From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id B3B811FF3B7
	for <inbox@lore.proxmox.com>; Fri, 28 Jun 2024 15:47:00 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id C9746DD6;
	Fri, 28 Jun 2024 15:47:11 +0200 (CEST)
Date: Fri, 28 Jun 2024 15:46:36 +0200
From: Gabriel Goller <g.goller@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Message-ID: <20240628134636.2tw3tgfkvnbcni3h@luna.proxmox.com>
References: <20240626121550.292290-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20240626121550.292290-1-s.hanreich@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.057 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [RFC firewall/proxmox{-ve-rs, -firewall,
 -perl-rs} 00/21] autogenerate ipsets for sdn objects
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Already talked with Stefan offlist, but some major things I noted when
testing:
  * It would be cool to have the generated IPSets visible in the IPSet
    menu under Firewall (Datacenter). We could add a checkmark to hide
    them (as there can be quite many) and make them read-only.
  * Zones can be restricted to specific Nodes, but we generate the
    IPSets on every Node for all Zones. This means some IPSets are
    useless and we could avoid generating them in the first place.


Otherwise the IPSet generation works fine. The algorithm for generating
iptables ipset ranges also works perfectly!


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel