From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Stefan Hanreich <s.hanreich@proxmox.com>,
Wolfgang Bumiller <w.bumiller@proxmox.com>
Subject: [pve-devel] [PATCH proxmox-firewall 15/37] config: firewall: add firewall macros
Date: Tue, 2 Apr 2024 19:16:07 +0200 [thread overview]
Message-ID: <20240402171629.536804-16-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20240402171629.536804-1-s.hanreich@proxmox.com>
Co-authored-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-ve-config/resources/macros.json | 896 ++++++++++++++++++++
proxmox-ve-config/src/firewall/fw_macros.rs | 69 ++
proxmox-ve-config/src/firewall/mod.rs | 1 +
3 files changed, 966 insertions(+)
create mode 100644 proxmox-ve-config/resources/macros.json
create mode 100644 proxmox-ve-config/src/firewall/fw_macros.rs
diff --git a/proxmox-ve-config/resources/macros.json b/proxmox-ve-config/resources/macros.json
new file mode 100644
index 0000000..666bcbf
--- /dev/null
+++ b/proxmox-ve-config/resources/macros.json
@@ -0,0 +1,896 @@
+{
+ "Amanda": {
+ "code": [
+ {
+ "dport": "10080",
+ "proto": "udp"
+ },
+ {
+ "dport": "10080",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Amanda Backup"
+ },
+ "Auth": {
+ "code": [
+ {
+ "dport": "113",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Auth (identd) traffic"
+ },
+ "BGP": {
+ "code": [
+ {
+ "dport": "179",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Border Gateway Protocol traffic"
+ },
+ "BitTorrent": {
+ "code": [
+ {
+ "dport": "6881:6889",
+ "proto": "tcp"
+ },
+ {
+ "dport": "6881",
+ "proto": "udp"
+ }
+ ],
+ "desc": "BitTorrent traffic for BitTorrent 3.1 and earlier"
+ },
+ "BitTorrent32": {
+ "code": [
+ {
+ "dport": "6881:6999",
+ "proto": "tcp"
+ },
+ {
+ "dport": "6881",
+ "proto": "udp"
+ }
+ ],
+ "desc": "BitTorrent traffic for BitTorrent 3.2 and later"
+ },
+ "CVS": {
+ "code": [
+ {
+ "dport": "2401",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Concurrent Versions System pserver traffic"
+ },
+ "Ceph": {
+ "code": [
+ {
+ "dport": "6789",
+ "proto": "tcp"
+ },
+ {
+ "dport": "3300",
+ "proto": "tcp"
+ },
+ {
+ "dport": "6800:7300",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Ceph Storage Cluster traffic (Ceph Monitors, OSD & MDS Daemons)"
+ },
+ "Citrix": {
+ "code": [
+ {
+ "dport": "1494",
+ "proto": "tcp"
+ },
+ {
+ "dport": "1604",
+ "proto": "udp"
+ },
+ {
+ "dport": "2598",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Citrix/ICA traffic (ICA, ICA Browser, CGP)"
+ },
+ "DAAP": {
+ "code": [
+ {
+ "dport": "3689",
+ "proto": "tcp"
+ },
+ {
+ "dport": "3689",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Digital Audio Access Protocol traffic (iTunes, Rythmbox daemons)"
+ },
+ "DCC": {
+ "code": [
+ {
+ "dport": "6277",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Distributed Checksum Clearinghouse spam filtering mechanism"
+ },
+ "DHCPfwd": {
+ "code": [
+ {
+ "dport": "67:68",
+ "proto": "udp",
+ "sport": "67:68"
+ }
+ ],
+ "desc": "Forwarded DHCP traffic"
+ },
+ "DHCPv6": {
+ "code": [
+ {
+ "dport": "546:547",
+ "proto": "udp",
+ "sport": "546:547"
+ }
+ ],
+ "desc": "DHCPv6 traffic"
+ },
+ "DNS": {
+ "code": [
+ {
+ "dport": "53",
+ "proto": "udp"
+ },
+ {
+ "dport": "53",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Domain Name System traffic (upd and tcp)"
+ },
+ "Distcc": {
+ "code": [
+ {
+ "dport": "3632",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Distributed Compiler service"
+ },
+ "FTP": {
+ "code": [
+ {
+ "dport": "21",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "File Transfer Protocol"
+ },
+ "Finger": {
+ "code": [
+ {
+ "dport": "79",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Finger protocol (RFC 742)"
+ },
+ "GNUnet": {
+ "code": [
+ {
+ "dport": "2086",
+ "proto": "tcp"
