Re: [pve-devel] pve-firewall : -m conntrack --ctstate INVALID -j DROP is dropping connections on firewall restart

>>By reverting the 2 rules order, it's working fine >> >>iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT >>iptables -A FORWARD -m conntrack --ctstate INVALID -j DROP Sorry, the order don't change nothing. (as it's matching on cstate, and we can only have 1 state) It

Re: [pve-devel] pve-firewall : vm live migration: rules applied only after vm config file move

>>Perhaps using Network Namespaces would help? I'd like to see Proxmox >>officially support them for other reasons, this might be one reason to do. >>You could recreate the Network Namespace in the destination for the VM about >>to be migrated. Well, we already have a fwbr created when target

Re: [pve-devel] pve-firewall : vm live migration: rules applied only after vm config file move

Perhaps using Network Namespaces would help? I'd like to see Proxmox officially support them for other reasons, this might be one reason to do. You could recreate the Network Namespace in the destination for the VM about to be migrated. - Paul Alexandre DERUMIER wrote on 2/11/2019 3:05 PM:

[pve-devel] pve-firewall : -m conntrack --ctstate INVALID -j DROP is dropping connections on firewall restart

Hi, I have notice a bug with current firewall implementation, with a simple test like: 1) host fw: iptables -F iptables -X iptables -A FORWARD -m conntrack --ctstate INVALID -j DROP iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables-save > rules.dump

[pve-devel] [PATCH docs] pve-firewall minor corrections

Signed-off-by: Oguz Bektas --- pve-firewall.adoc | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pve-firewall.adoc b/pve-firewall.adoc index bc9df0e..acaca95 100644 --- a/pve-firewall.adoc +++ b/pve-firewall.adoc @@ -231,8 +231,8 @@ Here are some examples: IN

[pve-devel] [PATCH manager] 1145 Show datacenter firewall status in firewall options tabs

Display the status of the datacenter firewall in the top bar of every firewall options tab. Signed-off-by: Christian Ebner --- www/manager6/grid/FirewallOptions.js | 58 +++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git

[pve-devel] [PATCH docs] typo managment -> management

Signed-off-by: Oguz Bektas --- certificate-managment.adoc => certificate-management.adoc | 0 pve-storage-cephfs.adoc | 2 +- sysadmin.adoc | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename

[pve-devel] [PATCH docs] pveceph minor language corrections

Signed-off-by: Oguz Bektas --- pveceph.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pveceph.adoc b/pveceph.adoc index c90a92e..3af8431 100644 --- a/pveceph.adoc +++ b/pveceph.adoc @@ -211,7 +211,7 @@ This is the default when creating OSDs in Ceph luminous.

[pve-devel] proxmox wiki update: removing No-Subscription debian repo

Hi, Is this the best place to suggest changes to the pve wiki? It seems that account creation is disabled there these days. The installation steps[1] have a section 'Configure apt to use the new packages repositories' mentioning that you need to add a repository. In my experience the