In this case an employee managed to create the following ipset: # cat /var/lib/pve-firewall/ipsetcmdlist1 destroy PVEFW-120-letsencrypt-v4_swap create PVEFW-120-letsencrypt-v4_swap hash:net family inet hashsize 64 maxelem 64 add PVEFW-120-letsencrypt-v4_swap 0.0.0.0/0 swap PVEFW-120-letsencrypt-v4_swap PVEFW-120-letsencrypt-v4 flush PVEFW-120-letsencrypt-v4_swap destroy PVEFW-120-letsencrypt-v4_swap
which fails: ipset_restore_cmdlist: ipset v6.23: Error in line 3: The value of the CIDR parameter of the IP address is invalid Stefan Am 29.11.2016 um 10:10 schrieb Stefan Priebe - Profihost AG: > Hello, > > today i've noticed that the firewall is nearly inactive on a node. > > systemctl status says: > Nov 29 10:07:05 node2 pve-firewall[2534]: status update error: > ipset_restore_cmdlist: ipset v6.23: Error in line 3: The value of the > CIDR parameter of the IP address is invalid > Nov 29 10:07:14 node2 pve-firewall[2534]: status update error: > ipset_restore_cmdlist: ipset v6.23: Error in line 3: The value of the > CIDR parameter of the IP address is invalid > Nov 29 10:07:24 node2 pve-firewall[2534]: status update error: > ipset_restore_cmdlist: ipset v6.23: Error in line 3: The value of the > CIDR parameter of the IP address is invalid > > So it seems that the whole firewall breaks if there is somewhere > something wrong. > > I think especially for the firewall it's important to jsut skip that > line but process all other values. > > How is your opinion? Any idea how to "fix" that? > > Greets, > Stefan > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel