From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 237E01FF178 for ; Mon, 15 Dec 2025 16:09:06 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0E191FF95; Mon, 15 Dec 2025 16:09:46 +0100 (CET) From: Robert Obkircher To: pve-devel@lists.proxmox.com Date: Mon, 15 Dec 2025 16:08:46 +0100 Message-ID: <20251215150906.257151-3-r.obkircher@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251215150906.257151-1-r.obkircher@proxmox.com> References: <20251215150906.257151-1-r.obkircher@proxmox.com> MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1765811375943 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.063 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH pve-firewall 2/2] fix #7068: show rule comments in iptables output X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" VXNlIHRoZSBpcHRhYmxlcyBjb21tZW50IGV4dGVuc2lvbiB0byBpbmNsdWRlIGNvbW1lbnRzIGZy b20gdGhlIFVJLgpQcmVmaXggdGhlbSB3aXRoICJQVkU6IiB0byBhdm9pZCBpbnRlcmZlcmluZyB3 aXRoICJQVkVTSUc6JHNpZyIKY29tbWVudHMsIHdoaWNoIGFyZSB1c2VkIHRvIHN0b3JlIHNpZ25h dHVyZXMgZm9yIGNoYW5nZSBkZXRlY3Rpb24uCgpUaGUgdG90YWwgbGVuZ3RoIG9mIHRoZSAodW5l c2NhcGVkKSBjb21tZW50cyBpcyBsaW1pdGVkIHRvIDI1NSB1dGY4CmJ5dGVzLgoKU2lnbmVkLW9m Zi1ieTogUm9iZXJ0IE9ia2lyY2hlciA8ci5vYmtpcmNoZXJAcHJveG1veC5jb20+Ci0tLQogc3Jj L1BWRS9GaXJld2FsbC5wbSAgIHwgMjcgKysrKysrKysrKysrKy0KIHRlc3QvTWFrZWZpbGUgICAg ICAgICB8ICAxICsKIHRlc3QvdGVzdF9jb21tZW50cy5wbCB8IDg2ICsrKysrKysrKysrKysrKysr KysrKysrKysrKysrKysrKysrKysrKysrKysKIDMgZmlsZXMgY2hhbmdlZCwgMTEzIGluc2VydGlv bnMoKyksIDEgZGVsZXRpb24oLSkKIGNyZWF0ZSBtb2RlIDEwMDc1NSB0ZXN0L3Rlc3RfY29tbWVu dHMucGwKCmRpZmYgLS1naXQgYS9zcmMvUFZFL0ZpcmV3YWxsLnBtIGIvc3JjL1BWRS9GaXJld2Fs bC5wbQppbmRleCAwNjM4NGI0Li4yNTMzZTljIDEwMDY0NAotLS0gYS9zcmMvUFZFL0ZpcmV3YWxs LnBtCisrKyBiL3NyYy9QVkUvRmlyZXdhbGwucG0KQEAgLTIyNzgsNiArMjI3OCwyOSBAQCBzdWIg aXB0X2dlbl9zcmNfb3JfZHN0X21hdGNoIHsKICAgICByZXR1cm4gJG1hdGNoOwogfQogCitzdWIg cHJpbnRfaXB0X2NvbW1lbnQgeworICAgIG15ICgkY29tbWVudCkgPSBAXzsKKyAgICByZXR1cm4g