[pve-devel] applied: [PATCH proxmox-firewall] firewall: properly handle REJECT rules
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Apr 23 18:37:33 CEST 2024
Am 23/04/2024 um 18:02 schrieb Stefan Hanreich:
> Currently we generated DROP statements for all rules involving REJECT.
> We only need to generate DROP when in the postrouting chain of tables
> with type bridge, since REJECT is disallowed there. Otherwise we jump
> into the do-reject chain which properly handles rejects for different
> protocol types.
>
> Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
> ---
> Seems like the proper handling for this got lost somewhere during my
> big refactoring :/
>
> .../resources/proxmox-firewall.nft | 7 +-
> proxmox-firewall/src/firewall.rs | 9 +-
> proxmox-firewall/src/rule.rs | 22 ++-
> proxmox-firewall/tests/input/100.fw | 2 +
> proxmox-firewall/tests/input/host.fw | 2 +
> .../integration_tests__firewall.snap | 158 +++++++++++++++++-
> proxmox-nftables/src/statement.rs | 6 +-
> 7 files changed, 197 insertions(+), 9 deletions(-)
>
>
applied, with the Reported-by from Sterz amended in, thanks!
More information about the pve-devel
mailing list