[pve-devel] [RFC firewall/proxmox{-ve-rs, -firewall, -perl-rs} 00/21] autogenerate ipsets for sdn objects

Gabriel Goller g.goller at proxmox.com
Fri Jun 28 15:46:36 CEST 2024


Already talked with Stefan offlist, but some major things I noted when
testing:
  * It would be cool to have the generated IPSets visible in the IPSet
    menu under Firewall (Datacenter). We could add a checkmark to hide
    them (as there can be quite many) and make them read-only.
  * Zones can be restricted to specific Nodes, but we generate the
    IPSets on every Node for all Zones. This means some IPSets are
    useless and we could avoid generating them in the first place.


Otherwise the IPSet generation works fine. The algorithm for generating
iptables ipset ranges also works perfectly!




More information about the pve-devel mailing list