=foobar], 0, ignore) + FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 1, ignore) ++ ++ AT_DATA([./foobar-to-be-renamed], [m4_strip([dnl ++ ++ ++ ++ ++ ++ ]) ++ FWD_CHECK([--permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file"]) ++ FWD_CHECK([--permanent --get-services | grep foobar-from-file], 0, [ignore]) ++]) ++ + FWD_END_TEST([-e '/ERROR: NAME_CONFLICT: new_service():/d' dnl + -e '/ERROR: INVALID_ADDR:/d']) + +-- +2.20.1 + diff --git a/SOURCES/0070-fix-direct-removeRules-was-mistakenly-removing-all-r.patch b/SOURCES/0070-fix-direct-removeRules-was-mistakenly-removing-all-r.patch new file mode 100644 index 0000000..9281d7b --- /dev/null +++ b/SOURCES/0070-fix-direct-removeRules-was-mistakenly-removing-all-r.patch @@ -0,0 +1,35 @@ +From f8fdec2da8244ceb9d9fafcfa227c939b9f1976a Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 13:32:44 -0400 +Subject: [PATCH 70/73] fix: direct: removeRules() was mistakenly removing all + rules + +Only remove the rules that match the specified criteria (ipv, table, +chain). + +Fixes: #385 +Fixes: rhbz 1723610 +(cherry picked from commit 174005b15059db054b2f8dcf3b35c23fcbaf44ec) +(cherry picked from commit 5b796871894bc2f4f973ef11dc9233b4d391dd63) +--- + src/firewall/server/config.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py +index 011052a9cabf..b2cebea9b4be 100644 +--- a/src/firewall/server/config.py ++++ b/src/firewall/server/config.py +@@ -1367,7 +1367,9 @@ class FirewallDConfig(slip.dbus.service.Object): + (ipv, table, chain, )) + self.accessCheck(sender) + settings = list(self.getSettings()) +- settings[1] = [] ++ for rule in settings[1]: ++ if (ipv, table, chain) == (rule[0], rule[1], rule[2]): ++ settings[1].remove(rule) + self.update(tuple(settings)) + + @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, +-- +2.20.1 + diff --git a/SOURCES/0071-test-coverage-for-rhbz-1723610-and-gh-385.patch b/SOURCES/0071-test-coverage-for-rhbz-1723610-and-gh-385.patch new file mode 100644 index 0000000..7ea4003 --- /dev/null +++ b/SOURCES/0071-test-coverage-for-rhbz-1723610-and-gh-385.patch @@ -0,0 +1,61 @@ +From 2f7cb2d449a85bfb5433e5e44830024c3ee2d862 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 08:26:50 -0400 +Subject: [PATCH 71/73] test: coverage for rhbz 1723610 and gh #385 + +(cherry picked from commit 75fc4876dbfbdb1de09a67c48630fa8503ed152d) +(cherry picked from commit 9657d72ece2631aaab1aa1030658babe77c7f921) +--- + src/tests/regression.at | 1 + + src/tests/regression/rhbz1723610.at | 30 +++++++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + create mode 100644 src/tests/regression/rhbz1723610.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 3438c97f4633..919fc32f9bfb 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -21,3 +21,4 @@ m4_include([regression/gh478.at]) + m4_include([regression/gh453.at]) + m4_include([regression/gh258.at]) + m4_include([regression/rhbz1715977.at]) ++m4_include([regression/rhbz1723610.at]) +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +new file mode 100644 +index 000000000000..f020141e1808 +--- /dev/null ++++ b/src/tests/regression/rhbz1723610.at +@@ -0,0 +1,30 @@ ++FWD_START_TEST([direct remove-rules per family]) ++AT_KEYWORDS(direct rhbz1723610 gh385) ++ ++FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++FWD_RELOAD ++FWD_CHECK([--direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++ ++FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter input]) ++FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) ++FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++FWD_RELOAD ++FWD_CHECK([--direct --get-all-rules], 0, [dnl ++ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++]) ++FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) ++FWD_CHECK([--direct --get-all-rules], 0, [dnl ++ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ++ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ++]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0072-fix-tests-regression-rhbz1723610-make-output-reliabl.patch b/SOURCES/0072-fix-tests-regression-rhbz1723610-make-output-reliabl.patch new file mode 100644 index 0000000..60a4e38 --- /dev/null +++ b/SOURCES/0072-fix-tests-regression-rhbz1723610-make-output-reliabl.patch @@ -0,0 +1,33 @@ +From 14cf032171824edd2ecfee0a497a5bc58ee7af02 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 13:56:54 -0400 +Subject: [PATCH 72/73] fix: tests/regression/rhbz1723610: make output reliable + +The rule listing is unordered, so lets make it reliable. + +Fixes: 75fc4876dbfb ("test: coverage for rhbz 1723610 and gh #385") +(cherry picked from commit 645fc816c09d2d5f767fcecf4bea3d61219780e9) +(cherry picked from commit c8b851866fd7a5731c9f2ef66f0052ac5e7d0497) +--- + src/tests/regression/rhbz1723610.at | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +index f020141e1808..3eccc0436ed7 100644 +--- a/src/tests/regression/rhbz1723610.at ++++ b/src/tests/regression/rhbz1723610.at +@@ -19,11 +19,9 @@ FWD_RELOAD + FWD_CHECK([--direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT + ]) +-FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) + FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT + ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT + ]) + +-- +2.20.1 + diff --git a/SOURCES/0073-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch b/SOURCES/0073-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch new file mode 100644 index 0000000..7f7a34a --- /dev/null +++ b/SOURCES/0073-fix-tests-regression-rhbz1723610-avoid-calling-IPv6-.patch @@ -0,0 +1,36 @@ +From 97d792d961c3999f9e4cb3ab1e54ba59a62acdee Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 26 Jul 2019 14:17:28 -0400 +Subject: [PATCH 73/73] fix: tests/regression/rhbz1723610: avoid calling IPv6 + backend + +We support running without IPv6, so calling the backend in the test +case. + +Fixes: 75fc4876dbfb ("test: coverage for rhbz 1723610 and gh #385") +(cherry picked from commit 38978bfde28a3fea9fb4cc61d2bb30ee5474e341) +(cherry picked from commit c4b3c7ef2d2136992cd745ef7157f20e0e385665) +--- + src/tests/regression/rhbz1723610.at | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +index 3eccc0436ed7..35feed2bda9f 100644 +--- a/src/tests/regression/rhbz1723610.at ++++ b/src/tests/regression/rhbz1723610.at +@@ -19,10 +19,10 @@ FWD_RELOAD + FWD_CHECK([--direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT + ]) +-FWD_CHECK([-q --direct --add-rule ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) + FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv6 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ++ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT + ]) + + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0074-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch b/SOURCES/0074-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch new file mode 100644 index 0000000..43f5bed --- /dev/null +++ b/SOURCES/0074-fix-guarantee-zone-source-dispatch-is-sorted-by-zone.patch @@ -0,0 +1,886 @@ +From f317fbc7e7ad1094b4cfb7570af29772d1a02fd7 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 31 Jul 2019 13:57:10 -0400 +Subject: [PATCH 74/79] fix: guarantee zone source dispatch is sorted by zone + name + +Apparently users depend on firewalld sorting zone dispatch for sources +by the zone name. This is used to specify precedence for overlapping +address spaces. + +Since we have to track rule positions of source based dispatch we might +as well abuse this and combine the source/interface dispatch into a +single chain. + +Fixes: rhbz 1734765 +Fixes: 70993581d79b ("fix: do not allow zone drifting") +(cherry picked from commit afc35c20e58b00b81cd2e1f3e863b3b3bac37c77) +(cherry picked from commit a3542499510658b7d93a83d47d3de090860d6e37) +--- + src/firewall/core/ipXtables.py | 93 ++++++++--- + src/firewall/core/nftables.py | 93 ++++++++--- + src/tests/firewall-cmd.at | 4 +- + src/tests/regression/gh258.at | 274 ++++++++++----------------------- + 4 files changed, 223 insertions(+), 241 deletions(-) + +diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py +index c2339e40539a..647a7a161517 100644 +--- a/src/firewall/core/ipXtables.py ++++ b/src/firewall/core/ipXtables.py +@@ -20,6 +20,7 @@ + # + + import os.path ++import copy + + from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET + from firewall.core.prog import runProg +@@ -175,6 +176,7 @@ class ip4tables(object): + self.restore_wait_option = self._detect_restore_wait_option() + self.fill_exists() + self.available_tables = [] ++ self.zone_source_index_cache = [] + self.our_chains = {} # chains created by firewalld + + def fill_exists(self): +@@ -286,10 +288,49 @@ class ip4tables(object): + chain = args[i+1] + return (table, chain) + ++ def _run_replace_zone_source(self, rule, zone_source_index_cache): ++ try: ++ i = rule.index("%%ZONE_SOURCE%%") ++ rule.pop(i) ++ zone = rule.pop(i) ++ if "-m" == rule[4]: # ipset/mac ++ zone_source = (zone, rule[7]) # (zone, address) ++ else: ++ zone_source = (zone, rule[5]) # (zone, address) ++ except ValueError: ++ try: ++ i = rule.index("%%ZONE_INTERFACE%%") ++ rule.pop(i) ++ zone_source = None ++ except ValueError: ++ return ++ ++ rule_add = True ++ if rule[0] in ["-D", "--delete"]: ++ rule_add = False ++ ++ if zone_source and not rule_add: ++ if zone_source in zone_source_index_cache: ++ zone_source_index_cache.remove(zone_source) ++ elif rule_add: ++ if zone_source: ++ # order source based dispatch by zone name ++ if zone_source not in zone_source_index_cache: ++ zone_source_index_cache.append(zone_source) ++ zone_source_index_cache.sort(key=lambda x: x[0]) ++ ++ index = zone_source_index_cache.index(zone_source) ++ else: ++ index = len(zone_source_index_cache) ++ ++ rule[0] = "-I" ++ rule.insert(2, "%d" % (index + 1)) ++ + def set_rules(self, rules, log_denied): + temp_file = tempFile() + + table_rules = { } ++ zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) + for _rule in rules: + rule = _rule[:] + +@@ -313,6 +354,8 @@ class ip4tables(object): + else: + rule.pop(i) + ++ self._run_replace_zone_source(rule, zone_source_index_cache) ++ + table = "filter" + # get table form rule + for opt in [ "-t", "--table" ]: +@@ -374,6 +417,7 @@ class ip4tables(object): + if status != 0: + raise ValueError("'%s %s' failed: %s" % (self._restore_command, + " ".join(args), ret)) ++ self.zone_source_index_cache = zone_source_index_cache + return ret + + def set_rule(self, rule, log_denied): +@@ -397,7 +441,13 @@ class ip4tables(object): + else: + rule.pop(i) + +- return self.__run(rule) ++ zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) ++ self._run_replace_zone_source(rule, zone_source_index_cache) ++ ++ output = self.__run(rule) ++ ++ self.zone_source_index_cache = zone_source_index_cache ++ return output + + def get_available_tables(self, table=None): + ret = [] +@@ -447,6 +497,7 @@ class ip4tables(object): + return wait_option + + def build_flush_rules(self): ++ self.zone_source_index_cache = [] + rules = [] + for table in BUILT_IN_CHAINS.keys(): + if not self.get_available_tables(table): +@@ -527,10 +578,8 @@ class ip4tables(object): + + if chain == "PREROUTING": + default_rules["raw"].append("-N %s_ZONES" % chain) +- default_rules["raw"].append("-N %s_ZONES_IFACES" % chain) + default_rules["raw"].append("-A %s -j %s_ZONES" % (chain, chain)) +- default_rules["raw"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) +- self.our_chains["raw"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) ++ self.our_chains["raw"].update(set(["%s_ZONES" % chain])) + + if self.get_available_tables("mangle"): + default_rules["mangle"] = [ ] +@@ -542,10 +591,8 @@ class ip4tables(object): + + if chain == "PREROUTING": + default_rules["mangle"].append("-N %s_ZONES" % chain) +- default_rules["mangle"].append("-N %s_ZONES_IFACES" % chain) + default_rules["mangle"].append("-A %s -j %s_ZONES" % (chain, chain)) +- default_rules["mangle"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) +- self.our_chains["mangle"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) ++ self.our_chains["mangle"].update(set(["%s_ZONES" % chain])) + + if self.get_available_tables("nat"): + default_rules["nat"] = [ ] +@@ -557,21 +604,17 @@ class ip4tables(object): + + if chain in [ "PREROUTING", "POSTROUTING" ]: + default_rules["nat"].append("-N %s_ZONES" % chain) +- default_rules["nat"].append("-N %s_ZONES_IFACES" % chain) + default_rules["nat"].append("-A %s -j %s_ZONES" % (chain, chain)) +- default_rules["nat"].append("-A %s_ZONES -g %s_ZONES_IFACES" % (chain, chain)) +- self.our_chains["nat"].update(set(["%s_ZONES" % chain, "%s_ZONES_IFACES" % chain])) ++ self.our_chains["nat"].update(set(["%s_ZONES" % chain])) + + default_rules["filter"] = [ + "-N INPUT_direct", + "-N INPUT_ZONES", +- "-N INPUT_ZONES_IFACES", + + "-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", + "-A INPUT -i lo -j ACCEPT", + "-A INPUT -j INPUT_direct", + "-A INPUT -j INPUT_ZONES", +- "-A INPUT_ZONES -g INPUT_ZONES_IFACES", + ] + if log_denied != "off": + default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") +@@ -584,16 +627,12 @@ class ip4tables(object): + "-N FORWARD_direct", + "-N FORWARD_IN_ZONES", + "-N FORWARD_OUT_ZONES", +- "-N FORWARD_IN_ZONES_IFACES", +- "-N FORWARD_OUT_ZONES_IFACES", + + "-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", + "-A FORWARD -i lo -j ACCEPT", + "-A FORWARD -j FORWARD_direct", + "-A FORWARD -j FORWARD_IN_ZONES", + "-A FORWARD -j FORWARD_OUT_ZONES", +- "-A FORWARD_IN_ZONES -g FORWARD_IN_ZONES_IFACES", +- "-A FORWARD_OUT_ZONES -g FORWARD_OUT_ZONES_IFACES", + ] + if log_denied != "off": + default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") +@@ -609,10 +648,9 @@ class ip4tables(object): + "-A OUTPUT -j OUTPUT_direct", + ] + +- self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES", "INPUT_ZONES_IFACES" ++ self.our_chains["filter"] = set(["INPUT_direct", "INPUT_ZONES", + "FORWARD_direct", "FORWARD_IN_ZONES", +- "FORWARD_IN_ZONES_IFACES" "FORWARD_OUT_ZONES", +- "FORWARD_OUT_ZONES_IFACES", "OUTPUT_direct"]) ++ "FORWARD_OUT_ZONES", "OUTPUT_direct"]) + + final_default_rules = [] + for table in default_rules: +@@ -656,11 +694,13 @@ class ip4tables(object): + action = "-g" + + if enable and not append: +- rule = [ "-I", "%s_ZONES_IFACES" % chain, "1" ] ++ rule = [ "-I", "%s_ZONES" % chain, "%%ZONE_INTERFACE%%" ] + elif enable: +- rule = [ "-A", "%s_ZONES_IFACES" % chain ] ++ rule = [ "-A", "%s_ZONES" % chain ] + else: +- rule = [ "-D", "%s_ZONES_IFACES" % chain ] ++ rule = [ "-D", "%s_ZONES" % chain ] ++ if not append: ++ rule += ["%%ZONE_INTERFACE%%"] + rule += [ "-t", table, opt, interface, action, target ] + return [rule] + +@@ -688,7 +728,8 @@ class ip4tables(object): + opt = "src" + flags = ",".join([opt] * self._fw.ipset.get_dimension(name)) + rule = [ add_del, +- "%s_ZONES" % chain, "-t", table, ++ "%s_ZONES" % chain, "%%ZONE_SOURCE%%", zone, ++ "-t", table, + "-m", "set", "--match-set", name, + flags, action, target ] + else: +@@ -697,12 +738,14 @@ class ip4tables(object): + if opt == "-d": + return "" + rule = [ add_del, +- "%s_ZONES" % chain, "-t", table, ++ "%s_ZONES" % chain, "%%ZONE_SOURCE%%", zone, ++ "-t", table, + "-m", "mac", "--mac-source", address.upper(), + action, target ] + else: + rule = [ add_del, +- "%s_ZONES" % chain, "-t", table, ++ "%s_ZONES" % chain, "%%ZONE_SOURCE%%", zone, ++ "-t", table, + opt, address, action, target ] + return [rule] + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index 0fe686a01878..05376fdd68d8 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -20,6 +20,7 @@ + # + + import os.path ++import copy + + from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET + from firewall.core.prog import runProg +@@ -160,11 +161,54 @@ class nftables(object): + self.available_tables = [] + self.rule_to_handle = {} + self.rule_ref_count = {} ++ self.zone_source_index_cache = {} + + def fill_exists(self): + self.command_exists = os.path.exists(self._command) + self.restore_command_exists = False + ++ def _run_replace_zone_source(self, rule_add, rule, zone_source_index_cache): ++ try: ++ i = rule.index("%%ZONE_SOURCE%%") ++ rule.pop(i) ++ zone = rule.pop(i) ++ zone_source = (zone, rule[7]) # (zone, address) ++ except ValueError: ++ try: ++ i = rule.index("%%ZONE_INTERFACE%%") ++ rule.pop(i) ++ zone_source = None ++ except ValueError: ++ return ++ ++ family = rule[2] ++ ++ if zone_source and not rule_add: ++ if family in zone_source_index_cache and \ ++ zone_source in zone_source_index_cache[family]: ++ zone_source_index_cache[family].remove(zone_source) ++ elif rule_add: ++ if family not in zone_source_index_cache: ++ zone_source_index_cache[family] = [] ++ ++ if zone_source: ++ # order source based dispatch by zone name ++ if zone_source not in zone_source_index_cache[family]: ++ zone_source_index_cache[family].append(zone_source) ++ zone_source_index_cache[family].sort(key=lambda x: x[0]) ++ ++ index = zone_source_index_cache[family].index(zone_source) ++ else: ++ index = len(zone_source_index_cache[family]) ++ ++ if index == 0: ++ rule[0] = "insert" ++ else: ++ index -= 1 # point to the rule before insertion point ++ rule[0] = "add" ++ rule.insert(i, "index") ++ rule.insert(i+1, "%d" % index) ++ + def __run(self, args): + nft_opts = ["--echo", "--handle"] + _args = args[:] +@@ -198,11 +242,6 @@ class nftables(object): + rule_add = False + rule_key = _args[2:] + rule_key = " ".join(rule_key) +- # delete using rule handle +- _args = ["delete", "rule"] + _args[2:5] + \ +- ["handle", self.rule_to_handle[rule_key]] +- +- _args_str = " ".join(_args) + + # rule deduplication + if rule_key in self.rule_ref_count: +@@ -218,15 +257,28 @@ class nftables(object): + raise FirewallError(UNKNOWN_ERROR, "rule ref count bug: rule_key '%s', cnt %d" + % (rule_key, self.rule_ref_count[rule_key])) + log.debug2("%s: rule ref cnt %d, %s %s", self.__class__, +- self.rule_ref_count[rule_key], self._command, _args_str) ++ self.rule_ref_count[rule_key], self._command, " ".join(_args)) ++ ++ if rule_key: ++ zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) ++ self._run_replace_zone_source(rule_add, _args, zone_source_index_cache) + + if not rule_key or (not rule_add and self.rule_ref_count[rule_key] == 0) \ + or ( rule_add and rule_key not in self.rule_ref_count): ++ # delete using rule handle ++ if rule_key and not rule_add: ++ _args = ["delete", "rule"] + _args[2:5] + \ ++ ["handle", self.rule_to_handle[rule_key]] ++ _args_str = " ".join(_args) + log.debug2("%s: %s %s", self.