[pve-devel] [RFC container/firewall/manager/proxmox-firewall/qemu-server 00/37] proxmox firewall nftables implementation

Stefan Hanreich s.hanreich at proxmox.com
Thu Apr 11 07:21:14 CEST 2024


On 4/10/24 12:25, Lukas Wagner wrote:
> Did a relatively shallow review of the Rust parts, digging deeper only into
> a smaller subset of the code.
> Some aspects where I see room for improvement are mostly documentation,
> as Max already mentioned, and some more automated testing. I think it would
> greatly benefit the long-term maintainability of this tool to test the
> the full 'config files' --> 'Command' transformation. This would require some
> refactoring in the part reading the configuration, because currently the
> config paths seem to be mostly hard coded. 
> Since `Command` is serializable anyway, we could have a nice test suite of
> firewall/VM config files and expected commands as JSON dumps. 
> This will be tedious to setup at first, but will help to detect any unwanted
> regressions in the long-term.

Yes, that is certainly something that is on the menu, as we've already
talked off-list using something like insta[1], which is already
packaged, would be a good approach to this imo.

[1] https://github.com/mitsuhiko/insta




More information about the pve-devel mailing list