Am 23/04/2024 um 18:02 schrieb Stefan Hanreich: > Currently we generated DROP statements for all rules involving REJECT. > We only need to generate DROP when in the postrouting chain of tables > with type bridge, since REJECT is disallowed there. Otherwise we jump > into the do-reject chain which properly handles rejects for different > protocol types. > > Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> > --- > Seems like the proper handling for this got lost somewhere during my > big refactoring :/ > > .../resources/proxmox-firewall.nft | 7 +- > proxmox-firewall/src/firewall.rs | 9 +- > proxmox-firewall/src/rule.rs | 22 ++- > proxmox-firewall/tests/input/100.fw | 2 + > proxmox-firewall/tests/input/host.fw | 2 + > .../integration_tests__firewall.snap | 158 +++++++++++++++++- > proxmox-nftables/src/statement.rs | 6 +- > 7 files changed, 197 insertions(+), 9 deletions(-) > >
applied, with the Reported-by from Sterz amended in, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel