From: Lukas Sichert <l.sichert@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Lukas Sichert <l.sichert@proxmox.com>
Subject: [PATCH manager 3/3] fix #5066: reload networking: flush PROXMOX-SDN iptables chain at reload
Date: Fri, 5 Jun 2026 13:48:04 +0200 [thread overview]
Message-ID: <20260605114810.43030-4-l.sichert@proxmox.com> (raw)
In-Reply-To: <20260605114810.43030-1-l.sichert@proxmox.com>
With the addition of a separate PROXMOX-SDN iptable chain it is now
possible to flush this distinct chain, without affecting unreated
POSTROUTING rules set by the user.
Flush old rules by running 'iptables -t nat -F PROXMOX-SDN' at the end
of the reload_network_config API call, before executing 'ifreload -a'.
The reload then adds the currently valid rules again.
Signed-off-by: Lukas Sichert <l.sichert@proxmox.com>
---
.codex | 0
PVE/API2/Network.pm | 3 +++
2 files changed, 3 insertions(+)
create mode 100644 .codex
diff --git a/.codex b/.codex
new file mode 100644
index 00000000..e69de29b
diff --git a/PVE/API2/Network.pm b/PVE/API2/Network.pm
index c5863ca7..a8ec88a4 100644
--- a/PVE/API2/Network.pm
+++ b/PVE/API2/Network.pm
@@ -932,6 +932,9 @@ __PACKAGE__->register_method({
print "$2 : $line \n";
}
};
+ PVE::Tools::run_command(['iptables', '-t', 'nat', '-F', 'PROXMOX-SDN'], noerr => 1);
+ PVE::Tools::run_command(['ip6tables', '-t', 'nat', '-F', 'PROXMOX-SDN'],
+ noerr => 1);
PVE::Tools::run_command(['ifreload', '-a'], errfunc => $err);
if (defined($regenerate_frr)) {
--
2.47.3
prev parent reply other threads:[~2026-06-05 11:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-05 11:48 [RFC manager/network 0/3] fix #5066: make generated snat rules flushable Lukas Sichert
2026-06-05 11:48 ` [PATCH network 1/3] fix #5066: snat: push evpn snat rules into separate iptables chain Lukas Sichert
2026-06-05 11:48 ` [PATCH network 2/3] fix #5066: snat: push simplezone " Lukas Sichert
2026-06-05 11:48 ` Lukas Sichert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260605114810.43030-4-l.sichert@proxmox.com \
--to=l.sichert@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.