[pve-devel] [PATCH docs/proxmox-firewall v2 0/4] migrate proxmox-firewall to proxmox-log + introduce subcommands

Stefan Hanreich s.hanreich at proxmox.com
Tue May 27 15:57:56 CEST 2025 

Since we now have proxmox-log as the standard crate for logging purposes,
migrate proxmox-firewall to the new logging crate.

The old logging setup was also tied with the debugging mechanisms described in
the documentation. I used that opportunity to implement specific subcommands for
debugging proxmox-firewall, instead of just relying solely on the log output.

The patch for changing to proxmox-log can be applied independently, but this
breaks the commands included in the documentation. That's why I decided to send
them as part of one patch series, because the change to proxmox-log prompted me
to implement the subcommands for debugging in the first place.

I've also looked at implementing the status subcommand, but this would currently
require a bit more work. The JSON output generated by proxmox-firewall and the
JSON output from nftables differ, because nftables does some rule rewriting /
optimization under the hood, so they're not 1:1 comparable. I'll look into
adjusting the proxmox-firewall to emitting the already optimized JSON output, so
we can compare the nft output with the output generated by proxmox-firewall.

Changes from v1:
* print USAGE on wrong subcommands
* add localnet subcommand
* rustfmt

proxmox-firewall:

Stefan Hanreich (3):
  firewall: use proxmox_log
  proxmox-firewall: add subcommands
  proxmox-firewall: add localnet subcommand

 debian/control                               |   4 +-
 debian/proxmox-firewall.service              |   4 +-
 proxmox-firewall/Cargo.toml                  |   5 +-
 proxmox-firewall/src/bin/proxmox-firewall.rs | 135 +++++++++++++++----
 proxmox-firewall/src/config.rs               |   2 +
 proxmox-firewall/src/firewall.rs             |   2 +
 proxmox-firewall/src/object.rs               |   2 +
 proxmox-firewall/src/rule.rs                 |   2 +
 8 files changed, 120 insertions(+), 36 deletions(-)


pve-docs:

Stefan Hanreich (1):
  firewall: update 'useful commands' section with new subcommands

 pve-firewall.adoc | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)


Summary over all repositories:
  9 files changed, 144 insertions(+), 50 deletions(-)

-- 
Generated by git-murpp 0.8.0

More information about the pve-devel mailing list