__class__, self._command, _args_str) + (status, output) = runProg(self._command, nft_opts + _args) + if status != 0: + raise ValueError("'%s %s' failed: %s" % (self._command, + _args_str, output)) ++ ++ if rule_key: ++ self.zone_source_index_cache = zone_source_index_cache ++ + # nft requires deleting rules by handle. So we must cache the rule + # handle when adding/inserting rules. + # +@@ -303,6 +355,7 @@ class nftables(object): + def build_flush_rules(self): + self.rule_to_handle = {} + self.rule_ref_count = {} ++ self.zone_source_index_cache = {} + + rules = [] + for family in OUR_CHAINS.keys(): +@@ -359,10 +412,8 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["raw"][chain][1])) + + default_rules.append("add chain inet %s raw_%s_ZONES" % (TABLE_NAME, chain)) +- default_rules.append("add chain inet %s raw_%s_ZONES_IFACES" % (TABLE_NAME, chain)) + default_rules.append("add rule inet %s raw_%s jump raw_%s_ZONES" % (TABLE_NAME, chain, chain)) +- default_rules.append("add rule inet %s raw_%s_ZONES goto raw_%s_ZONES_IFACES" % (TABLE_NAME, chain, chain)) +- OUR_CHAINS["inet"]["raw"].update(set(["%s_ZONES_IFACES" % chain, "%s_ZONES" % chain])) ++ OUR_CHAINS["inet"]["raw"].update(set(["%s_ZONES" % chain])) + + OUR_CHAINS["inet"]["mangle"] = set() + for chain in IPTABLES_TO_NFT_HOOK["mangle"].keys(): +@@ -372,10 +423,8 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["mangle"][chain][1])) + + default_rules.append("add chain inet %s mangle_%s_ZONES" % (TABLE_NAME, chain)) +- default_rules.append("add chain inet %s mangle_%s_ZONES_IFACES" % (TABLE_NAME, chain)) + default_rules.append("add rule inet %s mangle_%s jump mangle_%s_ZONES" % (TABLE_NAME, chain, chain)) +- default_rules.append("add rule inet %s mangle_%s_ZONES goto mangle_%s_ZONES_IFACES" % (TABLE_NAME, chain, chain)) +- OUR_CHAINS["inet"]["mangle"].update(set(["%s_ZONES_IFACES" % chain, "%s_ZONES" % chain])) ++ OUR_CHAINS["inet"]["mangle"].update(set(["%s_ZONES" % chain])) + + OUR_CHAINS["ip"]["nat"] = set() + OUR_CHAINS["ip6"]["nat"] = set() +@@ -387,10 +436,8 @@ class nftables(object): + IPTABLES_TO_NFT_HOOK["nat"][chain][1])) + + default_rules.append("add chain %s %s nat_%s_ZONES" % (family, TABLE_NAME, chain)) +- default_rules.append("add chain %s %s nat_%s_ZONES_IFACES" % (family, TABLE_NAME, chain)) + default_rules.append("add rule %s %s nat_%s jump nat_%s_ZONES" % (family, TABLE_NAME, chain, chain)) +- default_rules.append("add rule %s %s nat_%s_ZONES goto nat_%s_ZONES_IFACES" % (family, TABLE_NAME, chain, chain)) +- OUR_CHAINS[family]["nat"].update(set(["%s_ZONES_IFACES" % chain, "%s_ZONES" % chain])) ++ OUR_CHAINS[family]["nat"].update(set(["%s_ZONES" % chain])) + + OUR_CHAINS["inet"]["filter"] = set() + for chain in IPTABLES_TO_NFT_HOOK["filter"].keys(): +@@ -401,11 +448,9 @@ class nftables(object): + + # filter, INPUT + default_rules.append("add chain inet %s filter_%s_ZONES" % (TABLE_NAME, "INPUT")) +- default_rules.append("add chain inet %s filter_%s_ZONES_IFACES" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct state established,related accept" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s iifname lo accept" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_ZONES" % (TABLE_NAME, "INPUT", "INPUT")) +- default_rules.append("add rule inet %s filter_%s_ZONES goto filter_%s_ZONES_IFACES" % (TABLE_NAME, "INPUT", "INPUT")) + if log_denied != "off": + default_rules.append("add rule inet %s filter_%s ct state invalid %%%%LOGTYPE%%%% log prefix '\"STATE_INVALID_DROP: \"'" % (TABLE_NAME, "INPUT")) + default_rules.append("add rule inet %s filter_%s ct state invalid drop" % (TABLE_NAME, "INPUT")) +@@ -415,15 +460,11 @@ class nftables(object): + + # filter, FORWARD + default_rules.append("add chain inet %s filter_%s_IN_ZONES" % (TABLE_NAME, "FORWARD")) +- default_rules.append("add chain inet %s filter_%s_IN_ZONES_IFACES" % (TABLE_NAME, "FORWARD")) + default_rules.append("add chain inet %s filter_%s_OUT_ZONES" % (TABLE_NAME, "FORWARD")) +- default_rules.append("add chain inet %s filter_%s_OUT_ZONES_IFACES" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct state established,related accept" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s iifname lo accept" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_IN_ZONES" % (TABLE_NAME, "FORWARD", "FORWARD")) + default_rules.append("add rule inet %s filter_%s jump filter_%s_OUT_ZONES" % (TABLE_NAME, "FORWARD", "FORWARD")) +- default_rules.append("add rule inet %s filter_%s_IN_ZONES goto filter_%s_IN_ZONES_IFACES" % (TABLE_NAME, "FORWARD", "FORWARD")) +- default_rules.append("add rule inet %s filter_%s_OUT_ZONES goto filter_%s_OUT_ZONES_IFACES" % (TABLE_NAME, "FORWARD", "FORWARD")) + if log_denied != "off": + default_rules.append("add rule inet %s filter_%s ct state invalid %%%%LOGTYPE%%%% log prefix '\"STATE_INVALID_DROP: \"'" % (TABLE_NAME, "FORWARD")) + default_rules.append("add rule inet %s filter_%s ct state invalid drop" % (TABLE_NAME, "FORWARD")) +@@ -482,11 +523,14 @@ class nftables(object): + action = "goto" + + if enable and not append: +- rule = ["insert", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] ++ rule = ["insert", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain), ++ "%%ZONE_INTERFACE%%"] + elif enable: +- rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] ++ rule = ["add", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] + else: +- rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES_IFACES" % (table, chain)] ++ rule = ["delete", "rule", family, "%s" % TABLE_NAME, "%s_%s_ZONES" % (table, chain)] ++ if not append: ++ rule += ["%%ZONE_INTERFACE%%"] + if interface == "*": + rule += [action, "%s_%s" % (table, target)] + else: +@@ -537,6 +581,7 @@ class nftables(object): + + rule = [add_del, "rule", family, "%s" % TABLE_NAME, + "%s_%s_ZONES" % (table, chain), ++ "%%ZONE_SOURCE%%", zone, + rule_family, opt, address, action, "%s_%s" % (table, target)] + return [rule] + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index 28948636172d..6a4b670d7935 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -138,9 +138,9 @@ FWD_START_TEST([zone interfaces]) + FWD_CHECK([--add-interface=foobar+++], 0, ignore) + FWD_CHECK([--add-interface=foobar+], 0, ignore) + m4_if(nftables, FIREWALL_BACKEND, [ +- NFT_LIST_RULES([inet], [filter_INPUT_ZONES_IFACES], 0, [dnl ++ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl + table inet firewalld { +- chain filter_INPUT_ZONES_IFACES { ++ chain filter_INPUT_ZONES { + iifname "foobar*" goto filter_IN_public + iifname "foobar++*" goto filter_IN_public + goto filter_IN_trusted +diff --git a/src/tests/regression/gh258.at b/src/tests/regression/gh258.at +index 3e5e961f6599..fb863c35528e 100644 +--- a/src/tests/regression/gh258.at ++++ b/src/tests/regression/gh258.at +@@ -26,13 +26,6 @@ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl + chain filter_INPUT_ZONES { + ip6 saddr dead:beef::/54 goto filter_IN_public + ip saddr 1.2.3.0/24 goto filter_IN_work +- goto filter_INPUT_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [filter_INPUT_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain filter_INPUT_ZONES_IFACES { + iifname "dummy1" goto filter_IN_public + iifname "dummy0" goto filter_IN_work + goto filter_IN_public +@@ -56,13 +49,6 @@ NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES], 0, [dnl + chain filter_FORWARD_IN_ZONES { + ip6 saddr dead:beef::/54 goto filter_FWDI_public + ip saddr 1.2.3.0/24 goto filter_FWDI_work +- goto filter_FORWARD_IN_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain filter_FORWARD_IN_ZONES_IFACES { + iifname "dummy1" goto filter_FWDI_public + iifname "dummy0" goto filter_FWDI_work + goto filter_FWDI_public +@@ -74,13 +60,6 @@ NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES], 0, [dnl + chain filter_FORWARD_OUT_ZONES { + ip6 daddr dead:beef::/54 goto filter_FWDO_public + ip daddr 1.2.3.0/24 goto filter_FWDO_work +- goto filter_FORWARD_OUT_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain filter_FORWARD_OUT_ZONES_IFACES { + oifname "dummy1" goto filter_FWDO_public + oifname "dummy0" goto filter_FWDO_work + goto filter_FWDO_public +@@ -103,13 +82,6 @@ NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES], 0, [dnl + chain raw_PREROUTING_ZONES { + ip6 saddr dead:beef::/54 goto raw_PRE_public + ip saddr 1.2.3.0/24 goto raw_PRE_work +- goto raw_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain raw_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto raw_PRE_public + iifname "dummy0" goto raw_PRE_work + goto raw_PRE_public +@@ -128,13 +100,6 @@ NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES], 0, [dnl + chain mangle_PREROUTING_ZONES { + ip6 saddr dead:beef::/54 goto mangle_PRE_public + ip saddr 1.2.3.0/24 goto mangle_PRE_work +- goto mangle_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES_IFACES], 0, [dnl +- table inet firewalld { +- chain mangle_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto mangle_PRE_public + iifname "dummy0" goto mangle_PRE_work + goto mangle_PRE_public +@@ -152,13 +117,6 @@ NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES], 0, [dnl + table ip firewalld { + chain nat_PREROUTING_ZONES { + ip saddr 1.2.3.0/24 goto nat_PRE_work +- goto nat_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES_IFACES], 0, [dnl +- table ip firewalld { +- chain nat_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto nat_PRE_public + iifname "dummy0" goto nat_PRE_work + goto nat_PRE_public +@@ -176,13 +134,6 @@ NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl + table ip firewalld { + chain nat_POSTROUTING_ZONES { + ip daddr 1.2.3.0/24 goto nat_POST_work +- goto nat_POSTROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_IFACES], 0, [dnl +- table ip firewalld { +- chain nat_POSTROUTING_ZONES_IFACES { + oifname "dummy1" goto nat_POST_public + oifname "dummy0" goto nat_POST_work + goto nat_POST_public +@@ -200,13 +151,6 @@ NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES], 0, [dnl + table ip6 firewalld { + chain nat_PREROUTING_ZONES { + ip6 saddr dead:beef::/54 goto nat_PRE_public +- goto nat_PREROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES_IFACES], 0, [dnl +- table ip6 firewalld { +- chain nat_PREROUTING_ZONES_IFACES { + iifname "dummy1" goto nat_PRE_public + iifname "dummy0" goto nat_PRE_work + goto nat_PRE_public +@@ -224,13 +168,6 @@ NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl + table ip6 firewalld { + chain nat_POSTROUTING_ZONES { + ip6 daddr dead:beef::/54 goto nat_POST_public +- goto nat_POSTROUTING_ZONES_IFACES +- } +- } +-]) +-NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_IFACES], 0, [dnl +- table ip firewalld { +- chain nat_POSTROUTING_ZONES_IFACES { + oifname "dummy1" goto nat_POST_public + oifname "dummy0" goto nat_POST_work + goto nat_POST_public +@@ -247,15 +184,12 @@ IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl + DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID + REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited + ]) +-IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [dnl +- IN_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- INPUT_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [INPUT_ZONES_IFACES], 0, [dnl +- IN_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- IN_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- IN_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED + ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 +@@ -265,77 +199,58 @@ IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID + REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited + ]) +-IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [dnl +- FWDI_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- FORWARD_IN_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_IFACES], 0, [dnl +- FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDI_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [dnl +- FWDO_work all -- 0.0.0.0/0 1.2.3.0/24 @<:@goto@:>@ +- FORWARD_OUT_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_IFACES], 0, [dnl +- FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDO_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, ++ [[FWDI_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDI_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) ++IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, ++ [[FWDO_work all -- 0.0.0.0/0 1.2.3.0/24 [goto] ++ FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDO_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl + PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [dnl +- PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, ++ [[PRE_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl + PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [dnl +- PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, ++ [[PRE_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl + PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [dnl +- PRE_work all -- 1.2.3.0/24 0.0.0.0/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- PRE_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) ++IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, ++ [[PRE_work all -- 1.2.3.0/24 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl + POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 + POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 + ]) +-IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [dnl +- POST_work all -- 0.0.0.0/0 1.2.3.0/24 @<:@goto@:>@ +- POSTROUTING_ZONES_IFACES all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +-IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES_IFACES], 0, [dnl +- POST_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- POST_work all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +- POST_public all -- 0.0.0.0/0 0.0.0.0/0 @<:@goto@:>@ +-]) +- ++IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_work all -- 0.0.0.0/0 1.2.3.0/24 [goto] ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_work all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) + + IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl + ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED +@@ -345,15 +260,12 @@ IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl + DROP all ::/0 ::/0 ctstate INVALID + REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited + ]) +-IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [dnl +- IN_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- INPUT_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [INPUT_ZONES_IFACES], 0, [dnl +- IN_public all ::/0 ::/0 @<:@goto@:>@ +- IN_work all ::/0 ::/0 @<:@goto@:>@ +- IN_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_public all dead:beef::/54 ::/0 [goto] ++ IN_public all ::/0 ::/0 [goto] ++ IN_work all ::/0 ::/0 [goto] ++ IN_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED + ACCEPT all ::/0 ::/0 +@@ -363,24 +275,18 @@ IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl + DROP all ::/0 ::/0 ctstate INVALID + REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited + ]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [dnl +- FWDI_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- FORWARD_IN_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_IFACES], 0, [dnl +- FWDI_public all ::/0 ::/0 @<:@goto@:>@ +- FWDI_work all ::/0 ::/0 @<:@goto@:>@ +- FWDI_public all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [dnl +- FWDO_public all ::/0 dead:beef::/54 @<:@goto@:>@ +- FORWARD_OUT_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_IFACES], 0, [dnl +- FWDO_public all ::/0 ::/0 @<:@goto@:>@ +- FWDO_work all ::/0 ::/0 @<:@goto@:>@ +- FWDO_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, ++ [[FWDI_public all dead:beef::/54 ::/0 [goto] ++ FWDI_public all ::/0 ::/0 [goto] ++ FWDI_work all ::/0 ::/0 [goto] ++ FWDI_public all ::/0 ::/0 [goto] ++]]) ++IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, ++ [[FWDO_public all ::/0 dead:beef::/54 [goto] ++ FWDO_public all ::/0 ::/0 [goto] ++ FWDO_work all ::/0 ::/0 [goto] ++ FWDO_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl + ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 + ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 +@@ -388,54 +294,42 @@ IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl + PREROUTING_direct all ::/0 ::/0 + PREROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [dnl +- PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +- PRE_work all ::/0 ::/0 @<:@goto@:>@ +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, ++ [[PRE_public all dead:beef::/54 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++ PRE_work all ::/0 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl + PREROUTING_direct all ::/0 ::/0 + PREROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [dnl +- PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +- PRE_work all ::/0 ::/0 @<:@goto@:>@ +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, ++ [[PRE_public all dead:beef::/54 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++ PRE_work all ::/0 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl + PREROUTING_direct all ::/0 ::/0 + PREROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [dnl +- PRE_public all dead:beef::/54 ::/0 @<:@goto@:>@ +- PREROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES_IFACES], 0, [dnl +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +- PRE_work all ::/0 ::/0 @<:@goto@:>@ +- PRE_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, ++ [[PRE_public all dead:beef::/54 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++ PRE_work all ::/0 ::/0 [goto] ++ PRE_public all ::/0 ::/0 [goto] ++]]) + IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl + POSTROUTING_direct all ::/0 ::/0 + POSTROUTING_ZONES all ::/0 ::/0 + ]) +-IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [dnl +- POST_public all ::/0 dead:beef::/54 @<:@goto@:>@ +- POSTROUTING_ZONES_IFACES all ::/0 ::/0 @<:@goto@:>@ +-]) +-IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES_IFACES], 0, [dnl +- POST_public all ::/0 ::/0 @<:@goto@:>@ +- POST_work all ::/0 ::/0 @<:@goto@:>@ +- POST_public all ::/0 ::/0 @<:@goto@:>@ +-]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_public all ::/0 dead:beef::/54 [goto] ++ POST_public all ::/0 ::/0 [goto] ++ POST_work all ::/0 ::/0 [goto] ++ POST_public all ::/0 ::/0 [goto] ++]]) + ]) + + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0075-test-verify-source-based-zone-dispatch-ordered-by-zo.patch b/SOURCES/0075-test-verify-source-based-zone-dispatch-ordered-by-zo.patch new file mode 100644 index 0000000..807aace --- /dev/null +++ b/SOURCES/0075-test-verify-source-based-zone-dispatch-ordered-by-zo.patch @@ -0,0 +1,188 @@ +From 03f77c540c19159022d265423ca1186a915cab33 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 31 Jul 2019 08:53:51 -0400 +Subject: [PATCH 75/79] test: verify source-based zone dispatch ordered by zone + name + +coverage for rhbz 1734765 + +(cherry picked from commit 25032eb3a60706f22e1b2c0f34d2be8d0b82c89f) +(cherry picked from commit b052f7bcfeb2d40a58d499ad178f1b620abb178d) +--- + src/tests/regression.at | 1 + + src/tests/regression/rhbz1734765.at | 154 ++++++++++++++++++++++++++++ + 2 files changed, 155 insertions(+) + create mode 100644 src/tests/regression/rhbz1734765.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 919fc32f9bfb..6f57a1122925 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -22,3 +22,4 @@ m4_include([regression/gh453.at]) + m4_include([regression/gh258.at]) + m4_include([regression/rhbz1715977.at]) + m4_include([regression/rhbz1723610.at]) ++m4_include([regression/rhbz1734765.at]) +diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at +new file mode 100644 +index 000000000000..070c43faf756 +--- /dev/null ++++ b/src/tests/regression/rhbz1734765.at +@@ -0,0 +1,154 @@ ++FWD_START_TEST([zone sources ordered by name]) ++AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166) ++dnl ++dnl Users depend on firewalld ordering source-based zone dispatch by zone name. ++dnl ++ ++FWD_CHECK([-q --permanent --new-zone=foobar_00]) ++FWD_CHECK([-q --permanent --new-zone=foobar_05]) ++FWD_CHECK([-q --permanent --new-zone=foobar_02]) ++FWD_CHECK([-q --permanent --new-zone=foobar_03]) ++FWD_CHECK([-q --permanent --new-zone=foobar_01]) ++FWD_CHECK([-q --permanent --new-zone=foobar_04]) ++FWD_CHECK([-q --permanent --new-zone=foobar_010]) ++ ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1" --add-source="1234:5678::1:1:1"]) ++FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" --add-source="1234:5678::1:1:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" --add-source="1234:5678::1:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" --add-source="1234:5678::2:2:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" --add-source="1234:5678::2:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" --add-source="1234:5678::0:0:0/80"]) ++ ++FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) ++FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) ++ ++FWD_RELOAD ++ ++FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10" --add-source="1234:5678::10:10:10"]) ++FWD_CHECK([-q --zone=public --add-source="20.20.20.20" --add-source="1234:5678::20:20:20"]) ++FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) ++ ++m4_if(nftables, FIREWALL_BACKEND, [dnl ++NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl ++ table inet firewalld { ++ chain filter_INPUT_ZONES { ++ ip saddr 10.1.1.1 goto filter_IN_foobar_00 ++ ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ++ ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ++ ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ++ ip saddr 10.10.10.10 goto filter_IN_foobar_010 ++ ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ++ ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ++ ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ++ ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ++ ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ++ ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ++ ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ++ ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ++ ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ++ ip saddr 20.20.20.20 goto filter_IN_public ++ ip6 saddr 1234:5678::20:20:20 goto filter_IN_public ++ iifname "foobar2" goto filter_IN_foobar_010 ++ iifname "foobar1" goto filter_IN_trusted ++ iifname "foobar0" goto filter_IN_internal ++ goto filter_IN_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl ++ table ip firewalld { ++ chain nat_POSTROUTING_ZONES { ++ ip daddr 10.1.1.1 goto nat_POST_foobar_00 ++ ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ++ ip daddr 10.10.10.10 goto nat_POST_foobar_010 ++ ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ++ ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ++ ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ++ ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ++ ip daddr 20.20.20.20 goto nat_POST_public ++ oifname "foobar2" goto nat_POST_foobar_010 ++ oifname "foobar1" goto nat_POST_trusted ++ oifname "foobar0" goto nat_POST_internal ++ goto nat_POST_public ++ } ++ } ++]) ++NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl ++ table ip6 firewalld { ++ chain nat_POSTROUTING_ZONES { ++ ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ++ ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ++ ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ++ ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ++ ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ++ ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ++ ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ++ ip6 daddr 1234:5678::20:20:20 goto nat_POST_public ++ oifname "foobar2" goto nat_POST_foobar_010 ++ oifname "foobar1" goto nat_POST_trusted ++ oifname "foobar0" goto nat_POST_internal ++ goto nat_POST_public ++ } ++ } ++]) ++], [ ++ ++IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] ++ IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] ++ IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] ++ IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] ++ IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] ++ IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] ++ IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] ++ IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] ++ IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) ++IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, ++ [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] ++ IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] ++ IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] ++ IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] ++ IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] ++ IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] ++ IN_foobar_05 all 1234:5678::/80 ::/0 [goto] ++ IN_public all 1234:5678::20:20:20 ::/0 [goto] ++ IN_foobar_010 all ::/0 ::/0 [goto] ++ IN_trusted all ::/0 ::/0 [goto] ++ IN_internal all ::/0 ::/0 [goto] ++ IN_public all ::/0 ::/0 [goto] ++]]) ++IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] ++ POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] ++ POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] ++ POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] ++ POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] ++ POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] ++ POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] ++ POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] ++ POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++ POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ++]]) ++IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, ++ [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] ++ POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] ++ POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] ++ POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] ++ POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] ++ POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] ++ POST_foobar_05 all ::/0 1234:5678::/80 [goto] ++ POST_public all ::/0 1234:5678::20:20:20 [goto] ++ POST_foobar_010 all ::/0 ::/0 [goto] ++ POST_trusted all ::/0 ::/0 [goto] ++ POST_internal all ::/0 ::/0 [goto] ++ POST_public all ::/0 ::/0 [goto] ++]]) ++]) ++ ++FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0076-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch b/SOURCES/0076-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch new file mode 100644 index 0000000..adb88e6 --- /dev/null +++ b/SOURCES/0076-fix-test-regression-rhbz1734765-guard-IPv6-usage.patch @@ -0,0 +1,60 @@ +From ab11b1cd069d9266fa63fc609a2040d0366eb57a Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 5 Aug 2019 16:06:07 -0400 +Subject: [PATCH 76/79] fix: test: regression/rhbz1734765: guard IPv6 usage + +Fixes: 25032eb3a607 ("test: verify source-based zone dispatch ordered by zone name") +(cherry picked from commit f4411b95e127fea7a7ed87cd2b01e59c2ce333c5) +(cherry picked from commit 8e13e313bda5408165f70725ed648419d4a23839) +--- + src/tests/regression/rhbz1734765.at | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at +index 070c43faf756..5145d716e576 100644 +--- a/src/tests/regression/rhbz1734765.at ++++ b/src/tests/regression/rhbz1734765.at +@@ -12,20 +12,32 @@ FWD_CHECK([-q --permanent --new-zone=foobar_01]) + FWD_CHECK([-q --permanent --new-zone=foobar_04]) + FWD_CHECK([-q --permanent --new-zone=foobar_010]) + +-FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1" --add-source="1234:5678::1:1:1"]) +-FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" --add-source="1234:5678::1:1:0/112"]) +-FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" --add-source="1234:5678::1:0:0/96"]) +-FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" --add-source="1234:5678::2:2:0/112"]) +-FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" --add-source="1234:5678::2:0:0/96"]) +-FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" --add-source="1234:5678::0:0:0/80"]) ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) ++FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24"]) ++FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) ++FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"]) ++FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"]) ++IF_IPV6_SUPPORTED([ ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) ++FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) ++FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80"]) ++]) + + FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) + FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) + + FWD_RELOAD + +-FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10" --add-source="1234:5678::10:10:10"]) +-FWD_CHECK([-q --zone=public --add-source="20.20.20.20" --add-source="1234:5678::20:20:20"]) ++FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) ++FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) ++IF_IPV6_SUPPORTED([ ++FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) ++FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) ++]) + FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) + + m4_if(nftables, FIREWALL_BACKEND, [dnl +-- +2.20.1 + diff --git a/SOURCES/0077-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch b/SOURCES/0077-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch new file mode 100644 index 0000000..58d314f --- /dev/null +++ b/SOURCES/0077-fix-nftables-fix-zone-dispatch-using-ipset-sources-i.patch @@ -0,0 +1,42 @@ +From ad3e325cc67120b3c159a17d7bba1b216251d30f Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 8 Aug 2019 13:40:01 -0400 +Subject: [PATCH 77/79] fix: nftables: fix zone dispatch using ipset sources in + nat chains + +If using an ipset as a zone source the rules for doing a goto to the +zone's rules were omitted. This means the zone's rules for nat +postrouting/prerouting were not having any effect. Affected features; +masquerade, forward-ports + +(cherry picked from commit b363548f2ab0983d7b88dd82620c0c545e2cef39) +(cherry picked from commit 25ca77a113d895dabd0bc81463fff2db5c749f85) +--- + src/firewall/core/nftables.py | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index 05376fdd68d8..e6a4ec3518a8 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -542,10 +542,15 @@ class nftables(object): + # nat tables needs to use ip/ip6 family + if table == "nat" and family == "inet": + rules = [] +- if check_address("ipv4", address) or check_mac(address): ++ if address.startswith("ipset:"): ++ ipset_family = self._set_get_family(address[len("ipset:"):]) ++ else: ++ ipset_family = None ++ ++ if check_address("ipv4", address) or check_mac(address) or ipset_family == "ip": + rules.extend(self.build_zone_source_address_rules(enable, zone, + address, table, chain, "ip")) +- if check_address("ipv6", address) or check_mac(address): ++ if check_address("ipv6", address) or check_mac(address) or ipset_family == "ip6": + rules.extend(self.build_zone_source_address_rules(enable, zone, + address, table, chain, "ip6")) + return rules +-- +2.20.1 + diff --git a/SOURCES/0078-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch b/SOURCES/0078-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch new file mode 100644 index 0000000..f003795 --- /dev/null +++ b/SOURCES/0078-test-regression-rhbz1734765-add-coverage-for-rhbz-17.patch @@ -0,0 +1,148 @@ +From 8baba36ffff504e6c107448b002a553a2c072850 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 7 Aug 2019 08:41:11 -0400 +Subject: [PATCH 78/79] test: regression/rhbz1734765: add coverage for rhbz + 1738545 + +(cherry picked from commit 20cd5c7d29c586fa55e76d6f21adfee6a7ca34bb) +(cherry picked from commit cea43b784a092a8b155190b9988927daeeb0a0a4) +--- + src/tests/regression/rhbz1734765.at | 46 +++++++++++++++++++++++++---- + 1 file changed, 41 insertions(+), 5 deletions(-) + +diff --git a/src/tests/regression/rhbz1734765.at b/src/tests/regression/rhbz1734765.at +index 5145d716e576..de8e1ab40598 100644 +--- a/src/tests/regression/rhbz1734765.at ++++ b/src/tests/regression/rhbz1734765.at +@@ -1,5 +1,5 @@ + FWD_START_TEST([zone sources ordered by name]) +-AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166) ++AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166 rhbz1738545) + dnl + dnl Users depend on firewalld ordering source-based zone dispatch by zone name. + dnl +@@ -11,20 +11,28 @@ FWD_CHECK([-q --permanent --new-zone=foobar_03]) + FWD_CHECK([-q --permanent --new-zone=foobar_01]) + FWD_CHECK([-q --permanent --new-zone=foobar_04]) + FWD_CHECK([-q --permanent --new-zone=foobar_010]) ++FWD_CHECK([-q --permanent --new-zone=foobar_011]) ++FWD_CHECK([-q --permanent --new-zone=foobar_012]) + +-FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) ++FWD_CHECK([-q --permanent --new-ipset 'ipsetv4' --type hash:ip]) ++FWD_CHECK([-q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6]) ++FWD_CHECK([-q --permanent --ipset ipsetv4 --add-entry '192.0.2.12']) ++FWD_CHECK([-q --permanent --ipset ipsetv6 --add-entry '::2']) ++ ++FWD_CHECK([-q --permanent --zone=foobar_011 --add-source ipset:ipsetv4]) + FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24"]) + FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16"]) +-FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) + FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"]) ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) + FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"]) + IF_IPV6_SUPPORTED([ +-FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) + FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"]) + FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"]) +-FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) + FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"]) ++FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) + FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80"]) ++FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) + ]) + + FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) +@@ -32,11 +40,31 @@ FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) + + FWD_RELOAD + ++NFT_LIST_SET([ipsetv4], 0, [dnl ++ table inet firewalld { ++ set ipsetv4 { ++ type ipv4_addr ++ flags interval ++ elements = { 192.0.2.12 } ++ } ++ } ++]) ++NFT_LIST_SET([ipsetv6], 0, [dnl ++ table inet firewalld { ++ set ipsetv6 { ++ type ipv6_addr ++ flags interval ++ elements = { ::2 } ++ } ++ } ++]) ++ + FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) + FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) + IF_IPV6_SUPPORTED([ + FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) + FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) ++FWD_CHECK([-q --zone=foobar_012 --add-source ipset:ipsetv6]) + ]) + FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) + +@@ -50,6 +78,8 @@ NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl + ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 + ip saddr 10.10.10.10 goto filter_IN_foobar_010 + ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ++ ip saddr @ipsetv4 goto filter_IN_foobar_011 ++ ip6 saddr @ipsetv6 goto filter_IN_foobar_012 + ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 + ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 + ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 +@@ -73,6 +103,7 @@ NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl + ip daddr 10.1.1.1 goto nat_POST_foobar_00 + ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 + ip daddr 10.10.10.10 goto nat_POST_foobar_010 ++ ip daddr @ipsetv4 goto nat_POST_foobar_011 + ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 + ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 + ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 +@@ -91,6 +122,7 @@ NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl + ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 + ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 + ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ++ ip6 daddr @ipsetv6 goto nat_POST_foobar_012 + ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 + ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 + ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 +@@ -109,6 +141,7 @@ IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, + [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] + IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] + IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] ++ IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src + IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] + IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] + IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] +@@ -123,6 +156,7 @@ IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, + [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] + IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] + IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] ++ IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src + IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] + IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] + IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] +@@ -137,6 +171,7 @@ IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, + [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] + POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] + POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] ++ POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst + POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] + POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] + POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] +@@ -151,6 +186,7 @@ IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, + [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] + POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] + POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] ++ POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst + POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] + POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] + POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] +-- +2.20.1 + diff --git a/SOURCES/0079-chore-tests-functions-change-list-macros-to-only-exp.patch b/SOURCES/0079-chore-tests-functions-change-list-macros-to-only-exp.patch new file mode 100644 index 0000000..39abcad --- /dev/null +++ b/SOURCES/0079-chore-tests-functions-change-list-macros-to-only-exp.patch @@ -0,0 +1,96 @@ +From c7ba9d153c381c244bf5ac0abfa4043f187486b8 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 30 May 2019 17:12:48 -0400 +Subject: [PATCH 79/79] chore: tests/functions: change list macros to only + expand for backend + +The macros now check for FIREWALL_BACKEND before attempting to list the +rules. This means we don't need to guard them inside the actual test +cases. + +Also introduces _ALWAYS variants that always expand regardless of the +current backend under test. + +(cherry picked from commit cb43b6cd99d952ae31614a7c46b2df13b670fea3) +(cherry picked from commit 7054a3d092978e165980a4c8d4e1407f01d88bd7) +--- + src/tests/functions.at | 32 ++++++++++++++++++++++++++++---- + 1 file changed, 28 insertions(+), 4 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index b6831f61d806..571f780a007c 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -237,13 +237,19 @@ m4_define([EBTABLES_LIST_RULES], [ + m4_undefine([EBTABLES_LIST_RULES_NORMALIZE]) + ]) + +-m4_define([IPTABLES_LIST_RULES], [ ++m4_define([IPTABLES_LIST_RULES_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ + NS_CHECK([IPTABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) + ]) + ]) + +-m4_define([IP6TABLES_LIST_RULES], [ ++m4_define([IPTABLES_LIST_RULES], [ ++ m4_if(iptables, FIREWALL_BACKEND, [ ++ IPTABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ++ ]) ++]) ++ ++m4_define([IP6TABLES_LIST_RULES_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ + m4_if(yes, HOST_SUPPORTS_IP6TABLES, [ + NS_CHECK([IP6TABLES -w -n -t $1 -L $2 | TRIM_WHITESPACE | tail -n +3], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) +@@ -251,7 +257,13 @@ m4_define([IP6TABLES_LIST_RULES], [ + ]) + ]) + +-m4_define([NFT_LIST_RULES], [ ++m4_define([IP6TABLES_LIST_RULES], [ ++ m4_if(iptables, FIREWALL_BACKEND, [ ++ IP6TABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ++ ]) ++]) ++ ++m4_define([NFT_LIST_RULES_ALWAYS], [ + dnl nftables commit 6dd848339444 change list output to show "meta mark" + dnl instead of just "mark". + m4_define([NFT_LIST_RULES_NORMALIZE], [dnl +@@ -267,6 +279,12 @@ m4_define([NFT_LIST_RULES], [ + m4_undefine([NFT_LIST_RULES_NORMALIZE]) + ]) + ++m4_define([NFT_LIST_RULES], [ ++ m4_if(nftables, FIREWALL_BACKEND, [ ++ NFT_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ++ ]) ++]) ++ + m4_define([IPSET_LIST_SET], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ + NS_CHECK([ipset list $1 | TRIM_WHITESPACE |dnl +@@ -276,12 +294,18 @@ m4_define([IPSET_LIST_SET], [ + ]) + ]) + +-m4_define([NFT_LIST_SET], [ ++m4_define([NFT_LIST_SET_ALWAYS], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ + NS_CHECK([nft NFT_NUMERIC_ARGS list set inet firewalld $1 | TRIM_WHITESPACE], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) + ]) + ]) + ++m4_define([NFT_LIST_SET], [ ++ m4_if(nftables, FIREWALL_BACKEND, [ ++ NFT_LIST_SET_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6]) ++ ]) ++]) ++ + m4_define([DBUS_CHECK], [ + NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl + /org/fedoraproject/FirewallD1/$1 org.fedoraproject.FirewallD1.