[pve-devel] [PATCH ve-rs 1/2] fix: firewall: introduce iptables to nftables mapping for icmpv6-types
Thomas Lamprecht
t.lamprecht at proxmox.com
Sat Oct 4 15:17:30 CEST 2025
Am 16.09.25 um 11:32 schrieb Gabriel Goller:
> + if let Ok(index) = IPTABLES_ICMP_TYPES_MAPPING.binary_search_by(|v| v.0.cmp(s)) {
> + if let Some(mapped_nftables_type) = IPTABLES_ICMP_TYPES_MAPPING[index].1 {
> + return Ok(Self::Named(mapped_nftables_type));
> + } else {
> + bail!("icmp_type {s:?} is unsupported in nftables");
How is this Err handled on use sites? As for the bail below I'd be fine
if it causes some further failure down the road, but if it is a supported
type in pve-firewall above should not cause any actual error or rule
generations to get skipped, besides skipping the nftables-unsupported
ones, obviously.
Also, the linked wiki spots "Last update: Mar/2022" at the top, so a bit
dated. Did you actually try if this is still the case for all of the
listed ones?
> + }
> + }
> +
> bail!("{s:?} is not a valid icmpv6 type");
> }
More information about the pve-devel
mailing list