[pve-devel] [PATCH proxmox-firewall 1/2] fix: firewall: apply `nt_conntrack_allow_invalid` to all chains
Hannes Laimer
h.laimer at proxmox.com
Wed Mar 12 11:18:08 CET 2025
On 3/4/25 13:24, Stefan Hanreich wrote:
> default-in is also checking for conntrack status, so we should put this
I think `default-in` is currently noop'ing[1] ct state invalid, am I
missing something? I though maybe there's a reason for that, so I
left it as is, as with the change we'd drop there with invalid ct
state.
[1]
https://git.proxmox.com/?p=proxmox-firewall.git;a=blob;f=proxmox-firewall/resources/proxmox-firewall.nft;h=2dd7c48bc68b3ddf404e53a1c7be9e624227be13;hb=refs/heads/master#l208
> there as well. Other than that consider this:
More information about the pve-devel
mailing list