From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: pve-devel@lists.proxmox.com, Stefan Hanreich <s.hanreich@proxmox.com>
Subject: [pve-devel] applied: [PATCH proxmox-firewall 1/1] firewall: merge management ipset with local_network
Date: Sat, 4 Oct 2025 14:58:41 +0200 [thread overview]
Message-ID: <175958267536.2042357.11952972686688673777.b4-ty@proxmox.com> (raw)
In-Reply-To: <20250925143119.330179-1-s.hanreich@proxmox.com>
On Thu, 25 Sep 2025 16:31:18 +0200, Stefan Hanreich wrote:
> To override the local_network, which is used in the management ipset,
> pve-firewall used a specific alias on datacenter-level
> 'local_network'. If an ipset called 'management' exists on the
> datacenter-level then those entries would additionally get added to
> the management ipset.
>
> proxmox-firewall had a different behavior where the alias was ignored
> and the management ipset was completely overridden if a custom ipset
> was defined in the datacenter-level configuration. This could
> potentially lead to users locking themselves out of their PVE instance
> if they create a new ipset called 'management' and the firewall daemon
> recreated the ruleset while there still weren't any entries in the
> ipset. This commit make proxmox-firewall behave like pve-firewall with
> regards to management ipset creation.
>
> [...]
Applied, thanks!
[1/1] firewall: merge management ipset with local_network
commit: 0d7d42d9957f665e8cd15acb362921e2b5c060a6
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-10-04 12:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 14:31 [pve-devel] " Stefan Hanreich
2025-10-04 12:58 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=175958267536.2042357.11952972686688673777.b4-ty@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=s.hanreich@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.