NOTE: This patch series is based on [1], which is required in order for the ipset name validation introduced in this patch series to work. Otherwise I'd have to include additional code to work around 'virtual' ipsets (such as ip filters) just to throw it away immediately after.
# Introduction The introduction of scopes to alias / ipset names in firewall rules in Proxmox VE 8 did not include any automated mechanism for converting firewall rules. Many users still have firewall configurations containing unscoped names. The initial decision to only support the new format with proxmox-firewall led to problems with users trying to migrate to the nftables firewall, since the daemon fails to parse the configuration and generates no nftables ruleset at all. Changes from v1: * Fix rules referencing SDN IPSets * Fix error message when trying to look up a non-existing ipset * rebased on top of IP Filter patch series [1] [1] https://lore.proxmox.com/pve-devel/[email protected]/T proxmox-ve-rs: Stefan Hanreich (2): config: firewall: add support for legacy alias names config: firewall: add support for legacy ipset names proxmox-ve-config/src/firewall/cluster.rs | 16 ++- proxmox-ve-config/src/firewall/common.rs | 4 + proxmox-ve-config/src/firewall/guest.rs | 10 +- proxmox-ve-config/src/firewall/types/alias.rs | 98 ++++++++++++++++- proxmox-ve-config/src/firewall/types/ipset.rs | 104 +++++++++++++++++- proxmox-ve-config/src/firewall/types/rule.rs | 14 ++- .../src/firewall/types/rule_match.rs | 14 +-- 7 files changed, 232 insertions(+), 28 deletions(-) proxmox-firewall: Stefan Hanreich (1): fix #6107: add support for legacy ipset / alias names proxmox-firewall/src/config.rs | 93 ++++++++-- proxmox-firewall/src/firewall.rs | 11 +- proxmox-firewall/src/object.rs | 4 +- proxmox-firewall/src/rule.rs | 26 ++- proxmox-firewall/tests/input/cluster.fw | 2 + .../integration_tests__firewall.snap | 172 ++++++++++++++++++ 6 files changed, 273 insertions(+), 35 deletions(-) Summary over all repositories: 13 files changed, 505 insertions(+), 63 deletions(-) -- Generated by git-murpp 0.8.0 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
