From 784dd349567637d8a26664ddd491e3eda1ce2231 Mon Sep 17 00:00:00 2001
From: Peter Lilley <peter@glenst.co>
Date: Oct 23 2021 07:13:25 +0000
Subject: add firewalld section to distribution.adoc


---

diff --git a/modules/release-notes/pages/sysadmin/Distribution.adoc b/modules/release-notes/pages/sysadmin/Distribution.adoc
index efbfd5d..3711459 100644
--- a/modules/release-notes/pages/sysadmin/Distribution.adoc
+++ b/modules/release-notes/pages/sysadmin/Distribution.adoc
@@ -3,3 +3,21 @@ include::{partialsdir}/entities.adoc[]
 
 [[select-distribution]]
 = Distribution-wide Changes
+
+[[firewalld]]
+== Update firewalld to v1.0.0
+*firewalld* has been rebased to v1.0.0.
+
+Major changes:
+
+- Reduced dependencies.
+- Intra-zone forwarding by default.
+- NAT rules moved to `inet` family (reduced rule set).
+- `default` target is now similar to `reject`.
+- ICMP blocks and block inversion only apply to input, not forward.
+- `tftp-client` service has been removed.
+- `iptables` backend is deprecated.
+- Direct interface is deprecated.
+- `CleanupModulesOnExit` defaults to `no` (kernel modules not unloaded).
+
+Full details on the link:++https://firewalld.org/2021/06/the-upcoming-1-0-0++[upstream blog].