From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id AB8861FF170 for ; Thu, 24 Jul 2025 17:08:05 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F196A3ED18; Thu, 24 Jul 2025 17:09:25 +0200 (CEST) Message-ID: <6aab2424-0db7-4be8-b612-1b22469422a7@proxmox.com> Date: Thu, 24 Jul 2025 17:09:22 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: pve-devel@lists.proxmox.com References: <20250527135800.190084-1-s.hanreich@proxmox.com> Content-Language: en-US From: Stefan Hanreich In-Reply-To: <20250527135800.190084-1-s.hanreich@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.703 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH docs/proxmox-firewall v2 0/4] migrate proxmox-firewall to proxmox-log + introduce subcommands X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" ping On 5/27/25 15:57, Stefan Hanreich wrote: > Since we now have proxmox-log as the standard crate for logging purposes, > migrate proxmox-firewall to the new logging crate. > > The old logging setup was also tied with the debugging mechanisms described in > the documentation. I used that opportunity to implement specific subcommands for > debugging proxmox-firewall, instead of just relying solely on the log output. > > The patch for changing to proxmox-log can be applied independently, but this > breaks the commands included in the documentation. That's why I decided to send > them as part of one patch series, because the change to proxmox-log prompted me > to implement the subcommands for debugging in the first place. > > I've also looked at implementing the status subcommand, but this would currently > require a bit more work. The JSON output generated by proxmox-firewall and the > JSON output from nftables differ, because nftables does some rule rewriting / > optimization under the hood, so they're not 1:1 comparable. I'll look into > adjusting the proxmox-firewall to emitting the already optimized JSON output, so > we can compare the nft output with the output generated by proxmox-firewall. > > Changes from v1: > * print USAGE on wrong subcommands > * add localnet subcommand > * rustfmt > > proxmox-firewall: > > Stefan Hanreich (3): > firewall: use proxmox_log > proxmox-firewall: add subcommands > proxmox-firewall: add localnet subcommand > > debian/control | 4 +- > debian/proxmox-firewall.service | 4 +- > proxmox-firewall/Cargo.toml | 5 +- > proxmox-firewall/src/bin/proxmox-firewall.rs | 135 +++++++++++++++---- > proxmox-firewall/src/config.rs | 2 + > proxmox-firewall/src/firewall.rs | 2 + > proxmox-firewall/src/object.rs | 2 + > proxmox-firewall/src/rule.rs | 2 + > 8 files changed, 120 insertions(+), 36 deletions(-) > > > pve-docs: > > Stefan Hanreich (1): > firewall: update 'useful commands' section with new subcommands > > pve-firewall.adoc | 38 ++++++++++++++++++++++++-------------- > 1 file changed, 24 insertions(+), 14 deletions(-) > > > Summary over all repositories: > 9 files changed, 144 insertions(+), 50 deletions(-) > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel