From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 192EB1FF17A for ; Tue, 9 Dec 2025 11:20:50 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 34BB622720; Tue, 9 Dec 2025 11:21:27 +0100 (CET) Message-ID: <4c8947bb-ad86-45d8-8e0b-0424d5790f22@proxmox.com> Date: Tue, 9 Dec 2025 11:21:22 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Stefan Hanreich , Proxmox VE development discussion References: <20251201123424.94742-1-r.obkircher@proxmox.com> <61d8eb9c-2b58-4db2-a4ad-b0b85ec0cc00@proxmox.com> <8c636f5c-72e1-4486-aa58-f35c4f6adae2@proxmox.com> <9a96aa1e-5c19-4976-847a-3a9ce79f3ebf@proxmox.com> Content-Language: en-US, de-AT From: Robert Obkircher In-Reply-To: <9a96aa1e-5c19-4976-847a-3a9ce79f3ebf@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1765275677110 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.067 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, firewall.pm] Subject: Re: [pve-devel] [PATCH v1 pve-firewall] fix #7068: show rule comments in iptables output X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Ck9uIDEyLzUvMjUgMTQ6NTgsIFN0ZWZhbiBIYW5yZWljaCB3cm90ZToKPgo+IE9uIDEyLzUvMjUg MjowMiBQTSwgUm9iZXJ0IE9ia2lyY2hlciB3cm90ZToKPj4gT24gMTIvNS8yNSAxMjo1OCwgU3Rl ZmFuIEhhbnJlaWNoIHdyb3RlOgo+Pj4gVGVzdGVkIHRoaXMgaW4gYSBzaW1pbGFyIHZlaW4gYXMg dGhlIG5mdGFibGVzIG9uZToKPj4+ICogIm5vcm1hbCIgY29tbWVudHMKPj4+ICogY29tbWVudHMg dGhhdCBhcmUgdG9vIGxvbmcKPj4+ICogY29tbWVudHMgdGhhdCBhcmUgdG9vIGxvbmcgYW5kIGRv IG5vdCB0cnVuY2F0ZSBuaWNlbHkgYXQgdGhlIDI1NQo+Pj4gYm91bmRhcnkKPj4+ICogY29tbWVu dHMgaW4gc2VjdXJpdHkgZ3JvdXBzCj4+PiAqIGVtb2ppcyBpbiBjb21tZW50cwo+Pj4KPj4+IGFm YWljdCB0aGUgUFZFQ09NTUVOVDogcHJlZml4IGlzIG1lcmVseSB2aXN1YWw/IGl0IGRvZXNuJ3Qg c2VydmUgYW55Cj4+PiBmdW5jdGlvbmFsIHB1cnBvc2U/IEF0IGxlYXN0IGEgcXVpY2sgbW9ua2V5 LXBhdGNoIHJlbW92aW5nIGl0IGRpZG4ndAo+Pj4gYnJlYWsgYW55dGhpbmcgYW5kIGp1ZGdpbmcg ZnJvbSB0aGUgc291cmNlIGNvZGUgaXQgc2VlbXMgZmluZSBhcyB3ZWxsLgo+Pj4gSW1vIGl0IHdv dWxkIGJlIGZpbmUgdGhlbiB0byBjb21wbGV0ZWx5IG9taXQgaXQgdGhlbiAoZXZlbiBpbiB0aGUg Y2FzZQo+Pj4gd2hlcmUgcnVsZSBjb21tZW50cyBzdGFydCB3aXRoIFBWRVNJRykuCj4+IEkgdGhp bmsgdGhlIHBhcnNlciBpbiBpcHRhYmxlc19nZXRfY2hhaW5zIHdvdWxkIGF0IGxlYXN0IHRlbXBv cmFyaWx5IHNldAo+PiBhbiBpbnZhbGlkIHNpZ25hdHVyZSBvbiB0aGUgY2hhaW4gYW5kIG9ubHkg b3ZlcnJpZGUgaXQgbGF0ZXIgYmVjYXVzZSB0aGUKPj4gcmVhbCBQVkVTSUc6IHJ1bGUgaXMgYWx3 YXlzIHByZXNlbnQgYW5kIHByaW50ZWQgbGFzdC4gUmVseWluZyBvbiB0aGF0Cj4+IHNlZW1lZCBh IGJpdCBza2V0Y2h5Lgo+IERvIHlvdSBtZWFuIHRoZSAndW5rbm93bicgc2lnbmF0dXJlPyBTZWVt cyBsaWtlIHRoaXMgaGFwcGVucyBkdWUgdG8gdGhpcwo+IGxpbmUgaGVyZSBpbiB0aGUgcGFyc2Vy IGNhbGxiYWNrIFsxXS4gVGhlIG90aGVyIHJlZ2V4IG1hdGNoZXMgb25seQo+IGBQVkVTSUc6YCBj b21tZW50cyBhbnl3YXkuCj4KPiBJZiB3ZSByZW1vdmUgdGhlIHByZWZpeCwgYWRkaW5nIGEgY29t bWVudCB3aXRoIGEgYFBWRVNJRzpgIHByZWZpeCB3b3VsZAo+IGRvIHRoYXQsIEkgZ3Vlc3M/Cj4K PiBbMV0KPiBodHRwczovL2dpdC5wcm94bW94LmNvbS8/cD1wdmUtZmlyZXdhbGwuZ2l0O2E9Ymxv YjtmPXNyYy9QVkUvRmlyZXdhbGwucG07aD05M2Y4YzM0NDY2ZmQ2MWJjNjQ2NDM5Mjc1NTk3YWEy NGI4NzE4MDUzO2hiPUhFQUQjbDIwOTMKSSBtZWFudCB0aGF0IHdpdGhvdXQgYSBwcmVmaXggdGhl IG90aGVyIHJlZ2V4IHdvdWxkIG1hdGNoIHVzZXIgY29tbWVudHMgCmFzIHdlbGwuIEUuZyBpZiBJ IHJlbW92ZQoKLcKgIMKgICRjb21tZW50ID0gIlBWRUNPTU1FTlQ6JGNvbW1lbnQiOyAjIGF2b2lk IGFueSBjb25mdXNpb24gd2l0aCBQVkVTSUcgCmNvbW1lbnRzCgphbmQgYWRkOgoKIMKgIMKgIMKg IMKgIMKgfSBlbHNpZiAoJGxpbmUgPX4gCm0vXi1BXHMrKFxTKylccy4qLS1jb21tZW50XHMrXCJQ VkVTSUc6KFxTKylcIi8pIHsKIMKgIMKgIMKgIMKgIMKgIMKgIMKgbXkgKCRjaGFpbiwgJHNpZykg PSAoJDEsICQyKTsKIMKgIMKgIMKgIMKgIMKgIMKgIMKgcmV0dXJuIGlmICEmJGlzX3B2ZWZ3X2No YWluKCRjaGFpbik7CivCoCDCoCDCoCDCoCDCoCDCoCBwcmludCAiJGNoYWluIDo9ICRzaWcgXG4i OwogwqAgwqAgwqAgwqAgwqAgwqAgwqAkcmVzLT57JGNoYWlufSA9ICRzaWc7CgphIHJ1bGUgbGlr ZSAtQSBQVkVGVy1IT1NULUlOwqAgLWogUkVUVVJOIC1tIGNvbW1lbnQgLS1jb21tZW50IAoiUFZF U0lHOmFiYyIgYnJpZWZseSBzZXRzICRyZXMtPntjaGFpbn0gdG8gYWJjOgoKUFZFRlctSE9TVC1J TiA6PSBhYmMKUFZFRlctSE9TVC1JTiA6PSBLZVM2aGJRWHo0dEVIZW1RcWhKcU9xV0VXQkEKCgo+ Pj4gbWIgc29tZW9uZSB3aXRoIG1vcmUgZXhwZXJpZW5jZSB3aXRoIHBlcmwgYW5kIHV0Zi04IGNh biBjaGltZSBpbiBvbiB0aGUKPj4+IHRydW5jYXRpb24gbG9naWM/Cj4+Pgo+Pj4gVGVzdGVkLWJ5 OiBTdGVmYW4gSGFucmVpY2ggPHMuaGFucmVpY2hAcHJveG1veC5jb20+Cj4+Pgo+Pj4gT24gMTIv MS8yNSAxOjMzIFBNLCBSb2JlcnQgT2JraXJjaGVyIHdyb3RlOgo+Pj4+IFVzZSB0aGUgaXB0YWJs ZXMgY29tbWVudCBleHRlbnNpb24gdG8gaW5jbHVkZSBjb21tZW50cyBmcm9tIHRoZSBVSS4KPj4+ PiBQcmVmaXggdGhlbSB3aXRoICJQVkVDT01NRU5UOiIgdG8gYXZvaWQgaW50ZXJmZXJpbmcgd2l0 aCB0aGUgZXhpc3RpbmcKPj4+PiAiUFZFU0lHOiRzaWciIGNvbW1lbnRzLCB3aGljaCBhcmUgdXNl ZCB0byBzdG9yZSBzaWduYXR1cmVzIGZvciBjaGFuZ2UKPj4+PiBkZXRlY3Rpb24uCj4+Pj4KPj4+ PiBUaGUgdG90YWwgbGVuZ3RoIG9mIHRoZSAodW5lc2NhcGVkKSBjb21tZW50cyBpcyBsaW1pdGVk IHRvIDI1NSB1dGY4Cj4+Pj4gYnl0ZXMuIEFjY29yZGluZyB0byB0aGUgbWFuIHBhZ2UgaXQgY291 bGQgYmUgdXAgdG8gMjU2IGNoYXJhY3RlcnMsIGJ1dAo+Pj4+IHRoZSBhY3R1YWwgaW1wbGVtZW50 YXRpb24gc2VlbXMgdG8gemVybyB0ZXJtaW5hdGUgdGhlIGJ1ZmZlciBiZWZvcmUKPj4+PiBzYXZp bmcuIEZvciBleGFtcGxlLCB0aGUgZm9sbG93aW5nIGNvbW1hbmQgcHJvZHVjZXMgYSAyNTUgY2hh ciBjb21tZW50Cj4+Pj4gZW5kaW5nIGluICdhJzoKPj4+PiBpcHRhYmxlcyAtQSBQVkVGVy1IT1NU LUlOIC1tIGNvbW1lbnQgLS1jb21tZW50ICQocHl0aG9uMyAtYwo+Pj4+ICJwcmludCgnYWInKjI1 NikiKQo+Pj4+Cj4+Pj4gVW5saWtlIHRoZSBpcHRhYmxlcyBjb21tYW5kLCB0aGlzIHZlcnNpb24g dHJ1bmNhdGVzIHRvIHZhbGlkIHV0ZjguCj4+Pj4KPj4+PiBTaWduZWQtb2ZmLWJ5OiBSb2JlcnQg T2JraXJjaGVyIDxyLm9ia2lyY2hlckBwcm94bW94LmNvbT4KPj4+PiAtLS0KPj4+PiAgwqAgc3Jj L1BWRS9GaXJld2FsbC5wbSB8IDE3ICsrKysrKysrKysrKysrKystCj4+Pj4gIMKgIDEgZmlsZSBj aGFuZ2VkLCAxNiBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9uKC0pCj4+Pj4KPj4+PiBkaWZmIC0t Z2l0IGEvc3JjL1BWRS9GaXJld2FsbC5wbSBiL3NyYy9QVkUvRmlyZXdhbGwucG0KPj4+PiBpbmRl eCA5M2Y4YzM0Li42ODg4MjlhIDEwMDY0NAo+Pj4+IC0tLSBhL3NyYy9QVkUvRmlyZXdhbGwucG0K Pj4+PiArKysgYi9zcmMvUFZFL0ZpcmV3YWxsLnBtCj4+Pj4gQEAgLTIyNzEsNiArMjI3MSwyMCBA QCBzdWIgaXB0X2dlbl9zcmNfb3JfZHN0X21hdGNoIHsKPj4+PiAgwqDCoMKgwqDCoCByZXR1cm4g JG1hdGNoOwo+Pj4+ICDCoCB9Cj4+Pj4gIMKgICtzdWIgcHJpbnRfaXB0X2NvbW1lbnQgewo+Pj4+ ICvCoMKgwqAgbXkgKCRjb21tZW50KSA9IEBfOwo+Pj4+ICvCoMKgwqAgcmV0dXJuICIiIGlmICFk ZWZpbmVkKCRjb21tZW50KSB8fCAkY29tbWVudCBlcSAiIjsKPj4+PiArwqDCoMKgICRjb21tZW50 ID0gZW5jb2RlKCJ1dGY4IiwgJGNvbW1lbnQsIEVuY29kZTo6TEVBVkVfU1JDKTsKPj4+PiArwqDC oMKgICRjb21tZW50ID0gIlBWRUNPTU1FTlQ6JGNvbW1lbnQiOyAjIGF2b2lkIGFueSBjb25mdXNp b24gd2l0aAo+Pj4+IFBWRVNJRyBjb21tZW50cwo+Pj4+ICsKPj4+PiArwqDCoMKgICMgbWFuIGlw dGFibGVzLWV4dGVuc2lvbnMgc2F5cyAyNTYgY2hhcnMsIGJ1dCB0aGUgY29kZSBvbmx5Cj4+Pj4g c2F2ZXMgMjU1Cj4+Pj4gK8KgwqDCoCAkY29tbWVudCA9IHN1YnN0cigkY29tbWVudCwgMCwgMjU1 