[pve-devel] superseded: [PATCH proxmox{-ve-rs, -firewall} v2 0/4] Fix ipfilters in proxmox-firewall
Stefan Hanreich
s.hanreich at proxmox.com
Wed Oct 1 18:30:16 CEST 2025
https://lore.proxmox.com/pve-devel/20251001162818.320717-1-s.hanreich@proxmox.com/T/#m96f63f1eaf21149b7140dec51b82bf3d97942c97
On 9/25/25 2:21 PM, Stefan Hanreich wrote:
> This patch series addresses two issues with ipfilters:
>
> * containers would have the wrong CIDR inserted into the auto-generated ipfilter
> ipsets
> * The nomatch logic isn't working correctly, due to wrong inversion of logic,
> leading to ipfilters not working at all
>
> Including the rustfmt patch here as well, instead of separately since we touch
> some of the imports that get changed there - leading to conflicts on applying
> otherwise.
>
> Changes from v1:
> * properly regenerate test-output with the proxmox-ve-rs patch applied
> * improve documentation of handle_set and handle_ipfilter
>
> proxmox-ve-rs:
>
> Stefan Hanreich (1):
> config: guest: store network devices in BTreeMap
>
> proxmox-ve-config/src/guest/vm.rs | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
>
> proxmox-firewall:
>
> Stefan Hanreich (3):
> run rustfmt
> ipfilter: fix wrong entries for containers
> fix #6336: fix ipfilter matching logic
>
> proxmox-firewall/src/config.rs | 6 +-
> proxmox-firewall/src/firewall.rs | 16 +-
> proxmox-firewall/src/object.rs | 6 +-
> proxmox-firewall/src/rule.rs | 161 +++++--
> proxmox-firewall/tests/input/100.conf | 1 +
> .../integration_tests__firewall.snap | 416 ++++++++++++++++++
> 6 files changed, 565 insertions(+), 41 deletions(-)
>
>
> Summary over all repositories:
> 7 files changed, 569 insertions(+), 45 deletions(-)
>
More information about the pve-devel
mailing list