[pve-devel] applied: [PATCH proxmox-firewall 0/3] create ipsets with auto-merge option enabled
Thomas Lamprecht
t.lamprecht at proxmox.com
Sat Oct 4 14:58:40 CEST 2025
On Thu, 25 Sep 2025 18:12:44 +0200, Stefan Hanreich wrote:
> nftables interval sets do not merge overlapping / adjacent CIDRs / ranges by
> default. Instead, nftables errors out, refusing to insert new set elements. This
> was a problem with proxmox-firewall, since ip sets with overlapping entries
> could cause the firewall daemon to refuse working.
>
> Since v1.1.0 [1] (and therefore, Debian trixie) the nftables json interface
> supports setting the auto-merge options for sets.
>
> [...]
Applied, thanks!
[1/3] nftables: add support for auto-merge set option
commit: ed03912fd5c596ec7eb2659a5b89ef23ec9302b8
[2/3] firewall: set auto-merge flag for ipsets
commit: fce33f8ca6784afa69a662f8401c7946c2c221c2
[3/3] firewall: tests: regenerate snapshot
NOTE: squashed into former commit to avoid breaking build temporarily
without reason.
More information about the pve-devel
mailing list