[pve-devel] [PATCH proxmox-firewall/ve-rs 0/3] Fix ICMPv6 types in nftables

Gabriel Goller g.goller at proxmox.com
Tue Sep 16 11:31:09 CEST 2025


Currently when setting ICMPv6 types on the old firewall (iptables) then
switching to the new one (nftables) a few types will fail because they have
been renamed in nftables. The most prominent are
neighbor-solicitation/advertisement but there are a few more. There are also
some that are not supported in nftables and need to be handled accordingly.
Add a mapping which maps old types to new types and converts them when parsing
the config. This way we are transparent and can switch to using the new
nftables names in the future.

ve-rs:

Gabriel Goller (2):
  fix: firewall: introduce iptables to nftables mapping for icmpv6-types
  firewall: correctly return errors when parsing icmpv6 types and codes.

 .../src/firewall/types/rule_match.rs          | 89 ++++++++++++++-----
 1 file changed, 69 insertions(+), 20 deletions(-)


proxmox-firewall:

Gabriel Goller (1):
  tests: add icmpv6 type mapping test

 proxmox-firewall/tests/input/host.fw          |  1 +
 .../integration_tests__firewall.snap          | 63 +++++++++++++++++++
 2 files changed, 64 insertions(+)


Summary over all repositories:
  3 files changed, 133 insertions(+), 20 deletions(-)

-- 
Generated by git-murpp 0.8.0




More information about the pve-devel mailing list