[pve-devel] pve-firewall : ebtables

[Stefan Priebe - Profihost AG]

Am 15.07.2014 11:41, schrieb Alexandre DERUMIER:
>>> But swap fails due to type missmatch. First one is hash:net and 2nd one 
>>> is list:set. 
> 
> Are you sure it was not a previously generated PVEFW-0-venet0, before applying my patches ?
> 
> can you try to force a
> 
> iptables -F
> iptables -X
> ipset -F
> ipset -X

Didn't work. Said kernel has that one in use. But after a reboot the
ipset problem is fixed.

Now i get:
pve-firewall start -debug 1
ebtables : unable to update chain 'PVEFW-FWBR-OUT'
ebtables : unable to update chain 'PVEFW-FWBR-OUT'
ebtables : unable to update chain 'tap103i0-OUT'
ebtables : unable to update chain 'tap103i0-OUT'
ebtables : unable to update chain 'tap103i0-OUT'
ebtables : unable to update chain 'tap103i0-OUT'

will debug this one now.

Stefan

> ----- Mail original ----- 
> 
> De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
> À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com 
> Envoyé: Mardi 15 Juillet 2014 11:35:59 
> Objet: Re: [pve-devel] pve-firewall : ebtables 
> 
> 
> Am 15.07.2014 10:48, schrieb Stefan Priebe - Profihost AG: 
>>
>> Am 15.07.2014 06:39, schrieb Alexandre Derumier: 
>>> Hi, 
>>> here the ebtables patches, details are in commits. 
>>>
>>> Please comment, feel free to change and adapt them. 
> 
> 
> The code generates the following ipset stuff: 
> 
> Name: PVEFW-0-venet0 
> Type: hash:net 
> Header: family inet hashsize 64 maxelem 64 
> Size in memory: 1424 
> References: 4 
> Members: 
> 
> later it tries this 
> input destroy PVEFW-0-venet0_swap 
> create PVEFW-0-venet0_swap list:set size 4 
> swap PVEFW-0-venet0_swap PVEFW-0-venet0 
> flush PVEFW-0-venet0_swap 
> destroy PVEFW-0-venet0_swap 
> 
> 
> But swap fails due to type missmatch. First one is hash:net and 2nd one 
> is list:set. 
> 
> 
> 
> Stefan 
>