[pve-devel] [PATCH proxmox{-ve-rs, -firewall} v3 0/4] Fix ipfilters in proxmox-firewall
Hannes Laimer
h.laimer at proxmox.com
Thu Oct 2 07:43:39 CEST 2025
Changes look good now! I also gave this a quick spin and it did fix the
mentioned problems, so consider this
Tested-by: Hannes Laimer <h.laimer at proxmox.com>
Reviewed-by: Hannes Laimer <h.laimer at proxmox.com>
On 10/1/25 18:28, Stefan Hanreich wrote:
> This patch series addresses two issues with ipfilters:
>
> * containers would have the wrong CIDR inserted into the auto-generated ipfilter
> ipsets
> * The nomatch logic isn't working correctly, due to wrong inversion of logic,
> leading to ipfilters not working at all
>
> Including the rustfmt patch here as well, instead of separately since we touch
> some of the imports that get changed there - leading to conflicts on applying
> otherwise.
>
> Changes from v2:
> * fix wrong family when generating ipfilter rules for V6
>
> Changes from v1:
> * properly regenerate test-output with the proxmox-ve-rs patch applied
> * improve documentation of handle_set and handle_ipfilter
>
> proxmox-ve-rs:
>
> Stefan Hanreich (1):
> config: guest: store network devices in BTreeMap
>
> proxmox-ve-config/src/guest/vm.rs | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
>
> proxmox-firewall:
>
> Stefan Hanreich (3):
> run rustfmt
> ipfilter: fix wrong entries for containers
> fix #6336: fix ipfilter matching logic
>
> proxmox-firewall/src/config.rs | 6 +-
> proxmox-firewall/src/firewall.rs | 16 +-
> proxmox-firewall/src/object.rs | 6 +-
> proxmox-firewall/src/rule.rs | 161 +++++--
> proxmox-firewall/tests/input/100.conf | 1 +
> .../integration_tests__firewall.snap | 416 ++++++++++++++++++
> 6 files changed, 565 insertions(+), 41 deletions(-)
>
>
> Summary over all repositories:
> 7 files changed, 569 insertions(+), 45 deletions(-)
>
More information about the pve-devel
mailing list