IiIgaWYgIWRlZmluZWQoJGNvbW1lbnQpIHx8ICRjb21tZW50IGVxICIiOworICAgICRjb21tZW50 ID0gIlBWRTokY29tbWVudCI7ICMgRGlzYW1iaWd1YXRlIGZyb20gUFZFU0lHOiBjb21tZW50cwor CisgICAgIyBNaW1pYyBpcHRhYmxlcy1zYXZlIGFuZCBsaW1pdCB0aGUgbGVuZ3RoIHRvIDI1NSBi eXRlcy4gU2luY2UKKyAgICAjIGlwdGFibGVzLXJlc3RvcmUgc2VlbXMgdG8gYWNjZXB0IHVwIHRv IDEwMjMgKHVuZXNjYXBlZCkgYnl0ZXMKKyAgICAjIGl0IHdvdWxkbid0IGJlIGEgaHVnZSBwcm9i bGVtIGlmIHRoaXMgd2FzIGFjY2lkZW50YWxseQorICAgICMgcmUtZW5jb2RlZCB0byBhIGxvbmdl ciBsZW5ndGggbGF0ZXIuCisgICAgJGNvbW1lbnQgPSBlbmNvZGUoIlVURi04IiwgJGNvbW1lbnQs IEVuY29kZTo6RkJfV0FSTiB8IEVuY29kZTo6TEVBVkVfU1JDKTsKKyAgICAkY29tbWVudCA9IHN1 YnN0cigkY29tbWVudCwgMCwgMjU1KTsKKworICAgICMgQ2xlYW4gdXAgaW52YWxpZCBieXRlcyBh dCB0aGUgZW5kLgorICAgICRjb21tZW50ID0gZGVjb2RlKCJVVEYtOCIsICRjb21tZW50LCBFbmNv ZGU6OkZCX1FVSUVUIHwgRW5jb2RlOjpMRUFWRV9TUkMpOworCisgICAgIyBpcHRhYmxlc19jaGFp bl9kaWdlc3QgY2FuJ3QgcHJvY2VzcyB3aWRlIGNoYXJhY3RlcnMuCisgICAgJGNvbW1lbnQgPSBl bmNvZGUoIlVURi04IiwgJGNvbW1lbnQpOworCisgICAgIyBFc2NhcGUgbGlrZSB4dGFibGVzX3Nh dmVfc3RyaW5nLiBBbHdheXMgcXVvdGUgYmVjYXVzZSBvZiBjb2xvbi4KKyAgICAkY29tbWVudCA9 fiBzLyhbXFwiJ10pL1xcJDEvZzsKKyAgICByZXR1cm4gIiAtbSBjb21tZW50IC0tY29tbWVudCBc IiRjb21tZW50XCIiOworfQorCiAjIGNvbnZlcnQgYSAlcnVsZSB0byBhbiBhcnJheSBvZiBpcHRh YmxlcyBjb21tYW5kcwogc3ViIGlwdF9ydWxlX3RvX2NtZHMgewogICAgIG15ICgkcnVsZSwgJGNo YWluLCAkaXB2ZXJzaW9uLCAkY2x1c3Rlcl9jb25mLCAkZndfY29uZiwgJHZtaWQpID0gQF87CkBA IC0yMzgyLDcgKzI0MDUsOSBAQCBzdWIgaXB0X3J1bGVfdG9fY21kcyB7CiAgICAgICAgIG15ICRs b2dhY3Rpb24gPSBnZXRfbG9nX3J1bGVfYmFzZSgkY2hhaW4sICR2bWlkLCAkcnVsZS0+e2xvZ21z Z30sICRsb2dsZXZlbCk7CiAgICAgICAgIHB1c2ggQGlwdGNtZHMsICItQSAkY2hhaW4gJG1hdGNo c3RyICRsb2dhY3Rpb24iOwogICAgIH0KLSAgICBwdXNoIEBpcHRjbWRzLCAiLUEgJGNoYWluICRt YXRjaHN0ciAkdGFyZ2V0c3RyIjsKKyAgICBteSAkY29tbWVudCA9CisgICAgICAgICRmd19jb25m LT57b3B0aW9uc30tPntwcmVzZXJ2ZV9jb21tZW50c30gPyBwcmludF9pcHRfY29tbWVudCgkcnVs ZS0+e2NvbW1lbnR9KSA6ICIiOworICAgIHB1c2ggQGlwdGNtZHMsICItQSAkY2hhaW4gJG1hdGNo c3RyICR0YXJnZXRzdHIkY29tbWVudCI7CiAgICAgcmV0dXJuIEBpcHRjbWRzOwogfQogCmRpZmYg