+ },
+ {
+ "dport": "2086",
+ "proto": "udp"
+ },
+ {
+ "dport": "1080",
+ "proto": "tcp"
+ },
+ {
+ "dport": "1080",
+ "proto": "udp"
+ }
+ ],
+ "desc": "GNUnet secure peer-to-peer networking traffic"
+ },
+ "GRE": {
+ "code": [
+ {
+ "proto": "47"
+ }
+ ],
+ "desc": "Generic Routing Encapsulation tunneling protocol"
+ },
+ "Git": {
+ "code": [
+ {
+ "dport": "9418",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Git distributed revision control traffic"
+ },
+ "HKP": {
+ "code": [
+ {
+ "dport": "11371",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "OpenPGP HTTP key server protocol traffic"
+ },
+ "HTTP": {
+ "code": [
+ {
+ "dport": "80",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Hypertext Transfer Protocol (WWW)"
+ },
+ "HTTPS": {
+ "code": [
+ {
+ "dport": "443",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Hypertext Transfer Protocol (WWW) over SSL"
+ },
+ "ICPV2": {
+ "code": [
+ {
+ "dport": "3130",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Internet Cache Protocol V2 (Squid) traffic"
+ },
+ "ICQ": {
+ "code": [
+ {
+ "dport": "5190",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "AOL Instant Messenger traffic"
+ },
+ "IMAP": {
+ "code": [
+ {
+ "dport": "143",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Internet Message Access Protocol"
+ },
+ "IMAPS": {
+ "code": [
+ {
+ "dport": "993",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Internet Message Access Protocol over SSL"
+ },
+ "IPIP": {
+ "code": [
+ {
+ "proto": "94"
+ }
+ ],
+ "desc": "IPIP capsulation traffic"
+ },
+ "IPsec": {
+ "code": [
+ {
+ "dport": "500",
+ "proto": "udp",
+ "sport": "500"
+ },
+ {
+ "proto": "50"
+ }
+ ],
+ "desc": "IPsec traffic"
+ },
+ "IPsecah": {
+ "code": [
+ {
+ "dport": "500",
+ "proto": "udp",
+ "sport": "500"
+ },
+ {
+ "proto": "51"
+ }
+ ],
+ "desc": "IPsec authentication (AH) traffic"
+ },
+ "IPsecnat": {
+ "code": [
+ {
+ "dport": "500",
+ "proto": "udp"
+ },
+ {
+ "dport": "4500",
+ "proto": "udp"
+ },
+ {
+ "proto": "50"
+ }
+ ],
+ "desc": "IPsec traffic and Nat-Traversal"
+ },
+ "IRC": {
+ "code": [
+ {
+ "dport": "6667",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Internet Relay Chat traffic"
+ },
+ "Jetdirect": {
+ "code": [
+ {
+ "dport": "9100",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "HP Jetdirect printing"
+ },
+ "L2TP": {
+ "code": [
+ {
+ "dport": "1701",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Layer 2 Tunneling Protocol traffic"
+ },
+ "LDAP": {
+ "code": [
+ {
+ "dport": "389",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Lightweight Directory Access Protocol traffic"
+ },
+ "LDAPS": {
+ "code": [
+ {
+ "dport": "636",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Secure Lightweight Directory Access Protocol traffic"
+ },
+ "MDNS": {
+ "code": [
+ {
+ "dport": "5353",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Multicast DNS"
+ },
+ "MSNP": {
+ "code": [
+ {
+ "dport": "1863",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft Notification Protocol"
+ },
+ "MSSQL": {
+ "code": [
+ {
+ "dport": "1433",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft SQL Server"
+ },
+ "Mail": {
+ "code": [
+ {
+ "dport": "25",
+ "proto": "tcp"
+ },
+ {
+ "dport": "465",
+ "proto": "tcp"
+ },
+ {
+ "dport": "587",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Mail traffic (SMTP, SMTPS, Submission)"
+ },
+ "Munin": {
+ "code": [
+ {
+ "dport": "4949",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Munin networked resource monitoring traffic"
+ },
+ "MySQL": {
+ "code": [
+ {
+ "dport": "3306",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "MySQL server"
+ },
+ "NNTP": {
+ "code": [
+ {
+ "dport": "119",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "NNTP traffic (Usenet)."