KTsKPj4+PiArwqDCoMKgICRjb21tZW50ID0gZW5jb2RlKCd1dGY4JywgZGVjb2RlKCd1dGY4Jywg JGNvbW1lbnQsCj4+Pj4gRW5jb2RlOjpGQl9RVUlFVCB8IEVuY29kZTo6TEVBVkVfU1JDKSk7Cj4+ Pj4gKwo+Pj4+ICvCoMKgwqAgJGNvbW1lbnQgPX4gcy9bXFwiJ10vXFwkMS9nOyAjIGVzY2FwZSBs b2dpYyBmcm9tCj4+Pj4geHRhYmxlc19zYXZlX3N0cmluZwo+IHNlZW1zIGxpa2UgdGhlcmUgaXMg c3RpbGwgYW4gaXNzdWUgaGVyZSAtIHNldHRpbmcgdGhlIGNvbW1lbnQgYCMjIyJgIEkKPiBnZXQg c2V2ZXJhbDoKPgo+IFVzZSBvZiB1bmluaXRpYWxpemVkIHZhbHVlICQxIGluIGNvbmNhdGVuYXRp b24gKC4pIG9yIHN0cmluZyBhdAo+IC91c3Ivc2hhcmUvcGVybDUvUFZFL0ZpcmV3YWxsLnBtIGxp bmUgMjI4NC4KPgo+IENhbiBiZSBlYXNpbHkgY2hlY2tlZCB2aWEgYHB2ZS1maXJld2FsbCBjb21w aWxlYC4KSSB0aGluayB0aGlzIGhhZCBub3RoaW5nIHRvIGRvIHdpdGggJyMnLCBJIGp1c3QgZm9y Z290IHRoZSBjYXB0dXJlIGdyb3VwIAppbiB0aGUgc3Vic3RpdHV0aW9uLgo+Cj4+Pj4gK8KgwqDC oCByZXR1cm4gIiAtbSBjb21tZW50IC0tY29tbWVudCBcIiRjb21tZW50XCIiOyAjIG5ldmVyIG9t aXQgcXVvdGVzCj4+Pj4gYmVjYXVzZSBvZiB0aGUgY29sb24KPj4+PiArfQo+Pj4+ICsKPj4+PiAg wqAgIyBjb252ZXJ0IGEgJXJ1bGUgdG8gYW4gYXJyYXkgb2YgaXB0YWJsZXMgY29tbWFuZHMKPj4+ PiAgwqAgc3ViIGlwdF9ydWxlX3RvX2NtZHMgewo+Pj4+ICDCoMKgwqDCoMKgIG15ICgkcnVsZSwg JGNoYWluLCAkaXB2ZXJzaW9uLCAkY2x1c3Rlcl9jb25mLCAkZndfY29uZiwgJHZtaWQpCj4+Pj4g PSBAXzsKPj4+PiBAQCAtMjM3NSw3ICsyMzg5LDggQEAgc3ViIGlwdF9ydWxlX3RvX2NtZHMgewo+ Pj4+ICDCoMKgwqDCoMKgwqDCoMKgwqAgbXkgJGxvZ2FjdGlvbiA9IGdldF9sb2dfcnVsZV9iYXNl KCRjaGFpbiwgJHZtaWQsICRydWxlLQo+Pj4+PiB7bG9nbXNnfSwgJGxvZ2xldmVsKTsKPj4+PiAg wqDCoMKgwqDCoMKgwqDCoMKgIHB1c2ggQGlwdGNtZHMsICItQSAkY2hhaW4gJG1hdGNoc3RyICRs b2dhY3Rpb24iOwo+Pj4+ICDCoMKgwqDCoMKgIH0KPj4+PiAtwqDCoMKgIHB1c2ggQGlwdGNtZHMs ICItQSAkY2hhaW4gJG1hdGNoc3RyICR0YXJnZXRzdHIiOwo+Pj4+ICvCoMKgwqAgbXkgJGNvbW1l bnQgPSBwcmludF9pcHRfY29tbWVudCgkcnVsZS0+e2NvbW1lbnR9KTsKPj4+PiArwqDCoMKgIHB1 c2ggQGlwdGNtZHMsICItQSAkY2hhaW4gJG1hdGNoc3RyICR0YXJnZXRzdHIkY29tbWVudCI7Cj4+ Pj4gIMKgwqDCoMKgwqAgcmV0dXJuIEBpcHRjbWRzOwo+Pj4+ICDCoCB9Cj4+Pj4gICAgCj4KCgpf X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpwdmUtZGV2ZWwg bWFpbGluZyBsaXN0CnB2ZS1kZXZlbEBsaXN0cy5wcm94bW94LmNvbQpodHRwczovL2xpc3RzLnBy b3htb3guY29tL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby9wdmUtZGV2ZWwK