LS1naXQgYS90ZXN0L01ha2VmaWxlIGIvdGVzdC9NYWtlZmlsZQppbmRleCBmZWE5YzIxLi4zODgw YjU3IDEwMDY0NAotLS0gYS90ZXN0L01ha2VmaWxlCisrKyBiL3Rlc3QvTWFrZWZpbGUKQEAgLTQs NiArNCw3IEBAIGFsbDoKIC5QSE9OWTogY2hlY2sKIGNoZWNrOgogCS4vZnd0ZXN0ZXIucGwKKwku L3Rlc3RfY29tbWVudHMucGwKIAogLlBIT05ZOiBpbnN0YWxsCiBpbnN0YWxsOiBjaGVjawpkaWZm IC0tZ2l0IGEvdGVzdC90ZXN0X2NvbW1lbnRzLnBsIGIvdGVzdC90ZXN0X2NvbW1lbnRzLnBsCm5l dyBmaWxlIG1vZGUgMTAwNzU1CmluZGV4IDAwMDAwMDAuLjNmMWQwNjUKLS0tIC9kZXYvbnVsbAor KysgYi90ZXN0L3Rlc3RfY29tbWVudHMucGwKQEAgLTAsMCArMSw4NiBAQAorIyEvdXNyL2Jpbi9l bnYgcGVybAorCit1c2UgbGliICcuLi9zcmMnOworCit1c2Ugc3RyaWN0OwordXNlIHdhcm5pbmdz OworCit1c2UgdXRmODsKKwordXNlIEVuY29kZSBxdyhlbmNvZGUpOwordXNlIFRlc3Q6Ok1vcmU7 CisKK3VzZSBQVkU6OkZpcmV3YWxsOworCitkaWUgaWYgbGVuZ3RoKCfwn6aAJykgIT0gMTsKK2Rp ZSBpZiBsZW5ndGgoZW5jb2RlKCdVVEYtOCcsICfwn6aAJykpICE9IDQ7CisKK215ICR0ZXN0cyA9 IFsKKyAgICB7CisgICAgICAgIGRlc2MgPT4gJ2VtcHR5IGZvciBlbXB0eSB1bmRlZicsCisgICAg ICAgIHBhcmFtID0+IHVuZGVmLAorICAgICAgICBleHBlY3RlZCA9PiAnJywKKyAgICB9LAorICAg IHsKKyAgICAgICAgZGVzYyA9PiAnZW1wdHkgZm9yIGVtcHR5IHN0cmluZycsCisgICAgICAgIHBh cmFtID0+ICcnLAorICAgICAgICBleHBlY3RlZCA9PiAnJywKKyAgICB9LAorICAgIHsKKyAgICAg ICAgZGVzYyA9PiAnZXNjYXBlIHNpbmdsZS9kb3VibGUgcXVvdGUgYW5kIGJhY2tzbGFzaCcsCisg ICAgICAgIHBhcmFtID0+IHF7eCJ4XFx4J3ggZXNjYXBlICIiJydcXFxcIidcXH0sCisgICAgICAg IGV4cGVjdGVkID0+CisgICAgICAgICAgICBxeyAtbSBjb21tZW50IC0tY29tbWVudCAiUFZFOnhc XCJ4XFxcXHhcXCd4IGVzY2FwZSBcXCJcXCJcXCdcXCdcXFxcXFxcXFxcIlxcJ1xcXFwifSwKKyAg ICB9LAorICAgIHsKKyAgICAgICAgZGVzYyA9PiAnb3RoZXIgc3BlY2lhbCBjaGFyYWN0ZXJzJywK KyAgICAgICAgcGFyYW0gPT4gcXtAJCMnXFwi8J+mgFxcdD0oCSl9LAorICAgICAgICBleHBlY3Rl ZCA9PiBxeyAtbSBjb21tZW50IC0tY29tbWVudCAiUFZFOkAkI1xcJ1xcXFxcXCLwn6aAXFxcXHQ9 KAkpIn0sCisgICAgfSwKKyAgICB7CisgICAgICAgIGRlc2MgPT4gJ3ByZXZlbnQgY29uZmxpY3Qg d2l0aCBzaWduYXR1cmUgcHJlZml4JywKKyAgICAgICAgcGFyYW0gPT4gJ1BWRVNJRzphYmMnLAor ICAgICAgICBleHBlY3RlZCA9PiAnIC1tIGNvbW1lbnQgLS1jb21tZW50ICJQVkU6UFZFU0lHOmFi