On Thu, 25 Sep 2025 16:31:18 +0200, Stefan Hanreich wrote:
> To override the local_network, which is used in the management ipset,
> pve-firewall used a specific alias on datacenter-level
> 'local_network'. If an ipset called 'management' exists on the
> datacenter-level then those entries would additionally get added to
> the management ipset.
>
> proxmox-firewall had a different behavior where the alias was ignored
> and the management ipset was completely overridden if a custom ipset
> was defined in the datacenter-level configuration. This could
> potentially lead to users locking themselves out of their PVE instance
> if they create a new ipset called 'management' and the firewall daemon
> recreated the ruleset while there still weren't any entries in the
> ipset. This commit make proxmox-firewall behave like pve-firewall with
> regards to management ipset creation.
>
> [...]
Applied, thanks!
[1/1] firewall: merge management ipset with local_network
commit: 0d7d42d9957f665e8cd15acb362921e2b5c060a6
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
