[pve-devel] [RFC firewall/proxmox{-ve-rs, -firewall, -perl-rs} 00/21] autogenerate ipsets for sdn objects
Gabriel Goller
g.goller at proxmox.com
Fri Jun 28 15:46:36 CEST 2024
Already talked with Stefan offlist, but some major things I noted when
testing:
* It would be cool to have the generated IPSets visible in the IPSet
menu under Firewall (Datacenter). We could add a checkmark to hide
them (as there can be quite many) and make them read-only.
* Zones can be restricted to specific Nodes, but we generate the
IPSets on every Node for all Zones. This means some IPSets are
useless and we could avoid generating them in the first place.
Otherwise the IPSet generation works fine. The algorithm for generating
iptables ipset ranges also works perfectly!
More information about the pve-devel
mailing list