[pve-devel] [PATCH pve-firewall v4 6/9] api: load sdn ipsets
Thomas Lamprecht
t.lamprecht at proxmox.com
Sun Nov 17 15:30:56 CET 2024
Am 15.11.24 um 13:09 schrieb Stefan Hanreich:
> Since the SDN configuration reads the IPAM config file, which resides
does that mean the earlier patches already require this? They load
the SDN config already FWICT; and if so, it would be great to either
have that change in those patches or upfront as separate patches, this
has rather reaching consequences after all...
> in /etc/pve/priv we need to add the protected flag to several
> endpoints.
That's wrong, the general IPAM config resides in /etc/pve/sdn/ipams.cfg,
the ipam.db from the PVE IPAM Plugin does indeed reside in the private
directory.
But, why's that? The commits adding it weren't really telling, but there
are no secrets in there, so why does it have to be priv? We could move
them over to /etc/pve/sdn/pve-ipam.db with some backward compat handling
(either in pmxcfs directly or in the backend site of things). Just tell
me if that would be fine in general, or what the original reason for having
this file only visible for root, and I can help you here.
More information about the pve-devel
mailing list