$2 $3], +-- +2.20.1 + diff --git a/SOURCES/0088-doc-add-default-config-and-system-config.patch b/SOURCES/0088-doc-add-default-config-and-system-config.patch new file mode 100644 index 0000000..c077975 --- /dev/null +++ b/SOURCES/0088-doc-add-default-config-and-system-config.patch @@ -0,0 +1,132 @@ +From 89ca8f9c06a5252581b4428d8f53a3e5167a4c2d Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 20 Aug 2019 09:01:17 -0400 +Subject: [PATCH] doc: add --default-config and --system-config + +They were already in the --help output of commands, but now they'll be +in the man page. These option are heavily used by the testsuite, but may +be useful to users as well. + +Fixes: rhbz 1740074 +(cherry picked from commit d48c6f7800114b88f8abe0799b32b9f94fa82790) +--- + doc/xml/firewall-offline-cmd.xml | 30 ++++++++++++++++++++++++++++-- + doc/xml/firewalld.xml.in | 26 +++++++++++++++++++++++--- + 2 files changed, 51 insertions(+), 5 deletions(-) + +diff --git a/doc/xml/firewall-offline-cmd.xml b/doc/xml/firewall-offline-cmd.xml +index d66f45abb753..aeaf3dc0ebd5 100644 +--- a/doc/xml/firewall-offline-cmd.xml ++++ b/doc/xml/firewall-offline-cmd.xml +@@ -110,6 +110,27 @@ + + + ++ ++ ++ ++ ++ ++ Path to firewalld default configuration. This usually defaults to ++ /usr/lib/firewalld. ++ ++ ++ ++ ++ ++ ++ ++ ++ Path to firewalld system (user) configuration. This usually defaults ++ to /etc/firewalld. ++ ++ ++ ++ + + + +@@ -138,8 +159,13 @@ + + + +- Run checks on the permanent configuration. This includes XML validity +- and semantics. ++ Run checks on the permanent (default and system) configuration. This ++ includes XML validity and semantics. ++ ++ ++ This is may be used with to check ++ the validity of handwritten configuration files before copying them ++ to the standard location. + + + +diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in +index de8020591cd1..c076d4b55738 100644 +--- a/doc/xml/firewalld.xml.in ++++ b/doc/xml/firewalld.xml.in +@@ -76,6 +76,16 @@ + + + ++ ++ ++ ++ ++ Path to firewalld default configuration. This usually defaults to ++ /usr/lib/firewalld. ++ ++ ++ ++ + + =level + +@@ -111,6 +121,16 @@ + + + ++ ++ ++ ++ ++ ++ Path to firewalld system (user) configuration. This usually defaults ++ to /etc/firewalld. ++ ++ ++ + + + +@@ -120,7 +140,7 @@ + firewalld has a D-Bus interface for firewall configuration of services and applications. It also has a command line client for the user. Services or applications already using D-Bus can request changes to the firewall with the D-Bus interface directly. For more information on the firewalld D-Bus interface, please have a look at firewalld.dbus5. + + +- firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in /usr/lib/firewalld or /etc/firewalld (see ). ++ firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in /usr/lib/firewalld () or /etc/firewalld () (see ). + + + If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file. +@@ -190,7 +210,7 @@ + + + +- Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> ++ Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>) + + + This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package. Additional , and can be provided with packages or by creating files. +@@ -198,7 +218,7 @@ + + + +- System configuration settings in <filename class="directory">/etc/firewalld</filename> ++ System configuration settings in <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>) + + + The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand. The files will overload the default configuration files. +-- +2.20.1 + diff --git a/SOURCES/0089-test-missing-firewalld.conf.patch b/SOURCES/0089-test-missing-firewalld.conf.patch new file mode 100644 index 0000000..89005cb --- /dev/null +++ b/SOURCES/0089-test-missing-firewalld.conf.patch @@ -0,0 +1,40 @@ +From 049247e019198a420b7a3da5718470adbcc8b5e9 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 21 Aug 2019 12:09:47 -0400 +Subject: [PATCH 89/99] test: missing firewalld.conf + +(cherry picked from commit d669a213d2986e6024bc88b9afa31eaac040ddc7) +(cherry picked from commit 4d9cfe95dad68a532a06aa8d5495ced694e19d6d) +--- + src/tests/regression.at | 1 + + src/tests/regression/gh509.at | 9 +++++++++ + 2 files changed, 10 insertions(+) + create mode 100644 src/tests/regression/gh509.at + +diff --git a/src/tests/regression.at b/src/tests/regression.at +index 6f57a1122925..3bc99543a9b1 100644 +--- a/src/tests/regression.at ++++ b/src/tests/regression.at +@@ -23,3 +23,4 @@ m4_include([regression/gh258.at]) + m4_include([regression/rhbz1715977.at]) + m4_include([regression/rhbz1723610.at]) + m4_include([regression/rhbz1734765.at]) ++m4_include([regression/gh509.at]) +diff --git a/src/tests/regression/gh509.at b/src/tests/regression/gh509.at +new file mode 100644 +index 000000000000..332b2251263d +--- /dev/null ++++ b/src/tests/regression/gh509.at +@@ -0,0 +1,9 @@ ++FWD_START_TEST([missing firewalld.conf file]) ++AT_KEYWORDS(gh509) ++ ++AT_CHECK([if ! rm ./firewalld.conf; then exit 77; fi]) ++FWD_RESTART ++ ++FWD_END_TEST([-e '/ERROR: Failed to load/d' dnl ++ -e '/WARNING:.*No such file or directory:.*/d' dnl ++ -e '/WARNING: Using fallback firewalld configuration settings/d']) +-- +2.20.1 + diff --git a/SOURCES/0090-fix-tests-regression-gh509-skip-if-host-doesn-t-supp.patch b/SOURCES/0090-fix-tests-regression-gh509-skip-if-host-doesn-t-supp.patch new file mode 100644 index 0000000..1408742 --- /dev/null +++ b/SOURCES/0090-fix-tests-regression-gh509-skip-if-host-doesn-t-supp.patch @@ -0,0 +1,32 @@ +From dd7c25572e265671bac8510f0193d2db3485703e Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 21 Aug 2019 15:00:05 -0400 +Subject: [PATCH 90/99] fix: tests/regression/gh509: skip if host doesn't + support defaults + +Fixes: d669a213d298 ("test: missing firewalld.conf") +(cherry picked from commit a8925505f5a5ae79abf34211517d5fb04404e7a7) +(cherry picked from commit 0d24a659d9c72ef7e72f51b37bc2c53b24dee658) +--- + src/tests/regression/gh509.at | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/tests/regression/gh509.at b/src/tests/regression/gh509.at +index 332b2251263d..44074fda3550 100644 +--- a/src/tests/regression/gh509.at ++++ b/src/tests/regression/gh509.at +@@ -1,6 +1,11 @@ + FWD_START_TEST([missing firewalld.conf file]) + AT_KEYWORDS(gh509) + ++dnl We're going to wipe the config below and therefore use the defaults. As ++dnl such, if our test host doesn't support defaults then we must skip this test ++dnl group. ++m4_if(no, HOST_SUPPORTS_NFT_FIB, [AT_SKIP_IF([:])]) ++ + AT_CHECK([if ! rm ./firewalld.conf; then exit 77; fi]) + FWD_RESTART + +-- +2.20.1 + diff --git a/SOURCES/0091-fix-add-masquerade-should-only-affect-ipv4.patch b/SOURCES/0091-fix-add-masquerade-should-only-affect-ipv4.patch new file mode 100644 index 0000000..b984193 --- /dev/null +++ b/SOURCES/0091-fix-add-masquerade-should-only-affect-ipv4.patch @@ -0,0 +1,55 @@ +From 2cb9ac1e34fd652e75147ca1d3f4495609448a04 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 23 Aug 2019 14:54:40 -0400 +Subject: [PATCH 91/99] fix: --add-masquerade should only affect ipv4 + +As per the man page. Users should use rich rules to get IPv6 +masquerading. + +(cherry picked from commit 88e13653686e4b72b4964e41564c70ca0096e0a9) +(cherry picked from commit 1e95c8d2f2a7d8a4b2f1ad34be268031ab5e9ba5) +--- + src/firewall/core/fw_zone.py | 13 +++++-------- + src/firewall/core/nftables.py | 1 - + 2 files changed, 5 insertions(+), 9 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index 1f33b5504d54..6b766d0dc3ba 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -1893,15 +1893,12 @@ class FirewallZone(object): + zone_transaction.add_chain("nat", "POSTROUTING") + zone_transaction.add_chain("filter", "FORWARD_OUT") + +- for ipv in ["ipv4", "ipv6"]: +- zone_transaction.add_post(enable_ip_forwarding, ipv) ++ ipv = "ipv4" ++ zone_transaction.add_post(enable_ip_forwarding, ipv) + +- for backend in self._fw.enabled_backends(): +- if not backend.zones_supported: +- continue +- +- rules = backend.build_zone_masquerade_rules(enable, zone) +- zone_transaction.add_rules(backend, rules) ++ backend = self._fw.get_backend_by_ipv(ipv) ++ rules = backend.build_zone_masquerade_rules(enable, zone) ++ zone_transaction.add_rules(backend, rules) + + def _forward_port(self, enable, zone, zone_transaction, port, protocol, + toport=None, toaddr=None, mark_id=None): +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index e6a4ec3518a8..baa6a7f58cfb 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -973,7 +973,6 @@ class nftables(object): + or rich_rule.source and check_address("ipv4", rich_rule.source.addr)): + rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip", rich_rule)) + else: +- rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip6", rich_rule)) + rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip", rich_rule)) + + add_del = { True: "add", False: "delete" }[enable] +-- +2.20.1 + diff --git a/SOURCES/0092-fix-nftables-forward-ports-should-only-affect-IPv4.patch b/SOURCES/0092-fix-nftables-forward-ports-should-only-affect-IPv4.patch new file mode 100644 index 0000000..c6d72c1 --- /dev/null +++ b/SOURCES/0092-fix-nftables-forward-ports-should-only-affect-IPv4.patch @@ -0,0 +1,33 @@ +From 4618c4f00b7849e4e253329e9f40fbd20b6160a3 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 23 Aug 2019 14:56:28 -0400 +Subject: [PATCH 92/99] fix: nftables: --forward-ports should only affect IPv4 + +As per man page. User should use rich rules for IPv6 forward ports. + +(cherry picked from commit 816f62a294245b4ba67fdf794dc3caebad50d5b5) +(cherry picked from commit df065ab7853b75ff266deb495b79c9919a2608cd) +--- + src/firewall/core/nftables.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index baa6a7f58cfb..9d88e72f42bf 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -1040,10 +1040,10 @@ class nftables(object): + rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, + protocol, mark_fragment, toaddr, toport, "ip")) + else: +- if not toaddr or check_single_address("ipv6", toaddr): ++ if toaddr and check_single_address("ipv6", toaddr): + rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, + protocol, mark_fragment, toaddr, toport, "ip6")) +- if not toaddr or check_single_address("ipv4", toaddr): ++ else: + rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, + protocol, mark_fragment, toaddr, toport, "ip")) + +-- +2.20.1 + diff --git a/SOURCES/0093-test-coverage-to-make-sure-masquerade-forward-port-o.patch b/SOURCES/0093-test-coverage-to-make-sure-masquerade-forward-port-o.patch new file mode 100644 index 0000000..c6dd2f1 --- /dev/null +++ b/SOURCES/0093-test-coverage-to-make-sure-masquerade-forward-port-o.patch @@ -0,0 +1,119 @@ +From 6e32ff7eabc88e57b4f4831eece15918fc4bda85 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 23 Aug 2019 15:00:45 -0400 +Subject: [PATCH 93/99] test: coverage to make sure masquerade/forward-port + only affect IPv4 + +(cherry picked from commit 5605eefb65adbbe7d6980cc90245f940042c9b78) +(cherry picked from commit 1340fac01a6d64458e7a751807a54c0a5b38dde3) +--- + src/tests/firewall-cmd.at | 76 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 76 insertions(+) + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index 6a4b670d7935..590194103a7e 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -438,6 +438,25 @@ FWD_END_TEST([-e '/ERROR: INVALID_PROTOCOL: dummy/d']) + + FWD_START_TEST([masquerade]) + FWD_CHECK([--add-masquerade --zone=public], 0, ignore) ++ dnl man page says this should only affect IPv4, so verify that. ++ NFT_LIST_RULES([ip], [nat_POST_public_allow], 0, [dnl ++ table ip firewalld { ++ chain nat_POST_public_allow { ++ oifname != "lo" masquerade ++ } ++ } ++ ]) ++ NFT_LIST_RULES([ip6], [nat_POST_public_allow], 0, [dnl ++ table ip6 firewalld { ++ chain nat_POST_public_allow { ++ } ++ } ++ ]) ++ IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl ++ MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ++ ]) ++ IP6TABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl ++ ]) + FWD_CHECK([--query-masquerade], 0, ignore) + FWD_CHECK([--remove-masquerade], 0, ignore) + FWD_CHECK([--query-masquerade], 1, ignore) +@@ -451,9 +470,47 @@ FWD_END_TEST + FWD_START_TEST([forward ports]) + FWD_CHECK([--add-forward-port=666], 106, ignore, ignore) + FWD_CHECK([--add-forward-port=port=11:proto=tcp:toport=22], 0, ignore) ++ dnl man page says this should only affect IPv4, so verify that. ++ NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl ++ table ip firewalld { ++ chain nat_PRE_public_allow { ++ meta l4proto tcp mark 0x00000064 redirect to :22 ++ } ++ } ++ ]) ++ NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl ++ table ip6 firewalld { ++ chain nat_PRE_public_allow { ++ } ++ } ++ ]) ++ IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ++ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x64 to::22 ++ ]) ++ IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ++ ]) + FWD_CHECK([--remove-forward-port=port=11:proto=tcp:toport=22 --zone=public], 0, ignore) + FWD_CHECK([--add-forward-port=port=33:proto=tcp:toaddr=4444], 105, ignore, ignore) dnl bad address + FWD_CHECK([--add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public], 0, ignore) ++ dnl man page says this should only affect IPv4, so verify that. ++ NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl ++ table ip firewalld { ++ chain nat_PRE_public_allow { ++ meta l4proto tcp mark 0x00000064 dnat to 4.4.4.4 ++ } ++ } ++ ]) ++ NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl ++ table ip6 firewalld { ++ chain nat_PRE_public_allow { ++ } ++ } ++ ]) ++ IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ++ DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 mark match 0x64 to:4.4.4.4 ++ ]) ++ IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ++ ]) + FWD_CHECK([--remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4], 0, ignore) + FWD_CHECK([--add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) + FWD_CHECK([--query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) +@@ -465,6 +522,25 @@ FWD_START_TEST([forward ports]) + FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) + IF_IPV6_SUPPORTED([ + FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) ++ dnl this should only affect IPv6, so verify that. ++ NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl ++ table ip firewalld { ++ chain nat_PRE_public_allow { ++ } ++ } ++ ]) ++ NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl ++ table ip6 firewalld { ++ chain nat_PRE_public_allow { ++ meta l4proto sctp mark 0x00000064 dnat to [[fd00:dead:beef:ff0::]:66] ++ } ++ } ++ ]) ++ IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ++ ]) ++ IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ++ DNAT sctp ::/0 ::/0 mark match 0x64 [to:[fd00:dead:beef:ff0::]:66] ++ ]) + FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) + FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) + FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) +-- +2.20.1 + diff --git a/SOURCES/0094-fix-tests-functions-add-macro-HOST_SUPPORTS_IPV6.patch b/SOURCES/0094-fix-tests-functions-add-macro-HOST_SUPPORTS_IPV6.patch new file mode 100644 index 0000000..c19ff35 --- /dev/null +++ b/SOURCES/0094-fix-tests-functions-add-macro-HOST_SUPPORTS_IPV6.patch @@ -0,0 +1,37 @@ +From 5d6a4644993589429e39a3f54234dc9fe67e79f2 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 27 Aug 2019 12:49:22 -0400 +Subject: [PATCH 94/99] fix: tests/functions: add macro HOST_SUPPORTS_IPV6 + +Check for the ipv6 sysctls to see if IPv6 is available. While nftables +allows addidng ip6 rules even if ipv6 is disabled, firewalld will also +try to set some sysctls which fail. + +(cherry picked from commit f9ede55708e3cb325c1052b7c68f3346c8c8c63f) +(cherry picked from commit 49d9856b39be6b07aff4dcaa8682752cb8782de4) +--- + src/tests/functions.at | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 571f780a007c..07ad3668ec5f 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -421,6 +421,14 @@ m4_define([HOST_SUPPORTS_IP6TABLES], m4_esyscmd( + fi + )) + ++m4_define([HOST_SUPPORTS_IPV6], m4_esyscmd( ++ if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then ++ echo -n "yes" ++ else ++ echo -n "no" ++ fi ++)) ++ + m4_define([IF_IPV6_SUPPORTED], [ + m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ + m4_if(nftables, FIREWALL_BACKEND, [$1], [ +-- +2.20.1 + diff --git a/SOURCES/0095-fix-tests-regression-gh335-don-t-set-ipv6-sysctls-if.patch b/SOURCES/0095-fix-tests-regression-gh335-don-t-set-ipv6-sysctls-if.patch new file mode 100644 index 0000000..929605b --- /dev/null +++ b/SOURCES/0095-fix-tests-regression-gh335-don-t-set-ipv6-sysctls-if.patch @@ -0,0 +1,77 @@ +From 83edef8b06cd78a5c0a0680db1d1bcd66d93d626 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 27 Aug 2019 12:07:16 -0400 +Subject: [PATCH 95/99] fix: tests/regression/gh335: don't set ipv6 sysctls if + ipv6 not usable + +If ipv6.disable=1 these sysctls won't be available and the tests will +fail due to the sysctl -w failing. + +(cherry picked from commit e9c171d3e1d919e2fe44fda9f3cd4b8a87d9aec3) +(cherry picked from commit db761aa40e8dd0a65d351ab3fec064470c9c7bb3) +--- + src/tests/regression/gh335.at | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at +index 54cc4c66e163..97d8b88e493c 100644 +--- a/src/tests/regression/gh335.at ++++ b/src/tests/regression/gh335.at +@@ -1,7 +1,9 @@ + FWD_START_TEST([forward-port toaddr enables IP forwarding]) + + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ++]) + FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10]) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +@@ -9,15 +11,21 @@ FWD_RELOAD + + IF_IPV6_SUPPORTED([ + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ++]) + FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"]) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) ++]) + FWD_RELOAD + ]) + + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ++]) + FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"']) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +@@ -25,16 +33,22 @@ FWD_RELOAD + + IF_IPV6_SUPPORTED([ + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ++]) + FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"']) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) ++]) + FWD_RELOAD + ]) + + dnl following tests should _not_ enable IP forwarding + NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) ++m4_if(yes, HOST_SUPPORTS_IPV6, [ + NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ++]) + + FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321]) + NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) +-- +2.20.1 + diff --git a/SOURCES/0096-fix-tests-ignore-errors-about-setting-ipv6-forwardin.patch b/SOURCES/0096-fix-tests-ignore-errors-about-setting-ipv6-forwardin.patch new file mode 100644 index 0000000..2f72eb1 --- /dev/null +++ b/SOURCES/0096-fix-tests-ignore-errors-about-setting-ipv6-forwardin.patch @@ -0,0 +1,56 @@ +From acab71f6c84fe5a9539768a5e45ab157e549eb31 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 28 Aug 2019 08:52:44 -0400 +Subject: [PATCH 96/99] fix: tests: ignore errors about setting ipv6 forwarding + +On a host with ipv6.disable=1 the proc files and sysctls for setting +IPv6 forwarding will not be available, but nftables and iptables-nft +still allow creating rules that match IPv6. Instead of guarding all our +test cases for silly reasons (disabling IPv6), let's just ignore the +errors about setting IPv6 forwarding. + +This only affects tests that explicitly use IPv6 (often rich rules) via +masquerading/forward-ports. + +(cherry picked from commit b28611dee5a2e3a07521aa0fc499b1f70ad81d3b) +(cherry picked from commit 49dd9bcd29ca7948a514373aaf86f682cc13f5e7) +--- + src/tests/firewall-cmd.at | 4 ++-- + src/tests/regression/gh335.at | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at +index 590194103a7e..2977cd6b5332 100644 +--- a/src/tests/firewall-cmd.at ++++ b/src/tests/firewall-cmd.at +@@ -580,7 +580,7 @@ FWD_START_TEST([forward ports]) + FWD_CHECK([--permanent --query-forward-port port=100:proto=tcp:toport=200], 1, ignore) + FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99], 1, ignore) + FWD_CHECK([--permanent --list-forward-ports], 0, ignore) +-FWD_END_TEST ++FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) + + FWD_START_TEST([ICMP block]) + FWD_CHECK([--list-icmp-blocks], 0, ignore) +@@ -988,7 +988,7 @@ FWD_START_TEST([rich rules good]) + rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) + ]) + rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) +-FWD_END_TEST ++FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) + FWD_START_TEST([rich rules audit]) + CHECK_LOG_AUDIT + rich_rule_test([rule service name="ftp" audit limit value="1/m" accept]) +diff --git a/src/tests/regression/gh335.at b/src/tests/regression/gh335.at +index 97d8b88e493c..cf307ef35365 100644 +--- a/src/tests/regression/gh335.at ++++ b/src/tests/regression/gh335.at +@@ -64,4 +64,4 @@ NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignor + NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) + ]) + +-FWD_END_TEST ++FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) +-- +2.20.1 + diff --git a/SOURCES/0097-fix-direct-removeRules-not-removing-all-rules-in-cha.patch b/SOURCES/0097-fix-direct-removeRules-not-removing-all-rules-in-cha.patch new file mode 100644 index 0000000..190a563 --- /dev/null +++ b/SOURCES/0097-fix-direct-removeRules-not-removing-all-rules-in-cha.patch @@ -0,0 +1,29 @@ +From 9f9a4762aa18d8ef399fc7e45c72a2fb1043bbc2 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 30 Aug 2019 14:09:11 -0400 +Subject: [PATCH 97/99] fix: direct: removeRules() not removing all rules in + chain + +Fixes: 174005b15059 ("fix: direct: removeRules() was mistakenly removing all rules") +(cherry picked from commit 083d6527ad9c60442e424172e223b65132bc6d17) +(cherry picked from commit 55a639aed7a8b5f2d77d39b26dd78f51b20100ed) +--- + src/firewall/server/config.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/firewall/server/config.py b/src/firewall/server/config.py +index b2cebea9b4be..cd640ba881ca 100644 +--- a/src/firewall/server/config.py ++++ b/src/firewall/server/config.py +@@ -1367,7 +1367,7 @@ class FirewallDConfig(slip.dbus.service.Object): + (ipv, table, chain, )) + self.accessCheck(sender) + settings = list(self.getSettings()) +- for rule in settings[1]: ++ for rule in settings[1][:]: + if (ipv, table, chain) == (rule[0], rule[1], rule[2]): + settings[1].remove(rule) + self.update(tuple(settings)) +-- +2.20.1 + diff --git a/SOURCES/0098-fix-tests-regression-rhbz1723610-better-coverage.patch b/SOURCES/0098-fix-tests-regression-rhbz1723610-better-coverage.patch new file mode 100644 index 0000000..3ed607f --- /dev/null +++ b/SOURCES/0098-fix-tests-regression-rhbz1723610-better-coverage.patch @@ -0,0 +1,43 @@ +From 05be476aa32e84fa8f8d23494ebe37f586f412c6 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 30 Aug 2019 13:58:54 -0400 +Subject: [PATCH 98/99] fix: tests/regression/rhbz1723610: better coverage + +Add more coverage to make sure all rules in the given chain are deleted. + +(cherry picked from commit 0220c8584512328104bfc816c2daaee2059f6a21) +(cherry picked from commit a40aa5094387e457cfd4a789ef805dac46132b6e) +--- + src/tests/regression/rhbz1723610.at | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +index 35feed2bda9f..70eb226cb6df 100644 +--- a/src/tests/regression/rhbz1723610.at ++++ b/src/tests/regression/rhbz1723610.at +@@ -2,15 +2,21 @@ FWD_START_TEST([direct remove-rules per family]) + AT_KEYWORDS(direct rhbz1723610 gh385) + + FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) ++FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT + ]) + FWD_RELOAD + FWD_CHECK([--direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ++ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT + ]) + +-FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter input]) ++FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter INPUT]) + FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) + FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl + ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-- +2.20.1 + diff --git a/SOURCES/0099-fix-tests-regression-rhbz1723610-make-deterministic.patch b/SOURCES/0099-fix-tests-regression-rhbz1723610-make-deterministic.patch new file mode 100644 index 0000000..5bfd030 --- /dev/null +++ b/SOURCES/0099-fix-tests-regression-rhbz1723610-make-deterministic.patch @@ -0,0 +1,70 @@ +From 6834b65d091d1173e36033cdf5c05b7a235698bd Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 3 Sep 2019 12:57:29 -0400 +Subject: [PATCH 99/99] fix: tests/regression/rhbz1723610: make deterministic + +Use --query-rule. The --get-all-rules output is not necessarily in any +defined order. + +Fixes: 0220c8584512 ("fix: tests/regression/rhbz1723610: better coverage") +(cherry picked from commit 441a4ef405b869b4c68bbbac21f001814578df08) +(cherry picked from commit 3a634eb266f60bc8419f5e3d37abd425e2d4dff5) +--- + src/tests/regression/rhbz1723610.at | 35 +++++++++++++---------------- + 1 file changed, 16 insertions(+), 19 deletions(-) + +diff --git a/src/tests/regression/rhbz1723610.at b/src/tests/regression/rhbz1723610.at +index 70eb226cb6df..0d0810cc8623 100644 +--- a/src/tests/regression/rhbz1723610.at ++++ b/src/tests/regression/rhbz1723610.at +@@ -4,31 +4,28 @@ AT_KEYWORDS(direct rhbz1723610 gh385) + FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT]) +-FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl +-ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT +-]) ++FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) + FWD_RELOAD +-FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT +-]) ++FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) + + FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter INPUT]) + FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) +-FWD_CHECK([--permanent --direct --get-all-rules], 0, [dnl +-ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-]) ++FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) ++FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) + FWD_RELOAD +-FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT +-]) ++FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) + FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) + FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) +-FWD_CHECK([--direct --get-all-rules], 0, [dnl +-ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT +-]) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT], 0) ++FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) ++FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) + + FWD_END_TEST +-- +2.20.1 + diff --git a/SOURCES/0100-fix-tests-functions-improve-CHECK_IPSET-for-nftables.patch b/SOURCES/0100-fix-tests-functions-improve-CHECK_IPSET-for-nftables.patch new file mode 100644 index 0000000..b957276 --- /dev/null +++ b/SOURCES/0100-fix-tests-functions-improve-CHECK_IPSET-for-nftables.patch @@ -0,0 +1,34 @@ +From d9a929cf01da6f53c788703e12470468e8f159cd Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 13 May 2019 13:12:32 -0400 +Subject: [PATCH 100/109] fix: tests/functions: improve CHECK_IPSET for + nftables + +Check for timeout and size support. + +(cherry picked from commit 272437da619e5416803b28feefd5fa7ad0e5d3a6) +(cherry picked from commit a603d1085b861686665aeefc730dfb3e0fea3f30) +--- + src/tests/functions.at | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index b35558795909..125a6e06ce6b 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -354,6 +354,12 @@ m4_define([CHECK_IPSET], [ + NS_CHECK([nft add table inet firewalld_check_ipset]) + NS_CHECK([nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; }]) + AT_SKIP_IF([! NS_CMD([nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1])]) ++ dnl If nft set has has no timeout support, then skip the test ++ AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1])]) ++ dnl If nft set has has no size support, then skip the test ++ AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1])]) ++ AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1])]) ++ + NS_CHECK([nft delete table inet firewalld_check_ipset]) + ]) + ]) +-- +2.20.1 + diff --git a/SOURCES/0101-fix-tests-regression-rhbz1601610-add-missing-CHECK_I.patch b/SOURCES/0101-fix-tests-regression-rhbz1601610-add-missing-CHECK_I.patch new file mode 100644 index 0000000..4e28faf --- /dev/null +++ b/SOURCES/0101-fix-tests-regression-rhbz1601610-add-missing-CHECK_I.patch @@ -0,0 +1,31 @@ +From 09703706bfa5b18698b91f09f4b57d2acdfa8878 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 9 May 2019 10:41:18 -0400 +Subject: [PATCH 101/109] fix: tests/regression/rhbz1601610: add missing + CHECK_IPSET + +Older kernel nftables implementations have a broken set flush. This +includes current travis-ci images. + +Fixes: a13ed324b8bb ("tests/firewall-cmd: coverage for rhbz 1601610 and 1563259") +(cherry picked from commit 719e239fbff169a7dc3d4dcbe21c59370b01757f) +(cherry picked from commit 2d6fd7230690003ba9a0350a4fc77e9068240bdc) +--- + src/tests/regression/rhbz1601610.at | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tests/regression/rhbz1601610.at b/src/tests/regression/rhbz1601610.at +index afe8422f5ee7..f75607ef9f09 100644 +--- a/src/tests/regression/rhbz1601610.at ++++ b/src/tests/regression/rhbz1601610.at +@@ -1,5 +1,7 @@ + FWD_START_TEST([ipset duplicate entries]) + ++CHECK_IPSET ++ + FWD_CHECK([-q --new-ipset=foobar --permanent --type=hash:net]) + FWD_RELOAD + +-- +2.20.1 + diff --git a/SOURCES/0102-fix-allow-custom-helpers-using-standard-helper-modul.patch b/SOURCES/0102-fix-allow-custom-helpers-using-standard-helper-modul.patch new file mode 100644 index 0000000..5514638 --- /dev/null +++ b/SOURCES/0102-fix-allow-custom-helpers-using-standard-helper-modul.patch @@ -0,0 +1,106 @@ +From 3bf7abe7cfdc738959c092bd30ef9ee42789fc8d Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 17 Sep 2019 14:54:13 -0400 +Subject: [PATCH 102/109] fix: allow custom helpers using standard helper + modules + +e.g. a helper called "ftp-foobar" using module "nf_conntrack_ftp" + +(cherry picked from commit 8c65bda2a750c1b1a15851a6030dfef8cdb74d15) +(cherry picked from commit 80260288c58b0555360822d1eb81b2a4d36a5ed1) +--- + src/firewall/core/fw_zone.py | 10 ++++++---- + src/firewall/core/ipXtables.py | 4 ++-- + src/firewall/core/nftables.py | 4 ++-- + 3 files changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index 6b766d0dc3ba..c096e3efe028 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -1609,8 +1609,9 @@ class FirewallZone(object): + modules = [ ] + for helper in helpers: + module = helper.module ++ _module_short_name = module.replace("-","_").replace("nf_conntrack_", "") + if self._fw.nf_conntrack_helper_setting == 0: +- if helper.name not in \ ++ if _module_short_name not in \ + self._fw.nf_conntrack_helpers[module]: + raise FirewallError( + errors.INVALID_HELPER, +@@ -1627,7 +1628,7 @@ class FirewallZone(object): + for (port,proto) in helper.ports: + rules = backend.build_zone_helper_ports_rules( + enable, zone, proto, port, +- destination, helper.name) ++ destination, helper.name, _module_short_name) + zone_transaction.add_rules(backend, rules) + else: + if helper.module not in modules: +@@ -1819,7 +1820,8 @@ class FirewallZone(object): + if self._fw.nf_conntrack_helper_setting == 0: + for helper in helpers: + module = helper.module +- if helper.name not in \ ++ _module_short_name = module.replace("-","_").replace("nf_conntrack_", "") ++ if _module_short_name not in \ + self._fw.nf_conntrack_helpers[module]: + raise FirewallError( + errors.INVALID_HELPER, +@@ -1836,7 +1838,7 @@ class FirewallZone(object): + for (port,proto) in helper.ports: + rules = backend.build_zone_helper_ports_rules( + enable, zone, proto, port, +- destination, helper.name) ++ destination, helper.name, _module_short_name) + zone_transaction.add_rules(backend, rules) + + for (port,proto) in svc.ports: +diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py +index 647a7a161517..b0a4c5e1c161 100644 +--- a/src/firewall/core/ipXtables.py ++++ b/src/firewall/core/ipXtables.py +@@ -983,7 +983,7 @@ class ip4tables(object): + return rules + + def build_zone_helper_ports_rules(self, enable, zone, proto, port, +- destination, helper_name): ++ destination, helper_name, module_short_name): + add_del = { True: "-A", False: "-D" }[enable] + target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], + zone=zone) +@@ -992,7 +992,7 @@ class ip4tables(object): + rule += [ "--dport", "%s" % portStr(port) ] + if destination: + rule += [ "-d", destination ] +- rule += [ "-j", "CT", "--helper", helper_name ] ++ rule += [ "-j", "CT", "--helper", module_short_name ] + + return [rule] + +diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py +index 9d88e72f42bf..0317d820389f 100644 +--- a/src/firewall/core/nftables.py ++++ b/src/firewall/core/nftables.py +@@ -927,7 +927,7 @@ class nftables(object): + return rules + + def build_zone_helper_ports_rules(self, enable, zone, proto, port, +- destination, helper_name): ++ destination, helper_name, module_short_name): + add_del = { True: "add", False: "delete" }[enable] + target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], + zone=zone) +@@ -944,7 +944,7 @@ class nftables(object): + + helper_object = ["ct", "helper", "inet", TABLE_NAME, + "helper-%s-%s" % (helper_name, proto), +- "{", "type", "\"%s\"" % (helper_name), "protocol", ++ "{", "type", "\"%s\"" % (module_short_name), "protocol", + proto, ";", "}"] + + return [helper_object, rule] +-- +2.20.1 + diff --git a/SOURCES/0103-test-helper-coverage-for-custom-helper.patch b/SOURCES/0103-test-helper-coverage-for-custom-helper.patch new file mode 100644 index 0000000..290a771 --- /dev/null +++ b/SOURCES/0103-test-helper-coverage-for-custom-helper.patch @@ -0,0 +1,82 @@ +From dd6dfcced04fc8a0b14f95a1d01d49f5c677f334 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 16 Sep 2019 15:47:53 -0400 +Subject: [PATCH 103/109] test: helper: coverage for custom helper + +(cherry picked from commit 3adabc19a9ac447c3e89a7b344b2e106f44d96f1) +(cherry picked from commit 40d53d4086a69c6c6275b6fa38d33f8c92e719f9) +--- + src/tests/features.at | 2 ++ + src/tests/features/helpers_custom.at | 40 ++++++++++++++++++++++++++++ + src/tests/testsuite.at | 1 + + 3 files changed, 43 insertions(+) + create mode 100644 src/tests/features.at + create mode 100644 src/tests/features/helpers_custom.at + +diff --git a/src/tests/features.at b/src/tests/features.at +new file mode 100644 +index 000000000000..2da3dbad04c2 +--- /dev/null ++++ b/src/tests/features.at +@@ -0,0 +1,2 @@ ++AT_BANNER([features (FIREWALL_BACKEND)]) ++m4_include([features/helpers_custom.at]) +diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at +new file mode 100644 +index 000000000000..b5f745761407 +--- /dev/null ++++ b/src/tests/features/helpers_custom.at +@@ -0,0 +1,40 @@ ++FWD_START_TEST([service include]) ++AT_KEYWORDS(helpers rhbz1733066) ++ ++FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"]) ++FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"]) ++ ++FWD_CHECK([-q --permanent --new-service="ftptest"]) ++FWD_CHECK([-q --permanent --service=ftptest --add-module="nf_conntrack_ftptest"]) ++FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"]) ++FWD_RELOAD ++ ++FWD_CHECK([-q --add-service=ftptest]) ++ ++NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl ++ table inet firewalld { ++ chain filter_IN_public_allow { ++ tcp dport 22 ct state new,untracked accept ++ ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ++ tcp dport 2121 ct helper set "helper-ftptest-tcp" ++ tcp dport 2121 ct state new,untracked accept ++ } ++ } ++]) ++IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl ++ CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ++]) ++IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ++]) ++IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl ++ CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ++]) ++IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ++ ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ++ ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ++ ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ++]) ++ ++FWD_END_TEST +diff --git a/src/tests/testsuite.at b/src/tests/testsuite.at +index 68d18c9018b8..e83d61d5bf0a 100644 +--- a/src/tests/testsuite.at ++++ b/src/tests/testsuite.at +@@ -14,4 +14,5 @@ m4_foreach([FIREWALL_BACKEND], [[iptables]], [ + m4_include([firewall-cmd.at]) + m4_include([regression.at]) + m4_include([python.at]) ++ m4_include([features.at]) + ]) +-- +2.20.1 + diff --git a/SOURCES/0104-fix-test-title-of-customer-helpers-test-was-wrong.patch b/SOURCES/0104-fix-test-title-of-customer-helpers-test-was-wrong.patch new file mode 100644 index 0000000..acd380e --- /dev/null +++ b/SOURCES/0104-fix-test-title-of-customer-helpers-test-was-wrong.patch @@ -0,0 +1,25 @@ +From 3c5db12c27c95732f9d683c2a87f2b312241b7a0 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 19 Sep 2019 15:14:11 -0400 +Subject: [PATCH 104/109] fix: test: title of customer helpers test was wrong + +Fixes: 3adabc19a9ac ("test: helper: coverage for custom helper") +(cherry