[pve-devel] [PATCH proxmox-firewall/ve-rs 0/3] Fix ICMPv6 types in nftables
Gabriel Goller
g.goller at proxmox.com
Tue Sep 16 11:31:09 CEST 2025
Currently when setting ICMPv6 types on the old firewall (iptables) then
switching to the new one (nftables) a few types will fail because they have
been renamed in nftables. The most prominent are
neighbor-solicitation/advertisement but there are a few more. There are also
some that are not supported in nftables and need to be handled accordingly.
Add a mapping which maps old types to new types and converts them when parsing
the config. This way we are transparent and can switch to using the new
nftables names in the future.
ve-rs:
Gabriel Goller (2):
fix: firewall: introduce iptables to nftables mapping for icmpv6-types
firewall: correctly return errors when parsing icmpv6 types and codes.
.../src/firewall/types/rule_match.rs | 89 ++++++++++++++-----
1 file changed, 69 insertions(+), 20 deletions(-)
proxmox-firewall:
Gabriel Goller (1):
tests: add icmpv6 type mapping test
proxmox-firewall/tests/input/host.fw | 1 +
.../integration_tests__firewall.snap | 63 +++++++++++++++++++
2 files changed, 64 insertions(+)
Summary over all repositories:
3 files changed, 133 insertions(+), 20 deletions(-)
--
Generated by git-murpp 0.8.0
More information about the pve-devel
mailing list