YyInLAorICAgIH0sCisgICAgeworICAgICAgICBkZXNjID0+ICd0cnVuY2F0ZSBhc2NpaScsCisg ICAgICAgIHBhcmFtID0+ICdhJyB4IDMwMCwKKyAgICAgICAgZXhwZWN0ZWQgPT4gJyAtbSBjb21t ZW50IC0tY29tbWVudCAiUFZFOicgLiAoJ2EnIHggMjUxKSAuICciJywKKyAgICB9LAorICAgIHsK KyAgICAgICAgZGVzYyA9PiAndHJ1bmNhdGUgMC80IGVtb2ppIGJ5dGVzJywKKyAgICAgICAgcGFy YW0gPT4gKCdhJyB4IDI0NykgLiAn8J+mgCcsCisgICAgICAgIGV4cGVjdGVkID0+ICcgLW0gY29t bWVudCAtLWNvbW1lbnQgIlBWRTonIC4gKCdhJyB4IDI0NykgLiAn8J+mgCInLAorICAgIH0sCisg ICAgeworICAgICAgICBkZXNjID0+ICd0cnVuY2F0ZSAxLzQgZW1vamkgYnl0ZXMnLAorICAgICAg ICBwYXJhbSA9PiAoJ2EnIHggMjQ4KSAuICfwn6aAJywKKyAgICAgICAgZXhwZWN0ZWQgPT4gJyAt bSBjb21tZW50IC0tY29tbWVudCAiUFZFOicgLiAoJ2EnIHggMjQ4KSAuICciJywKKyAgICB9LAor ICAgIHsKKyAgICAgICAgZGVzYyA9PiAndHJ1bmNhdGUgMi80IGVtb2ppIGJ5dGVzJywKKyAgICAg ICAgcGFyYW0gPT4gKCdhJyB4IDI0OSkgLiAn8J+mgCcsCisgICAgICAgIGV4cGVjdGVkID0+ICcg LW0gY29tbWVudCAtLWNvbW1lbnQgIlBWRTonIC4gKCdhJyB4IDI0OSkgLiAnIicsCisgICAgfSwK KyAgICB7CisgICAgICAgIGRlc2MgPT4gJ3RydW5jYXRlIDMvNCBlbW9qaSBieXRlcycsCisgICAg ICAgIHBhcmFtID0+ICgnYScgeCAyNTApIC4gJ/CfpoAnLAorICAgICAgICBleHBlY3RlZCA9PiAn IC1tIGNvbW1lbnQgLS1jb21tZW50ICJQVkU6JyAuICgnYScgeCAyNTApIC4gJyInLAorICAgIH0s CisgICAgeworICAgICAgICBkZXNjID0+ICd0cnVuY2F0ZSA0LzQgZW1vamkgYnl0ZXMnLAorICAg ICAgICBwYXJhbSA9PiAoJ2EnIHggMjUxKSAuICfwn6aAJywKKyAgICAgICAgZXhwZWN0ZWQgPT4g JyAtbSBjb21tZW50IC0tY29tbWVudCAiUFZFOicgLiAoJ2EnIHggMjUxKSAuICciJywKKyAgICB9 LAorXTsKKworcGxhbih0ZXN0cyA9PiBzY2FsYXIoJHRlc3RzLT5AKikpOworCitmb3IgbXkgJGNh c2UgKCR0ZXN0cy0+QCopIHsKKyAgICBteSAkcmVzdWx0ID0gUFZFOjpGaXJld2FsbDo6cHJpbnRf aXB0X2NvbW1lbnQoJGNhc2UtPntwYXJhbX0pOworCisgICAgbXkgJGV4cGVjdGVkID0gZW5jb2Rl KCdVVEYtOCcsICRjYXNlLT57ZXhwZWN0ZWR9KTsKKyAgICBpcygkcmVzdWx0LCAkZXhwZWN0ZWQs ICRjYXNlLT57ZGVzY30pOworfQorCitkb25lX3Rlc3RpbmcoKTsKLS0gCjIuNDcuMwoKCgpfX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpwdmUtZGV2ZWwgbWFp bGluZyBsaXN0CnB2ZS1kZXZlbEBsaXN0cy5wcm94bW94LmNvbQpodHRwczovL2xpc3RzLnByb3ht b3guY29tL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9wdmUtZGV2ZWwK