+ },
+ "NNTPS": {
+ "code": [
+ {
+ "dport": "563",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Encrypted NNTP traffic (Usenet)"
+ },
+ "NTP": {
+ "code": [
+ {
+ "dport": "123",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Network Time Protocol (ntpd)"
+ },
+ "NeighborDiscovery": {
+ "code": [
+ {
+ "dport": "nd-router-solicit",
+ "proto": "icmpv6"
+ },
+ {
+ "dport": "nd-router-advert",
+ "proto": "icmpv6"
+ },
+ {
+ "dport": "nd-neighbor-solicit",
+ "proto": "icmpv6"
+ },
+ {
+ "dport": "nd-neighbor-advert",
+ "proto": "icmpv6"
+ }
+ ],
+ "desc": "IPv6 neighbor solicitation, neighbor and router advertisement"
+ },
+ "OSPF": {
+ "code": [
+ {
+ "proto": "89"
+ }
+ ],
+ "desc": "OSPF multicast traffic"
+ },
+ "OpenVPN": {
+ "code": [
+ {
+ "dport": "1194",
+ "proto": "udp"
+ }
+ ],
+ "desc": "OpenVPN traffic"
+ },
+ "PCA": {
+ "code": [
+ {
+ "dport": "5632",
+ "proto": "udp"
+ },
+ {
+ "dport": "5631",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Symantec PCAnywere (tm)"
+ },
+ "PMG": {
+ "code": [
+ {
+ "dport": "8006",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Proxmox Mail Gateway web interface"
+ },
+ "POP3": {
+ "code": [
+ {
+ "dport": "110",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "POP3 traffic"
+ },
+ "POP3S": {
+ "code": [
+ {
+ "dport": "995",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Encrypted POP3 traffic"
+ },
+ "PPtP": {
+ "code": [
+ {
+ "proto": "47"
+ },
+ {
+ "dport": "1723",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Point-to-Point Tunneling Protocol"
+ },
+ "Ping": {
+ "code": [
+ {
+ "dport": "echo-request",
+ "proto": "icmp"
+ }
+ ],
+ "desc": "ICMP echo request"
+ },
+ "PostgreSQL": {
+ "code": [
+ {
+ "dport": "5432",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "PostgreSQL server"
+ },
+ "Printer": {
+ "code": [
+ {
+ "dport": "515",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Line Printer protocol printing"
+ },
+ "RDP": {
+ "code": [
+ {
+ "dport": "3389",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft Remote Desktop Protocol traffic"
+ },
+ "RIP": {
+ "code": [
+ {
+ "dport": "520",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Routing Information Protocol (bidirectional)"
+ },
+ "RNDC": {
+ "code": [
+ {
+ "dport": "953",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "BIND remote management protocol"
+ },
+ "Razor": {
+ "code": [
+ {
+ "dport": "2703",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Razor Antispam System"
+ },
+ "Rdate": {
+ "code": [
+ {
+ "dport": "37",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Remote time retrieval (rdate)"
+ },
+ "Rsync": {
+ "code": [
+ {
+ "dport": "873",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Rsync server"
+ },
+ "SANE": {
+ "code": [
+ {
+ "dport": "6566",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "SANE network scanning"
+ },
+ "SMB": {
+ "code": [
+ {
+ "dport": "135,445",
+ "proto": "udp"
+ },
+ {
+ "dport": "137:139",
+ "proto": "udp"
+ },
+ {
+ "dport": "1024:65535",
+ "proto": "udp",
+ "sport": "137"
+ },
+ {
+ "dport": "135,139,445",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft SMB traffic"
+ },
+ "SMBswat": {
+ "code": [
+ {
+ "dport": "901",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Samba Web Administration Tool"
+ },
+ "SMTP": {
+ "code": [
+ {
+ "dport": "25",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Simple Mail Transfer Protocol"
+ },
+ "SMTPS": {
+ "code": [
+ {
+ "dport": "465",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Encrypted Simple Mail Transfer Protocol"
+ },
+ "SNMP": {
+ "code": [
+ {
+ "dport": "161:162",
+ "proto": "udp"
+ },
+ {
+ "dport": "161",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Simple Network Management Protocol"
+ },
+ "SPAMD": {
+ "code": [
+ {
+ "dport": "783",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Spam Assassin SPAMD traffic"
+ },
+ "SSH": {
+ "code": [
+ {
+ "dport": "22",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Secure shell traffic"
+ },
+ "SVN": {
+ "code": [
+ {
+ "dport": "3690",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Subversion server (svnserve)"
+ },
+ "SixXS": {
+ "code": [
+ {
+ "dport": "3874",
+ "proto": "tcp"
+ },
+ {
+ "dport": "3740",
+ "proto": "udp"
+ },
+ {
+ "proto": "41"
+ },
+ {
+ "dport": "5072,8374",
+ "proto": "udp"
+ }
+ ],
+ "desc": "SixXS IPv6 Deployment and Tunnel Broker"
+ },
+ "Squid": {
+ "code": [
+ {
+ "dport": "3128",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Squid web proxy traffic"
+ },
+ "Submission": {
+ "code": [
+ {
+ "dport": "587",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Mail message submission traffic"
+ },
+ "Syslog": {
+ "code": [
+ {
+ "dport": "514",
+ "proto": "udp"
+ },
+ {
+ "dport": "514",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Syslog protocol (RFC 5424) traffic"
+ },
+ "TFTP": {
+ "code": [
+ {
+ "dport": "69",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Trivial File Transfer Protocol traffic"
+ },
+ "Telnet": {
+ "code": [
+ {
+ "dport": "23",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Telnet traffic"
+ },
+ "Telnets": {
+ "code": [
+ {
+ "dport": "992",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Telnet over SSL"
+ },
+ "Time": {
+ "code": [
+ {
+ "dport": "37",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "RFC 868 Time protocol"
+ },
+ "Trcrt": {
+ "code": [
+ {
+ "dport": "33434:33524",
+ "proto": "udp"
+ },
+ {
+ "dport": "echo-request",
+ "proto": "icmp"
+ }
+ ],
+ "desc": "Traceroute (for up to 30 hops) traffic"
+ },
+ "VNC": {
+ "code": [
+ {
+ "dport": "5900:5999",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "VNC traffic for VNC display's 0 - 99"
+ },
+ "VNCL": {
+ "code": [
+ {
+ "dport": "5500",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "VNC traffic from Vncservers to Vncviewers in listen mode"
+ },
+ "Web": {
+ "code": [
+ {
+ "dport": "80",
+ "proto": "tcp"
+ },
+ {
+ "dport": "443",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "WWW traffic (HTTP and HTTPS)"
+ },
+ "Webcache": {
+ "code": [
+ {
+ "dport": "8080",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Web Cache/Proxy traffic (port 8080)"
+ },
+ "Webmin": {
+ "code": [
+ {
+ "dport": "10000",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Webmin traffic"
+ },
+ "Whois": {
+ "code": [
+ {
+ "dport": "43",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Whois (nicname, RFC 3912) traffic"
+ }
+}
diff --git a/proxmox-ve-config/src/firewall/fw_macros.rs b/proxmox-ve-config/src/firewall/fw_macros.rs
new file mode 100644
index 0000000..5fa8dab
--- /dev/null
+++ b/proxmox-ve-config/src/firewall/fw_macros.rs
@@ -0,0 +1,69 @@
+use std::collections::HashMap;
+
+use serde::Deserialize;
+use std::sync::OnceLock;
+
+use crate::firewall::types::rule_match::Protocol;
+
+use super::types::rule_match::RuleOptions;
+
+#[derive(Clone, Debug, Default, Deserialize)]
+struct FwMacroData {
+ #[serde(rename = "desc")]
+ pub description: &'static str,
+ pub code: Vec<RuleOptions>,
+}
+
+#[derive(Clone, Debug, Default)]
+pub struct FwMacro {
+ pub _description: &'static str,
+ pub code: Vec<Protocol>,
+}
+
+fn macros() -> &'static HashMap<String, FwMacro> {
+ const MACROS: &str = include_str!("../../resources/macros.json");
+ static HASHMAP: OnceLock<HashMap<String, FwMacro>> = OnceLock::new();
+
+ HASHMAP.get_or_init(|| {
+ let macro_data: HashMap<String, FwMacroData> = match serde_json::from_str(MACROS) {
+ Ok(m) => m,
+ Err(err) => {
+ log::error!("could not load data for macros: {err}");
+ HashMap::new()
+ }
+ };
+
+ let mut macros = HashMap::new();
+
+ 'outer: for (name, data) in macro_data {
+ let mut code = Vec::new();
+
+ for c in data.code {
+ match Protocol::from_options(&c) {
+ Ok(Some(p)) => code.push(p),
+ Ok(None) => {
+ continue 'outer;
+ }
+ Err(err) => {
+ log::error!("could not parse data for macro {name}: {err}");
+ continue 'outer;
+ }
+ }
+ }
+
+ macros.insert(
+ name,
+ FwMacro {
+ _description: data.description,
+ code,
+ },
+ );
+ }
+
+ macros
+ })
+}
+
+pub fn get_macro(name: &str) -> Option<&'static FwMacro> {
+ macros().get(name)
+}
diff --git a/proxmox-ve-config/src/firewall/mod.rs b/proxmox-ve-config/src/firewall/mod.rs
index afc3dcc..0f438ca 100644
--- a/proxmox-ve-config/src/firewall/mod.rs
+++ b/proxmox-ve-config/src/firewall/mod.rs
@@ -1,5 +1,6 @@
pub mod cluster;
pub mod common;
+pub mod fw_macros;
pub mod guest;
pub mod host;
pub mod ports;
--
2.39.2
next prev parent reply other threads:[~2024-04-02 17:17 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-02 17:15 [pve-devel] [RFC container/firewall/manager/proxmox-firewall/qemu-server 00/37] proxmox firewall nftables implementation Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 01/37] config: add proxmox-ve-config crate Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 02/37] config: firewall: add types for ip addresses Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 8:26 ` Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 03/37] config: firewall: add types for ports Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 04/37] config: firewall: add types for log level and rate limit Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 05/37] config: firewall: add types for aliases Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 06/37] config: host: add helpers for host network configuration Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 8:32 ` Stefan Hanreich