picked from commit e7c0c7e4397934efec302fbe634b0f2b416e3b61) +(cherry picked from commit d4eb2c1170b0ebacf55302073945e751294a2155) +--- + src/tests/features/helpers_custom.at | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at +index b5f745761407..2c17b004bf91 100644 +--- a/src/tests/features/helpers_custom.at ++++ b/src/tests/features/helpers_custom.at +@@ -1,4 +1,4 @@ +-FWD_START_TEST([service include]) ++FWD_START_TEST([customer helpers]) + AT_KEYWORDS(helpers rhbz1733066) + + FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"]) +-- +2.20.1 + diff --git a/SOURCES/0105-fix-service-usage-of-helpers-with-in-name.patch b/SOURCES/0105-fix-service-usage-of-helpers-with-in-name.patch new file mode 100644 index 0000000..9ad532b --- /dev/null +++ b/SOURCES/0105-fix-service-usage-of-helpers-with-in-name.patch @@ -0,0 +1,71 @@ +From b40b19e1de852aee5b1a53a26c8fb0e3e00b6a71 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 20 Sep 2019 09:48:07 -0400 +Subject: [PATCH 105/109] fix: service: usage of helpers with '-' in name + +Fixes: 8c65bda2a750 ("fix: allow custom helpers using standard helper modules") +(cherry picked from commit 28f3e6a83167ca2798157fd6e2c752b296c72830) +(cherry picked from commit 98e77f8fb8fd6e72e71eb1267ea5ccbc0563cb83) +--- + src/firewall/core/fw_zone.py | 6 +++--- + src/firewall/functions.py | 6 ++++-- + 2 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py +index c096e3efe028..e7be779ebc8c 100644 +--- a/src/firewall/core/fw_zone.py ++++ b/src/firewall/core/fw_zone.py +@@ -25,7 +25,7 @@ from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET, \ + from firewall.core.logger import log + from firewall.functions import portStr, checkIPnMask, checkIP6nMask, \ + checkProtocol, enable_ip_forwarding, check_single_address, check_mac, \ +- portInPortRange ++ portInPortRange, get_nf_conntrack_short_name + from firewall.core.rich import Rich_Rule, Rich_Accept, \ + Rich_Mark, Rich_Service, Rich_Port, Rich_Protocol, \ + Rich_Masquerade, Rich_ForwardPort, Rich_SourcePort, Rich_IcmpBlock, \ +@@ -1609,7 +1609,7 @@ class FirewallZone(object): + modules = [ ] + for helper in helpers: + module = helper.module +- _module_short_name = module.replace("-","_").replace("nf_conntrack_", "") ++ _module_short_name = get_nf_conntrack_short_name(module) + if self._fw.nf_conntrack_helper_setting == 0: + if _module_short_name not in \ + self._fw.nf_conntrack_helpers[module]: +@@ -1820,7 +1820,7 @@ class FirewallZone(object): + if self._fw.nf_conntrack_helper_setting == 0: + for helper in helpers: + module = helper.module +- _module_short_name = module.replace("-","_").replace("nf_conntrack_", "") ++ _module_short_name = get_nf_conntrack_short_name(module) + if _module_short_name not in \ + self._fw.nf_conntrack_helpers[module]: + raise FirewallError( +diff --git a/src/firewall/functions.py b/src/firewall/functions.py +index 5f54a59204b8..ad2166905d1d 100644 +--- a/src/firewall/functions.py ++++ b/src/firewall/functions.py +@@ -345,6 +345,9 @@ def enable_ip_forwarding(ipv): + return writefile("/proc/sys/net/ipv6/conf/all/forwarding", "1\n") + return False + ++def get_nf_conntrack_short_name(module): ++ return module.replace("_","-").replace("nf-conntrack-", "") ++ + def get_nf_conntrack_helpers(): + kver = os.uname()[2] + path = "/lib/modules/%s/kernel/net/netfilter/" % kver +@@ -361,8 +364,7 @@ def get_nf_conntrack_helpers(): + # the we add it to helpers list and goto next module + if filename.startswith("nf_conntrack_proto_"): + helper = filename.split(".")[0].strip() +- helper = helper.replace("_", "-") +- helper = helper.replace("nf-conntrack-", "") ++ helper = get_nf_conntrack_short_name(helper) + helpers.setdefault(module, [ ]).append(helper) + continue + # Else we get module alias and if "-helper" in the "alias:" line of modinfo +-- +2.20.1 + diff --git a/SOURCES/0106-fix-Revert-ebtables-drop-support-for-broute-table.patch b/SOURCES/0106-fix-Revert-ebtables-drop-support-for-broute-table.patch new file mode 100644 index 0000000..0588d17 --- /dev/null +++ b/SOURCES/0106-fix-Revert-ebtables-drop-support-for-broute-table.patch @@ -0,0 +1,56 @@ +From e3cdea87bc0758ede348be31cd32e69428ed1571 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 20 Sep 2019 08:39:05 -0400 +Subject: [PATCH 106/109] fix: Revert "ebtables: drop support for broute table" + +This reverts commit 0e78dea21ffb03ea2e51df6158471b9cbd6652c9. + +Apparently there _are_ users of this table. Let's revert this change and +be a little smarter about not attempting to use the table if it's not +available (ebtables-nft). We'll still fail if the user has direct rules +for this table, but at least the default ruleset will work. + +(cherry picked from commit ca34c9e051807d62371d5e980210f11859cab360) +(cherry picked from commit b80835f5af8ad5c4c39cc8b78ec5314963926a8f) +--- + src/firewall-config.in | 4 ++++ + src/firewall/core/ebtables.py | 1 + + 2 files changed, 5 insertions(+) + +diff --git a/src/firewall-config.in b/src/firewall-config.in +index 0bb7b05abdad..84c573fc1338 100755 +--- a/src/firewall-config.in ++++ b/src/firewall-config.in +@@ -7653,6 +7653,8 @@ class FirewallConfig(object): + self.directChainDialogTableCombobox.append_text("mangle") + self.directChainDialogTableCombobox.append_text("raw") + self.directChainDialogTableCombobox.append_text("security") ++ else: ++ self.directChainDialogTableCombobox.append_text("broute") + + combobox_select_text(self.directChainDialogTableCombobox, old_table) + +@@ -7807,6 +7809,8 @@ class FirewallConfig(object): + self.directRuleDialogTableCombobox.append_text("mangle") + self.directRuleDialogTableCombobox.append_text("raw") + self.directRuleDialogTableCombobox.append_text("security") ++ else: ++ self.directRuleDialogTableCombobox.append_text("broute") + + combobox_select_text(self.directRuleDialogTableCombobox, old_table) + +diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py +index df4c31743cd7..65688571ce31 100644 +--- a/src/firewall/core/ebtables.py ++++ b/src/firewall/core/ebtables.py +@@ -31,6 +31,7 @@ from firewall.errors import FirewallError, INVALID_IPV + import string + + BUILT_IN_CHAINS = { ++ "broute": [ "BROUTING" ], + "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ], + "filter": [ "INPUT", "OUTPUT", "FORWARD" ], + } +-- +2.20.1 + diff --git a/SOURCES/0107-fix-ebtables-don-t-use-tables-that-aren-t-available.patch b/SOURCES/0107-fix-ebtables-don-t-use-tables-that-aren-t-available.patch new file mode 100644 index 0000000..2af57d7 --- /dev/null +++ b/SOURCES/0107-fix-ebtables-don-t-use-tables-that-aren-t-available.patch @@ -0,0 +1,36 @@ +From 3e4c68e79f8b654020a9abac14889d7cb34dad75 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Fri, 20 Sep 2019 08:47:22 -0400 +Subject: [PATCH 107/109] fix: ebtables: don't use tables that aren't available + +(cherry picked from commit 53fa559352156ae4c33613e2e45eb5355e1e86b9) +(cherry picked from commit 3b7dd4993f18c9090f3c307fd40919cc8b2616bc) +--- + src/firewall/core/ebtables.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py +index 65688571ce31..b17e43dadf20 100644 +--- a/src/firewall/core/ebtables.py ++++ b/src/firewall/core/ebtables.py +@@ -229,6 +229,8 @@ class ebtables(object): + def build_flush_rules(self): + rules = [] + for table in BUILT_IN_CHAINS.keys(): ++ if table not in self.get_available_tables(): ++ continue + # Flush firewall rules: -F + # Delete firewall chains: -X + # Set counter to zero: -Z +@@ -239,6 +241,8 @@ class ebtables(object): + def build_set_policy_rules(self, policy): + rules = [] + for table in BUILT_IN_CHAINS.keys(): ++ if table not in self.get_available_tables(): ++ continue + for chain in BUILT_IN_CHAINS[table]: + rules.append(["-t", table, "-P", chain, policy]) + return rules +-- +2.20.1 + diff --git a/SOURCES/0108-fix-test-features-helpers_custom-skip-test-if-automa.patch b/SOURCES/0108-fix-test-features-helpers_custom-skip-test-if-automa.patch new file mode 100644 index 0000000..ce0d233 --- /dev/null +++ b/SOURCES/0108-fix-test-features-helpers_custom-skip-test-if-automa.patch @@ -0,0 +1,34 @@ +From 98b9536093dcc67f536825b706ede56501767742 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 25 Sep 2019 14:28:59 -0400 +Subject: [PATCH 108/109] fix: test: features/helpers_custom: skip test if + automatic helpers is 1 + +(cherry picked from commit e981578698b7746d5e0253c5ab9193b2c73b9e67) +(cherry picked from commit b56deaabd9ee0747542e7f0d9e518b80fdbde65a) +--- + src/tests/features/helpers_custom.at | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/tests/features/helpers_custom.at b/src/tests/features/helpers_custom.at +index 2c17b004bf91..fd59d06ba4d1 100644 +--- a/src/tests/features/helpers_custom.at ++++ b/src/tests/features/helpers_custom.at +@@ -11,6 +11,14 @@ FWD_RELOAD + + FWD_CHECK([-q --add-service=ftptest]) + ++dnl The expected rule output is different if automatic helpers is in use. It's ++dnl tricky for autotest to know what to do because the testsuite is generated ++dnl outside of the testsuite netns and the value of nf_conntrack_helper may be ++dnl different inside the netns. As such, skip the rest of the test if automatic ++dnl helpers is 1 inside the netns. Our output assumes it's 0, which is the ++dnl default now-a-days. ++AT_SKIP_IF([NS_CMD([sh -c 'test "$(sysctl -n net.netfilter.nf_conntrack_helper)" -eq "1"'])]) ++ + NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl + table inet firewalld { + chain filter_IN_public_allow { +-- +2.20.1 + diff --git a/SOURCES/0109-fix-test-only-set-locale-if-C.utf8-is-available.patch b/SOURCES/0109-fix-test-only-set-locale-if-C.utf8-is-available.patch new file mode 100644 index 0000000..d2073b1 --- /dev/null +++ b/SOURCES/0109-fix-test-only-set-locale-if-C.utf8-is-available.patch @@ -0,0 +1,37 @@ +From c623eeccd0cbd1cf59065d4a63a3cf760f12e43a Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 26 Sep 2019 15:28:20 -0400 +Subject: [PATCH 109/109] fix: test: only set locale if C.utf8 is available + +If it's not available, just roll with what's already set in the +environment and hope for the best. This fixes warnings on distros that +may not provide C.UTF-8. + +(cherry picked from commit 933adbeb526d97855abc9644d2d93b3364efc7eb) +(cherry picked from commit 07a5378d33fd37f6ef375300fabcf7eea4f78801) +--- + src/tests/functions.at | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 125a6e06ce6b..013ec098052c 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -52,10 +52,10 @@ m4_define([FWD_START_TEST], [ + + dnl We test some unicode strings and autotest overrides LC_ALL=C, so set it + dnl again for every test. +- LC_ALL="C.UTF-8" +- export LC_ALL +- LANGUAGE="C.UTF-8" +- export LANGUAGE ++ if locale -a |grep "^C.utf8" >/dev/null; then ++ LC_ALL="C.UTF-8" ++ export LC_ALL ++ fi + + dnl start every test with the default config + if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then +-- +2.20.1 + diff --git a/SOURCES/0110-chore-update-translations.patch b/SOURCES/0110-chore-update-translations.patch new file mode 100644 index 0000000..b171a42 --- /dev/null +++ b/SOURCES/0110-chore-update-translations.patch @@ -0,0 +1,2556 @@ +From fca3b655ddefebbf50342257a7683af6aeab7cff Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 1 Oct 2019 14:16:24 -0400 +Subject: [PATCH 110/122] chore: update translations + +(cherry picked from commit 9a9aada9b3333072bc26a089e73e73acc0b3746f) +--- + po/ar.po | 14 +++++++------- + po/as.po | 14 +++++++------- + po/bg.po | 14 +++++++------- + po/bn_IN.po | 14 +++++++------- + po/ca.po | 14 +++++++------- + po/cs.po | 14 +++++++------- + po/da.po | 14 +++++++------- + po/de.po | 14 +++++++------- + po/el.po | 14 +++++++------- + po/en_GB.po | 14 +++++++------- + po/en_US.po | 14 +++++++------- + po/es.po | 14 +++++++------- + po/et.po | 14 +++++++------- + po/eu.po | 14 +++++++------- + po/fi.po | 14 +++++++------- + po/fr.po | 14 +++++++------- + po/gl.po | 14 +++++++------- + po/gu.po | 14 +++++++------- + po/hi.po | 14 +++++++------- + po/hu.po | 14 +++++++------- + po/ia.po | 14 +++++++------- + po/id.po | 14 +++++++------- + po/it.po | 14 +++++++------- + po/ja.po | 14 +++++++------- + po/ka.po | 14 +++++++------- + po/kn.po | 14 +++++++------- + po/ko.po | 14 +++++++------- + po/lt.po | 14 +++++++------- + po/ml.po | 14 +++++++------- + po/mr.po | 14 +++++++------- + po/nl.po | 14 +++++++------- + po/or.po | 14 +++++++------- + po/pa.po | 14 +++++++------- + po/pl.po | 14 +++++++------- + po/pt.po | 14 +++++++------- + po/pt_BR.po | 14 +++++++------- + po/ru.po | 14 +++++++------- + po/sk.po | 14 +++++++------- + po/sq.po | 14 +++++++------- + po/sr.po | 14 +++++++------- + po/sr@latin.po | 14 +++++++------- + po/sv.po | 14 +++++++------- + po/ta.po | 14 +++++++------- + po/te.po | 14 +++++++------- + po/tr.po | 14 +++++++------- + po/uk.po | 14 +++++++------- + po/zh_CN.po | 14 +++++++------- + po/zh_TW.po | 14 +++++++------- + 48 files changed, 336 insertions(+), 336 deletions(-) + +diff --git a/po/ar.po b/po/ar.po +index 5636041a056a..92d9087979ac 100644 +--- a/po/ar.po ++++ b/po/ar.po +@@ -17,7 +17,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:20+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Arabic (http://www.transifex.com/projects/p/firewalld/" +@@ -47,19 +47,19 @@ msgstr "إعدادات الجدار النّاري" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "حدد منطقة للواجهة '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "المنطقة الافتراضية" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "حدد منطقة للاتصال '%s'" +@@ -732,12 +732,12 @@ msgstr "مساعد مضمن، إعادة التسمية غير مدعومة." + msgid "Built-in icmp, rename not supported." + msgstr "icmp مضمن، إعادة التسمية غير مدعومة." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "فشل قراءة الملف '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "حدد المنطقة للمصدر %s" +diff --git a/po/as.po b/po/as.po +index dc5f69898d8c..ee1cfa139da4 100644 +--- a/po/as.po ++++ b/po/as.po +@@ -13,7 +13,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:15+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Assamese (http://www.transifex.com/projects/p/firewalld/" +@@ -42,19 +42,19 @@ msgstr "ফায়াৰ্ৱাল বিন্যাস" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "আন্তঃপৃষ্ঠ '%s' ৰ বাবে অঞ্চল বাছক" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "অবিকল্পিত অঞ্চল" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "সংযোগ '%s' ৰ বাবে অঞ্চল বাছক" +@@ -721,12 +721,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "বিলট-ইন icmp, পুনৰ নামকৰণ সমৰ্থিত নহয়।" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "উৎস %s ৰ বাবে অঞ্চল বাছক" +diff --git a/po/bg.po b/po/bg.po +index 80491853e12d..724249c1b5bd 100644 +--- a/po/bg.po ++++ b/po/bg.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:43+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Bulgarian (http://www.transifex.com/projects/p/firewalld/" +@@ -37,19 +37,19 @@ msgstr "Конфигуриране на защитната стена" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Зона '%s' активирана за интерфейс '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Зона по подразбиране" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -714,12 +714,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Вграден icmp, преименуване не се поддържа." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Избор на зона за източник %s" +diff --git a/po/bn_IN.po b/po/bn_IN.po +index 7ec6f44257c3..4189e9130858 100644 +--- a/po/bn_IN.po ++++ b/po/bn_IN.po +@@ -13,7 +13,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:43+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Bengali (India) (http://www.transifex.com/projects/p/" +@@ -42,19 +42,19 @@ msgstr "ফায়ারওয়াল কনফিগারেশন" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "ইন্টারফেস '%s' এর জন্য অঞ্চল নির্বাচন করুন" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "ডিফল্ট অঞ্চল" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "'%s' সংযোগের জন্য অঞ্চল নির্বাচন করুন" +@@ -721,12 +721,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "বিল্ট-ইন icmp, নাম পরিবর্তন সমর্থিত নয়।" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "সোর্স '%s' এর জন্য অঞ্চল নির্বাচন করুন" +diff --git a/po/ca.po b/po/ca.po +index 46e1b6e6f6da..c83e8823bae6 100644 +--- a/po/ca.po ++++ b/po/ca.po +@@ -19,7 +19,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-08-20 10:43+0000\n" + "Last-Translator: Robert Antoni Buj Gelonch \n" + "Language-Team: Catalan (http://www.transifex.com/projects/p/firewalld/" +@@ -48,19 +48,19 @@ msgstr "Configuració del tallafoc" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "tallafoc;xarxa;seguretat;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Selecciona la zona per a la interfície «%s»" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona predeterminada" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Selecciona la zona per a la connexió «%s»" +@@ -742,12 +742,12 @@ msgstr "Ajudant incrustat, el canvi de nom no està admès." + msgid "Built-in icmp, rename not supported." + msgstr "ICMP integrat, no es permet el canvi de nom." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "No s'ha pogut llegir el fitxer «%s»: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Selecciona la zona per a l'origen %s" +diff --git a/po/cs.po b/po/cs.po +index 1e7123ab1396..18a5a2f9d6a2 100644 +--- a/po/cs.po ++++ b/po/cs.po +@@ -26,7 +26,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:21+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Czech (http://www.transifex.com/projects/p/firewalld/language/" +@@ -55,19 +55,19 @@ msgstr "Nastavení firewallu" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;síť;zabezpečení;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Vyberte zónu pro rozhraní '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Základní zóna" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Vyberte zónu pro připojení '%s'" +@@ -742,12 +742,12 @@ msgstr "Vestavěný pomocník, přejmenování nepodporováno." + msgid "Built-in icmp, rename not supported." + msgstr "Vestavěné Icmp, přejmenování není možné." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Nepodařilo se načíst soubor '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Vyberte zónu pro zdroj %s" +diff --git a/po/da.po b/po/da.po +index e3960c562b98..64c2df92d95b 100644 +--- a/po/da.po ++++ b/po/da.po +@@ -13,7 +13,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-09-20 10:43+0000\n" + "Last-Translator: scootergrisen \n" + "Language-Team: Danish (http://www.transifex.com/projects/p/firewalld/" +@@ -43,19 +43,19 @@ msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + "firewall;network;security;iptables;netfilter;netværk;sikkerhed;iptabeller;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Vælg zone til grænseflade '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Standardzone" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Vælg zone for forbindelse '%s'" +@@ -731,12 +731,12 @@ msgstr "Indbygget hjælper, omdøbning understøttes ikke." + msgid "Built-in icmp, rename not supported." + msgstr "Indbygget ICMP, omdøbning understøttes ikke." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Kunne ikke læse fil '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Vælg zone for kilde %s" +diff --git a/po/de.po b/po/de.po +index 64cc4ff14c59..202ba11b4af9 100644 +--- a/po/de.po ++++ b/po/de.po +@@ -40,7 +40,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:22+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: German (http://www.transifex.com/projects/p/firewalld/" +@@ -69,19 +69,19 @@ msgstr "Firewall-Konfiguration" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "Firewall;Netzwerk;Sicherheit;Iptables;Netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Wählen Sie die Zone für die Schnittstelle »%s«" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Standardzone" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr " Zone für Verbindung »%s« auswählen" +@@ -760,12 +760,12 @@ msgstr "Enthaltene Helfer, Umbenennen nicht unterstützt." + msgid "Built-in icmp, rename not supported." + msgstr "Integriertes Icmp, das Umbenennen wird nicht unterstützt." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Lesen der Datei »%s« fehlgeschlagen: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Zone für Quelle %s auswählen" +diff --git a/po/el.po b/po/el.po +index 71b35d8d79ac..a76ef251c6f5 100644 +--- a/po/el.po ++++ b/po/el.po +@@ -16,7 +16,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:27+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Greek (http://www.transifex.com/projects/p/firewalld/language/" +@@ -45,19 +45,19 @@ msgstr "Ρύθμιση τείχους προστασίας" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Ζώνη '%s' ενεργοποιήθηκε για την διεπαφή '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -724,12 +724,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Ενσωματωμένος icmp, η μετονομασία δεν υποστηρίζεται." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/en_GB.po b/po/en_GB.po +index 434e9303dd41..c6de93f5b86f 100644 +--- a/po/en_GB.po ++++ b/po/en_GB.po +@@ -11,7 +11,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:44+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" +@@ -40,19 +40,19 @@ msgstr "Firewall Configuration" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Select zone for interface '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -716,12 +716,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Built-in icmp, rename not supported." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Select zone for source %s" +diff --git a/po/en_US.po b/po/en_US.po +index feb171d1f9ca..ffc8153ba441 100644 +--- a/po/en_US.po ++++ b/po/en_US.po +@@ -7,7 +7,7 @@ msgid "" + msgstr "" + "Project-Id-Version: firewalld\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2014-10-15 14:24+0000\n" + "Last-Translator: Jiří Popelka \n" + "Language-Team: English (United States) (http://www.transifex.com/projects/p/" +@@ -35,19 +35,19 @@ msgstr "Firewall Configuration" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Select zone for interface '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Default Zone" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Select zone for connection '%s'" +@@ -737,12 +737,12 @@ msgstr "Built-in icmp, rename not supported." + msgid "Built-in icmp, rename not supported." + msgstr "Built-in icmp, rename not supported." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, fuzzy, c-format + msgid "Failed to read file '%s': %s" + msgstr "Failed to load icons." + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Select zone for source %s" +diff --git a/po/es.po b/po/es.po +index 7216b2fe4449..0b1cdb18266c 100644 +--- a/po/es.po ++++ b/po/es.po +@@ -31,7 +31,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:22+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Spanish (http://www.transifex.com/projects/p/firewalld/" +@@ -60,19 +60,19 @@ msgstr "Configuración del cortafuegos" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "cortafuegos;red;seguridad;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Seleccione la zona para la interfaz '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona Predeterminada" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Seleccione la zona para la conexión '%s'" +@@ -752,12 +752,12 @@ msgstr "Agente incorporado, no se puede renombrar." + msgid "Built-in icmp, rename not supported." + msgstr "Tipo ICMP incorporado, no se puede renombrar." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "No se pudo leer el archivo '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Seleccione la zona para el origen %s" +diff --git a/po/et.po b/po/et.po +index 7a106c897674..7e20265e28e8 100644 +--- a/po/et.po ++++ b/po/et.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:21+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Estonian (http://www.transifex.com/projects/p/firewalld/" +@@ -39,19 +39,19 @@ msgstr "Tulemüüri seadistamine" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -710,12 +710,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Sisse ehitatud icmp, ümbernimetamine pole toetatud." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/eu.po b/po/eu.po +index 213d2d0b01be..6510a298a7dd 100644 +--- a/po/eu.po ++++ b/po/eu.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:43+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Basque (http://www.transifex.com/projects/p/firewalld/" +@@ -39,19 +39,19 @@ msgstr "Suhesiaren konfigurazioa" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -710,12 +710,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/fi.po b/po/fi.po +index c0a1480ece0f..ef15512beaf2 100644 +--- a/po/fi.po ++++ b/po/fi.po +@@ -15,7 +15,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-08-19 12:28+0000\n" + "Last-Translator: Jiri Grönroos \n" + "Language-Team: Finnish (http://www.transifex.com/projects/p/firewalld/" +@@ -46,19 +46,19 @@ msgstr "" + "palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;" + "netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Valitse alue liitännälle '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Oletusalue" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Valitse alue yhteydelle '%s'" +@@ -726,12 +726,12 @@ msgstr "Sisäänrakennettu avustin, nimen muuttaminen ei ole tuettu." + msgid "Built-in icmp, rename not supported." + msgstr "Sisäänrakennettu icmp, nimen muuttaminen ei ole tuettu." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Tiedoston ”%s” lukeminen epäonnistui: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Valitse alue lähteelle %s" +diff --git a/po/fr.po b/po/fr.po +index 05e514edc076..1428d86b8263 100644 +--- a/po/fr.po ++++ b/po/fr.po +@@ -34,7 +34,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:23+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: French (http://www.transifex.com/projects/p/firewalld/" +@@ -63,19 +63,19 @@ msgstr "Configuration du pare-feu" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "pare-feu;réseau;sécurité;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Sélectionner la zone pour l'interface « %s »" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zone par défaut" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Sélectionner la zone pour la connexion « %s »" +@@ -755,12 +755,12 @@ msgstr "Assistant intégré, le renommage n'est pas pris en charge." + msgid "Built-in icmp, rename not supported." + msgstr "Icmp intégré, le renommage n'est pas pris en charge." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "impossible de lire le fichier « %s » : %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Sélectionner la zone pour la source « %s »" +diff --git a/po/gl.po b/po/gl.po +index e064815023b1..93a9486d565a 100644 +--- a/po/gl.po ++++ b/po/gl.po +@@ -9,7 +9,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Galician (http://www.transifex.com/projects/p/firewalld/" +@@ -38,19 +38,19 @@ msgstr "Configuración da devasa" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Escolla a zona para a interface «%s»" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -717,12 +717,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/gu.po b/po/gu.po +index 3cfcaa73dde4..92c863de46ad 100644 +--- a/po/gu.po ++++ b/po/gu.po +@@ -14,7 +14,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Gujarati (http://www.transifex.com/projects/p/firewalld/" +@@ -43,19 +43,19 @@ msgstr "ફાયરવોલ રૂપરેખાંકન" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "ફાયરવોસ;નેટવર્ક;સુરક્ષા;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "ઇન્ટરફેસ '%s' માટે વિસ્તારને પસંદ કરો" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "મૂળભૂત વિસ્તાર" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "જોડાણ '%s' માટે વિસ્તારને પસંદ કરો" +@@ -718,12 +718,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "બિલ્ટ-ઇન icmp, નામ બદલવાનું આધારભૂત નથી." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "સ્ત્રોત %s માટે વિસ્તારને પસંદ કરો" +diff --git a/po/hi.po b/po/hi.po +index 4922de0e1b4f..00e9e23d5a98 100644 +--- a/po/hi.po ++++ b/po/hi.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:28+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Hindi (http://www.transifex.com/projects/p/firewalld/language/" +@@ -39,19 +39,19 @@ msgstr "फायरवाल विन्यास " + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "अंतरफलक '%s' के लिए क्षेत्र चुनें." + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "तयशुदा क्षेत्र" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "'%s' कनेक्शन के लिए क्षेत्र चुनें" +@@ -717,12 +717,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "बिल्ट इन icmp, नाम बदलना समर्थित नहीं." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "स्रोत '%s' के लिए क्षेत्र चुनें." +diff --git a/po/hu.po b/po/hu.po +index 55b0e0ff3e82..091e30c603db 100644 +--- a/po/hu.po ++++ b/po/hu.po +@@ -24,7 +24,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:24+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Hungarian (http://www.transifex.com/projects/p/firewalld/" +@@ -53,19 +53,19 @@ msgstr "Tűzfal beállítások" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "tűzfal;hálózat;biztonság;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Zóna kiválasztása a(z) „%s” csatolóhoz" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Alapértelmezett zóna" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Zóna kiválasztása a(z) „%s” kapcsolathoz" +@@ -746,12 +746,12 @@ msgstr "Beépített segéd, az átnevezés nem támogatott." + msgid "Built-in icmp, rename not supported." + msgstr "Beépített icmp, az átnevezés nem támogatott." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Nem sikerült a(z) „%s” fájlt olvasni: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Zóna kiválasztása a(z) „%s” forráshoz" +diff --git a/po/ia.po b/po/ia.po +index 605b47b46cdc..7d396ff2d819 100644 +--- a/po/ia.po ++++ b/po/ia.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:58+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Interlingua (http://www.transifex.com/projects/p/firewalld/" +@@ -37,19 +37,19 @@ msgstr "Configuration de parafoco" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -708,12 +708,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/id.po b/po/id.po +index 8912e6fe22d6..634ef516e317 100644 +--- a/po/id.po ++++ b/po/id.po +@@ -3,7 +3,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-05-22 09:00+0000\n" + "Last-Translator: Ferdi Saptanera \n" + "Language-Team: Indonesian\n" +@@ -31,19 +31,19 @@ msgstr "Pengaturan Firewall" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Pilih zona untuk antarmuka '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona Standar" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Pilih zona untuk sambungan '%s'" +@@ -707,12 +707,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/it.po b/po/it.po +index ea9222222f06..2cd0e9d7b441 100644 +--- a/po/it.po ++++ b/po/it.po +@@ -36,7 +36,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:24+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Italian (http://www.transifex.com/projects/p/firewalld/" +@@ -65,19 +65,19 @@ msgstr "Configurazione del firewall" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;rete;sicurezza;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Seleziona zona per l'interfaccia '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona predefinita" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Seleziona la zone per la connessione '%s'" +@@ -759,12 +759,12 @@ msgstr "Helper integrato, rinominazione non supportata." + msgid "Built-in icmp, rename not supported." + msgstr "Icmp integrato, impossibile rinominare." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Impossibile leggere il file '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Selezionare la zona per il sorgente %s" +diff --git a/po/ja.po b/po/ja.po +index 0a220a6ca4a5..69328b4f2148 100644 +--- a/po/ja.po ++++ b/po/ja.po +@@ -22,7 +22,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:25+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Japanese (http://www.transifex.com/projects/p/firewalld/" +@@ -51,19 +51,19 @@ msgstr "ファイアウォールの設定" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "ファイアウォール;ネットワーク;セキュリティー;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "インターフェース '%s' のゾーンを選択する" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "標準ゾーン" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "接続 '%s' のゾーンを選択する" +@@ -745,12 +745,12 @@ msgstr "ビルトインヘルパーです。名前の変更はサポートされ + msgid "Built-in icmp, rename not supported." + msgstr "組み込みの ICMP です。名前の変更はできません。" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "ファイル '%s' の読み込みに失敗しました: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "ソース %s のゾーンを選択する" +diff --git a/po/ka.po b/po/ka.po +index 82e63b67c9d4..093058ecd7f0 100644 +--- a/po/ka.po ++++ b/po/ka.po +@@ -9,7 +9,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:24+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Georgian (http://www.transifex.com/projects/p/firewalld/" +@@ -38,19 +38,19 @@ msgstr "ქსელური ფარის კონფიგურაცი + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -709,12 +709,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "ჩადგმული icmp, სახელის შეცვლა შეუძლებელია." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/kn.po b/po/kn.po +index da695101a0bb..f3b85e24a004 100644 +--- a/po/kn.po ++++ b/po/kn.po +@@ -13,7 +13,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 09:59+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Kannada (http://www.transifex.com/projects/p/firewalld/" +@@ -42,19 +42,19 @@ msgstr "ಫೈರ್ವಾಲ್ ಸ್ವರೂಪಣೆ" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "ಫೈರ್ವಾಲ್;ಜಾಲಬಂಧ;ಸುರಕ್ಷತೆ;iptables;ನೆಟ್‌ಫಿಲ್ಟರ್‌;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "'%s' ಸಂಪರ್ಕಸಾಧನಕ್ಕಾಗಿ ವಲಯವನ್ನು ಆರಿಸಿ." + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "ಪೂರ್ವನಿಯೋಜಿತ ವಲಯ" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "'%s' ಸಂಪರ್ಕಕ್ಕಾಗಿ ವಲಯವನ್ನು ಆರಿಸಿ" +@@ -722,12 +722,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "ಒಳ-ನಿರ್ಮಿತ icmp, ಮರುಹೆಸರಿಸುವಿಕೆಗೆ ಬೆಂಬಲವಿಲ್ಲ." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "'%s' ಆಕರಕ್ಕಾಗಿ ವಲಯವನ್ನು ಆರಿಸಿ." +diff --git a/po/ko.po b/po/ko.po +index efb21a848be1..e01303ddcde4 100644 +--- a/po/ko.po ++++ b/po/ko.po +@@ -18,7 +18,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:25+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Korean (http://www.transifex.com/projects/p/firewalld/" +@@ -47,19 +47,19 @@ msgstr "방화벽 설정" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "방화벽;네트워크;보안;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "인터페이스 '%s'의 영역을 선택 " + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "기본 영역 " + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "연결 '%s'의 영역을 선택 " +@@ -736,12 +736,12 @@ msgstr "기본 제공 헬퍼, 이름 바꾸기가 지원되지 않습니다." + msgid "Built-in icmp, rename not supported." + msgstr "내장된 icmp, 이름을 바꿀 수 없습니다." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "'%s' 파일 읽기 실패: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "소스 '%s'의 영역을 선택 " +diff --git a/po/lt.po b/po/lt.po +index 1f117f5afdce..a52669f133b2 100644 +--- a/po/lt.po ++++ b/po/lt.po +@@ -3,7 +3,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-10-31 08:18+0000\n" + "Last-Translator: Moo \n" + "Language-Team: Lithuanian\n" +@@ -32,19 +32,19 @@ msgstr "Užkardos konfigūravimas" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Pasirinkite zoną sąsajai \"%s\"" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Numatytoji zona" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Pasirinkite zoną ryšiui \"%s\"" +@@ -719,12 +719,12 @@ msgstr "Įtaisytasis pagelbiklis, pervadinimas yra nepalaikomas." + msgid "Built-in icmp, rename not supported." + msgstr "Įtaisytasis icmp, pervadinimas yra nepalaikomas." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Nepavyko skaityti failą \"%s\": %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/ml.po b/po/ml.po +index a678b43179c5..8911066d3ef8 100644 +--- a/po/ml.po ++++ b/po/ml.po +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 10:00+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Malayalam (http://www.transifex.com/projects/p/firewalld/" +@@ -37,19 +37,19 @@ msgstr "ഫയര്‍വോള്‍ ക്രമീകരണം" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "'%s' ഇന്റര്‍ഫെയിസിനു് മേഘല തെരഞ്ഞെടുക്കുക" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "സ്വതവേയുളഅള മേഖല" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "'%s' കണക്ഷനു് മേഖല തെരഞ്ഞെടുക്കുക" +@@ -716,12 +716,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "ബിള്‍ട്ടിന്‍ icmp, rename പിന്തുണയ്ക്കുന്നില്ല." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "'%s' ശ്രോതസ്സിനു് മേഘല തെരഞ്ഞെടുക്കുക" +diff --git a/po/mr.po b/po/mr.po +index 06226e96075d..b5448287edef 100644 +--- a/po/mr.po ++++ b/po/mr.po +@@ -15,7 +15,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 10:00+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Marathi (http://www.transifex.com/projects/p/firewalld/" +@@ -44,19 +44,19 @@ msgstr "फायरवॉल संयोजना" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "फायरवॉल;नेटवर्क;सुरक्षा;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "संवाद '%s' करिता क्षेत्र निवडा" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "पूर्वनिर्धारित झोन" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "जोडणी '%s' करिता झोन निवडा" +@@ -721,12 +721,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "बिल्ट-इन icmp, पुनःनाव देणे समर्थीत नाही." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "सोअर्स %s करिता क्षेत्र निवडा" +diff --git a/po/nl.po b/po/nl.po +index 58324500dfe9..61ad97abaa8e 100644 +--- a/po/nl.po ++++ b/po/nl.po +@@ -17,7 +17,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:26+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Dutch (http://www.transifex.com/projects/p/firewalld/language/" +@@ -46,19 +46,19 @@ msgstr "Firewall configuratie" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;netwerk;beveiliging;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Selecteer zone voor interface '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Standaard zone" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Selecteer zone voor verbinding '%s'" +@@ -735,12 +735,12 @@ msgstr "Ingebouwde helper, hernoemen wordt niet ondersteund" + msgid "Built-in icmp, rename not supported." + msgstr "Ingebouwde icmp, hernoemen niet ondersteund" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Het lezen van bestand '%s' mislukte: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Selecteer zone voor bron %s" +diff --git a/po/or.po b/po/or.po +index 827824fa22ee..c3acb59ce420 100644 +--- a/po/or.po ++++ b/po/or.po +@@ -12,7 +12,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:33+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Oriya (http://www.transifex.com/projects/p/firewalld/language/" +@@ -41,19 +41,19 @@ msgstr "ଅଗ୍ନିକବଚର ବିନ୍ଯାସ" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "ଅନ୍ତରାପୃଷ୍ଠ '%s' ପାଇଁ ଅଞ୍ଚଳ ବାଛନ୍ତୁ" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳ" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "ସଂଯୋଗ '%s' ପାଇଁ ଅଞ୍ଚଳ ବାଛନ୍ତୁ" +@@ -719,12 +719,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "ପୂର୍ବନିର୍ମିତ icmp, ପୁନଃ ନାମକରଣ ସମର୍ଥିତ ନୁହଁ।" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "ଉତ୍ସ '%s'ପାଇଁ ଅଞ୍ଚଳ ବାଛନ୍ତୁ" +diff --git a/po/pa.po b/po/pa.po +index 3489fbaaf515..0766b6962f4b 100644 +--- a/po/pa.po ++++ b/po/pa.po +@@ -22,7 +22,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2017-11-26 02:37+0000\n" + "Last-Translator: A S Alam \n" + "Language-Team: Panjabi (Punjabi) (http://www.transifex.com/projects/p/" +@@ -51,19 +51,19 @@ msgstr "ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "ਇੰਟਰਫੇਸ '%s' ਲਈ ਜ਼ੋਨ ਚੁਣੋ" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "ਮੂਲ ਜ਼ੋਨ" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "ਸੰਪਰਕ '%s' ਲਈ ਜ਼ੋਨ ਚੁਣੋ" +@@ -728,12 +728,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "ਬਿਲਟ-ਇਨ icmp, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ।" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "ਸਰੋਤ %s ਲਈ ਜ਼ੋਨ ਚੁਣੋ" +diff --git a/po/pl.po b/po/pl.po +index edbf00f68880..33ef500dca7c 100644 +--- a/po/pl.po ++++ b/po/pl.po +@@ -17,7 +17,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:26+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Polish (http://www.transifex.com/projects/p/firewalld/" +@@ -49,19 +49,19 @@ msgstr "" + "zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeństwo;" + "zabezpieczenia;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Wybór strefy dla interfejsu „%s”" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Domyślna strefa" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Wybór strefy dla połączenia „%s”" +@@ -740,12 +740,12 @@ msgstr "Wbudowany moduł pomocniczy, zmiana nazwy nie jest obsługiwana." + msgid "Built-in icmp, rename not supported." + msgstr "Wbudowane ICMP, zmiana nazwy nie jest obsługiwana." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Odczytanie pliku „%s” się nie powiodło: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Wybór strefy dla źródła %s" +diff --git a/po/pt.po b/po/pt.po +index 196f79a143f2..3ebdecee697d 100644 +--- a/po/pt.po ++++ b/po/pt.po +@@ -11,7 +11,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-10-28 10:12+0000\n" + "Last-Translator: Miguel Sousa \n" + "Language-Team: Portuguese (http://www.transifex.com/projects/p/firewalld/" +@@ -40,19 +40,19 @@ msgstr "Configuração da Firewall" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Selecione zona para interface '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona por defeito" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Selecione zona para conexão '%s'" +@@ -716,12 +716,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "icmp pré-definido, não é possível renomear." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Selecione zona para fonte %s" +diff --git a/po/pt_BR.po b/po/pt_BR.po +index 720507208dc8..f04107c5033d 100644 +--- a/po/pt_BR.po ++++ b/po/pt_BR.po +@@ -34,7 +34,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:27+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" +@@ -63,19 +63,19 @@ msgstr "Configuração do Firewall" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Selecionar zona para interface '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona Padrão" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Selecione zona para conexão '%s'" +@@ -757,12 +757,12 @@ msgstr "Ajuda embutida, renomeação não é suportada" + msgid "Built-in icmp, rename not supported." + msgstr "icmp embutido, renomeação não é suportada." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Falha ao ler o arquivo '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Selecione zona de fonte '%s" +diff --git a/po/ru.po b/po/ru.po +index fbcf7f6c6170..83083930a6b3 100644 +--- a/po/ru.po ++++ b/po/ru.po +@@ -22,7 +22,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:27+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Russian (http://www.transifex.com/projects/p/firewalld/" +@@ -52,19 +52,19 @@ msgstr "Настройка межсетевого экрана" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "межсетевой экран;сеть;безопасность;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Выберите зону для интерфейса «%s»" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Зона по умолчанию" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Выберите зону для соединения «%s»" +@@ -741,12 +741,12 @@ msgstr "Встроенный модуль поддержки, изменение + msgid "Built-in icmp, rename not supported." + msgstr "Встроенный ICMP, переименование не поддерживается." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Не удалось прочитать файл %s: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Выберите зону для источника %s" +diff --git a/po/sk.po b/po/sk.po +index c91435dc2e74..f45afc78a85c 100644 +--- a/po/sk.po ++++ b/po/sk.po +@@ -14,7 +14,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-08-13 06:16+0000\n" + "Last-Translator: feonsu \n" + "Language-Team: Slovak (http://www.transifex.com/projects/p/firewalld/" +@@ -43,19 +43,19 @@ msgstr "Nastavenia firewallu" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;sieť;bezpečnosť;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Vyberte zónu pre rozhranie „%s“" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Predvolená zóna" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Vyberte zónu pre rozhranie '%s'" +@@ -730,12 +730,12 @@ msgstr "Integrovaný pomocník, premenovanie nie je podporované." + msgid "Built-in icmp, rename not supported." + msgstr "Integrované icmp, premenovanie nie je podporované." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Nepodarilo sa načítať súbor '%s': %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Vyberte zónu pre zdroj %s" +diff --git a/po/sq.po b/po/sq.po +index 87502cb920c4..7a54791b7884 100644 +--- a/po/sq.po ++++ b/po/sq.po +@@ -4,7 +4,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2017-04-20 11:49+0000\n" + "Last-Translator: Sidorela Uku \n" + "Language-Team: Albanian\n" +@@ -32,19 +32,19 @@ msgstr "Konfigurimi i Firewall" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Zgjidh zonën për ndërfaqen '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Zona e parazgjedhur" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Selektoni zonën për lidhjen '%s'" +@@ -703,12 +703,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/sr.po b/po/sr.po +index 2e832ccd5b7b..c47392741401 100644 +--- a/po/sr.po ++++ b/po/sr.po +@@ -12,7 +12,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:42+0000\n" + "Last-Translator: Momcilo Medic \n" + "Language-Team: Serbian (http://www.transifex.com/projects/p/firewalld/" +@@ -42,19 +42,19 @@ msgstr "Подешавање заштитног зида" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "заштитни зид;мрежа;сигурност;iptables;мрежни филтер;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Одаберите зону за интерфејс '%s'" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Подразумевана зона" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Одаберите зону за везу '%s'" +@@ -721,12 +721,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Уграђени icmp, промена имена није подржана." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Одаберите зону за извор %s" +diff --git a/po/sr@latin.po b/po/sr@latin.po +index c371df155106..1a2369c00613 100644 +--- a/po/sr@latin.po ++++ b/po/sr@latin.po +@@ -10,7 +10,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 10:03+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Serbian (Latin) (http://www.transifex.com/projects/p/" +@@ -40,19 +40,19 @@ msgstr "Podešavanje zaštitnog zida" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -711,12 +711,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/sv.po b/po/sv.po +index f88daed7f9fb..ee05a1c56751 100644 +--- a/po/sv.po ++++ b/po/sv.po +@@ -15,7 +15,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:28+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Swedish (http://www.transifex.com/projects/p/firewalld/" +@@ -44,19 +44,19 @@ msgstr "Brandväggskonfiguration" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "brandvägg;nätverk;säkerhet;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Välj zon för gränssnittet ”%s”" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Standardzon" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Välj zon för anslutningen ”%s”" +@@ -734,12 +734,12 @@ msgstr "Inbyggd hjälpare, namnbyte stödjs inte." + msgid "Built-in icmp, rename not supported." + msgstr "Inbyggd icmp, namnbyte stödjs inte." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Misslyckades att läsa filen ”%s”: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Välj zon för källan %s" +diff --git a/po/ta.po b/po/ta.po +index f6cc00799192..72ce2f3c21f7 100644 +--- a/po/ta.po ++++ b/po/ta.po +@@ -16,7 +16,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2015-02-26 10:04+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Tamil (http://www.transifex.com/projects/p/firewalld/language/" +@@ -45,19 +45,19 @@ msgstr "ஃபயர்வால் கட்டமைப்பு" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "இடைமுகம் '%s' க்கு மண்டலத்தைத் தேர்ந்தெடுக்கவும்" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "முன்னிருப்பு மண்டலம்" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "இணைப்பு %s க்கு மண்டலத்தைத் தேர்ந்தெடுக்கவும்" +@@ -726,12 +726,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "உள்ளமைந்த icmp, மறுபெயரிட ஆதரவில்லை." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "மூலம் %s க்கு மண்டலத்தைத் தேர்ந்தெடுக்கவும்" +diff --git a/po/te.po b/po/te.po +index 75653919c1b0..8d790e1a3239 100644 +--- a/po/te.po ++++ b/po/te.po +@@ -15,7 +15,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:44+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Telugu (http://www.transifex.com/projects/p/firewalld/" +@@ -44,19 +44,19 @@ msgstr "Firewall ఆకృతీకరణ" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "ఇంటర్ఫేస్ '%s' కొరకు జోన్ ఎంపికచేయి" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "అప్రమేయ క్షేత్రం" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "అనుసంధానం '%s' కొరకు క్షేత్రం ఎంపికచేయి" +@@ -723,12 +723,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "బిల్ట్-ఇన్ icmp, తిరిగిపేరు పెట్టుటకు తోడ్పాటులేదు." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "మూలం %s కొరకు జోన్ ఎంపికచేయి" +diff --git a/po/tr.po b/po/tr.po +index 2d13d81307ef..0c9a1a944308 100644 +--- a/po/tr.po ++++ b/po/tr.po +@@ -12,7 +12,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2016-01-04 12:45+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Turkish (http://www.transifex.com/projects/p/firewalld/" +@@ -41,19 +41,19 @@ msgstr "Güvenlik Duvarı Yapılandırması" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "" +@@ -720,12 +720,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Dahili icmp, Yeniden isimlendirme desteklenmiyor." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "" +diff --git a/po/uk.po b/po/uk.po +index 17157399e211..1532cb335b5d 100644 +--- a/po/uk.po ++++ b/po/uk.po +@@ -14,7 +14,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-07-29 04:00+0000\n" + "Last-Translator: Yuri Chornoivan \n" + "Language-Team: Ukrainian (http://www.transifex.com/projects/p/firewalld/" +@@ -46,19 +46,19 @@ msgstr "" + "firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;" + "безпека;захист;айпітейблс;нетфільтр;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "Виберіть зону для інтерфейсу «%s»" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "Типова зона" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "Виберіть зону для з’єднання «%s»" +@@ -736,12 +736,12 @@ msgstr "" + msgid "Built-in icmp, rename not supported." + msgstr "Вбудований ICMP, підтримки перейменування не передбачено." + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "Не вдалося прочитати файл «%s»: %s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "Виберіть зону для джерела %s" +diff --git a/po/zh_CN.po b/po/zh_CN.po +index d9804a90231b..d35f7997d58b 100644 +--- a/po/zh_CN.po ++++ b/po/zh_CN.po +@@ -24,7 +24,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2019-03-10 05:13+0000\n" + "Last-Translator: Pany \n" + "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/" +@@ -53,19 +53,19 @@ msgstr "防火墙配置" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "firewall;network;security;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "为接口 '%s' 选择区域" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "默认区域" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "为连接 '%s' 选择区域" +@@ -735,12 +735,12 @@ msgstr "内置帮助程序,不支持重命名。" + msgid "Built-in icmp, rename not supported." + msgstr "预置 ICMP,不支持重命名。" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "读取文件 %s 失败:%s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "选择来源 %s 的区域" +diff --git a/po/zh_TW.po b/po/zh_TW.po +index ac8b32c0d9e3..8dd99c405737 100644 +--- a/po/zh_TW.po ++++ b/po/zh_TW.po +@@ -21,7 +21,7 @@ msgid "" + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: \n" +-"POT-Creation-Date: 2019-05-17 12:53-0400\n" ++"POT-Creation-Date: 2019-10-01 13:55-0400\n" + "PO-Revision-Date: 2018-11-16 08:29+0000\n" + "Last-Translator: Copied by Zanata \n" + "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" +@@ -50,19 +50,19 @@ msgstr "防火牆組態" + msgid "firewall;network;security;iptables;netfilter;" + msgstr "防火牆;網路;安全性;iptables;netfilter;" + +-#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7967 ++#: ../src/firewall-applet.in:92 ../src/firewall-config.in:7971 + #, c-format + msgid "Select zone for interface '%s'" + msgstr "選取「%s」介面的界域" + + #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 + #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2439 +-#: ../src/firewall-config.in:8012 ../src/firewall-config.in:8020 +-#: ../src/firewall-config.in:8053 ../src/firewall-config.glade.h:8 ++#: ../src/firewall-config.in:8016 ../src/firewall-config.in:8024 ++#: ../src/firewall-config.in:8057 ../src/firewall-config.glade.h:8 + msgid "Default Zone" + msgstr "預設界域" + +-#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8046 ++#: ../src/firewall-applet.in:166 ../src/firewall-config.in:8050 + #, c-format + msgid "Select zone for connection '%s'" + msgstr "選取「%s」連線的界域" +@@ -732,12 +732,12 @@ msgstr "內建輔助器,不支援重新命名。" + msgid "Built-in icmp, rename not supported." + msgstr "內建 icmp,不支援重新命名。" + +-#: ../src/firewall-config.in:7935 ++#: ../src/firewall-config.in:7939 + #, c-format + msgid "Failed to read file '%s': %s" + msgstr "讀取檔案 '%s' 失敗:%s" + +-#: ../src/firewall-config.in:8068 ++#: ../src/firewall-config.in:8072 + #, c-format + msgid "Select zone for source %s" + msgstr "選取 %s 來源的界域" +-- +2.23.0 + diff --git a/SOURCES/0111-fix-src-tests-Makefile-distclean-should-clean-atconf.patch b/SOURCES/0111-fix-src-tests-Makefile-distclean-should-clean-atconf.patch new file mode 100644 index 0000000..c2f6a9b --- /dev/null +++ b/SOURCES/0111-fix-src-tests-Makefile-distclean-should-clean-atconf.patch @@ -0,0 +1,29 @@ +From cae5c660f746108ce6d791c8d9715ac1b52a9e25 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Tue, 8 Oct 2019 16:43:59 -0400 +Subject: [PATCH 111/122] fix: src/tests/Makefile: distclean should clean + atconfig + +Fixes: #523 +(cherry picked from commit e54f83201572ccaf1b44e5e5c9dcaabff391b23a) +(cherry picked from commit a51e7fbb99919a97af21e8b1975aa56f83b74e51) +--- + src/tests/Makefile.am | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index 2fb3b6b9980d..9a0352bcab05 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -10,6 +10,8 @@ EXTRA_DIST = \ + $(wildcard $(srcdir)/python/*.py) \ + $(srcdir)/package.m4 + ++DISTCLEANFILES = atconfig ++ + $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile + :;{ \ + echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ +-- +2.23.0 + diff --git a/SOURCES/0112-tests-functions-increase-firewalld-debug-level.patch b/SOURCES/0112-tests-functions-increase-firewalld-debug-level.patch new file mode 100644 index 0000000..55ae496 --- /dev/null +++ b/SOURCES/0112-tests-functions-increase-firewalld-debug-level.patch @@ -0,0 +1,28 @@ +From 611d979eefae5570bf29fd12d463d960800bf1a2 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 5 Dec 2018 09:40:46 -0500 +Subject: [PATCH 112/122] tests/functions: increase firewalld debug level + +This is so we get a dump of the iptables-restore input. + +(cherry picked from commit 8842f78c0425beb4a53d57a539330de40a2afa51) +--- + src/tests/functions.at | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 013ec098052c..02efe8ea431b 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -12,7 +12,7 @@ m4_define([FWD_START_FIREWALLD], [ + FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" + dnl if testsuite ran with debug flag, add debug output + case "${TESTSUITEFLAGS}" in +- *-d*|*--debug*) FIREWALLD_ARGS="--debug=2 ${FIREWALLD_ARGS}";; ++ *-d*|*--debug*) FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}";; + *) :;; + esac + if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then +-- +2.23.0 + diff --git a/SOURCES/0113-fix-test-use-debug-output-based-on-autotest-variable.patch b/SOURCES/0113-fix-test-use-debug-output-based-on-autotest-variable.patch new file mode 100644 index 0000000..d2df254 --- /dev/null +++ b/SOURCES/0113-fix-test-use-debug-output-based-on-autotest-variable.patch @@ -0,0 +1,34 @@ +From 6c95f06878e49de3e74b049378e88e76e9f342b2 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Wed, 16 Oct 2019 12:34:06 -0400 +Subject: [PATCH 113/122] fix: test: use debug output based on autotest + variable + +Instead of the makefile/environment variables. This allows "./testsuite +-d" to function as expected. + +(cherry picked from commit a464e068fb500e7cad59c368b4886b465c487768) +(cherry picked from commit 7515f5e8738a7d9ef51fe5848db9ea9105251bd9) +--- + src/tests/functions.at | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/tests/functions.at b/src/tests/functions.at +index 02efe8ea431b..209f0f5d2ea9 100644 +--- a/src/tests/functions.at ++++ b/src/tests/functions.at +@@ -11,10 +11,7 @@ m4_define([FWD_STOP_FIREWALLD], [ + m4_define([FWD_START_FIREWALLD], [ + FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" + dnl if testsuite ran with debug flag, add debug output +- case "${TESTSUITEFLAGS}" in +- *-d*|*--debug*) FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}";; +- *) :;; +- esac ++ ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" + if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then + FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" + fi +-- +2.23.0 + diff --git a/SOURCES/0114-chore-doc-update-authors.patch b/SOURCES/0114-chore-doc-update-authors.patch new file mode 100644 index 0000000..c63e3bb --- /dev/null +++ b/SOURCES/0114-chore-doc-update-authors.patch @@ -0,0 +1,41 @@ +From caaa99caec51667c2ffc0ddc207046f06bbdde69 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Thu, 24 Oct 2019 08:56:33 -0400 +Subject: [PATCH 114/122] chore: doc: update authors + +Add myself as I've been maintaining the project for awhile now. + +(cherry picked from commit a620255a5218d3519e41067a86fcafe7705d09c8) +(cherry picked from commit 64e119f0cc64074d8e7ba954d8c989363bc0c602) +--- + doc/xml/authors.xml | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/doc/xml/authors.xml b/doc/xml/authors.xml +index 8fadd1c10913..af28f7a9ddaa 100644 +--- a/doc/xml/authors.xml ++++ b/doc/xml/authors.xml +@@ -3,7 +3,7 @@ +