2024-04-09 14:20 ` Lukas Wagner
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 07/37] config: guest: add helpers for parsing guest network config Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 08/37] config: firewall: add types for ipsets Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 09/37] config: firewall: add types for rules Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 8:36 ` Stefan Hanreich
2024-04-09 14:55 ` Lukas Wagner
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 10/37] config: firewall: add types for security groups Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 11/37] config: firewall: add generic parser for firewall configs Stefan Hanreich
2024-04-03 10:47 ` Max Carrara
2024-04-09 8:38 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 12/37] config: firewall: add cluster-specific config + option types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 13/37] config: firewall: add host specific " Stefan Hanreich
2024-04-03 10:47 ` Max Carrara
2024-04-09 8:55 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 14/37] config: firewall: add guest-specific " Stefan Hanreich
2024-04-02 17:16 ` Stefan Hanreich [this message]
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 16/37] config: firewall: add conntrack helper types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 17/37] nftables: add crate for libnftables bindings Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 18/37] nftables: add helpers Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 19/37] nftables: expression: add types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 20/37] nftables: expression: implement conversion traits for firewall config Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 21/37] nftables: statement: add types Stefan Hanreich
2024-04-03 10:47 ` Max Carrara
2024-04-09 8:58 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 22/37] nftables: statement: add conversion traits for config types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 23/37] nftables: commands: add types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 24/37] nftables: types: add conversion traits Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 25/37] nftables: add libnftables bindings Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 26/37] firewall: add firewall crate Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 27/37] firewall: add base ruleset Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 28/37] firewall: add config loader Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 29/37] firewall: add rule generation logic Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 30/37] firewall: add object " Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 31/37] firewall: add ruleset " Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 32/37] firewall: add proxmox-firewall binary Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 33/37] firewall: add files for debian packaging Stefan Hanreich
2024-04-03 13:14 ` Fabian Grünbichler
2024-04-09 8:56 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH qemu-server 34/37] firewall: add handling for new nft firewall Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH pve-container 35/37] " Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH pve-firewall 36/37] add configuration option for new nftables firewall Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH pve-manager 37/37] firewall: expose " Stefan Hanreich
2024-04-02 20:47 ` [pve-devel] [RFC container/firewall/manager/proxmox-firewall/qemu-server 00/37] proxmox firewall nftables implementation Laurent GUERBY
2024-04-03 7:33 ` Stefan Hanreich
[not found] ` <mailman.56.1712124362.450.pve-devel@lists.proxmox.com>
2024-04-03 8:15 ` Stefan Hanreich
[not found] ` <mailman.77.1712145853.450.pve-devel@lists.proxmox.com>
2024-04-03 12:25 ` Stefan Hanreich
[not found] ` <mailman.78.1712149473.450.pve-devel@lists.proxmox.com>
2024-04-03 13:08 ` Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 9:21 ` Stefan Hanreich
[not found] ` <mailman.54.1712122640.450.pve-devel@lists.proxmox.com>
2024-04-03 7:52 ` Stefan Hanreich
2024-04-03 12:26 ` Stefan Hanreich
2024-04-10 10:25 ` Lukas Wagner
2024-04-11 5:21 ` Stefan Hanreich
2024-04-11 7:34 ` Thomas Lamprecht
2024-04-11 7:55 ` Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240402171629.536804-16-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.