From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 74CE11FF186 for ; Fri, 1 Aug 2025 18:23:17 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 317B91EB29; Fri, 1 Aug 2025 18:24:14 +0200 (CEST) Message-ID: <7d9ddaf4-d2f8-4953-b3e9-8a3f2d045e5f@proxmox.com> Date: Fri, 1 Aug 2025 18:24:11 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Beta To: "Max R. Carrara" , Proxmox VE development discussion References: <20250801154521.594077-1-m.carrara@proxmox.com> <20250801154521.594077-2-m.carrara@proxmox.com> <99a6c3dd-9d62-4586-b819-c7be7e084314@proxmox.com> Content-Language: en-US From: Thomas Lamprecht In-Reply-To: X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1754065437949 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.030 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [RFC pve-firewall v1 1/1] pve-firewall.service: update-alternatives to {ip, eb}tables-nft X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Am 01.08.25 um 18:07 schrieb Max R. Carrara: >> An implementation option might be using an node-local environment file >> sourced by the unit file, e.g. >> >> Environment="VARIANT=legacy" >> EnvironmentFile=-/var/lib/pve-firewall/tables-variant >> >> ExecStartPre=-/usr/bin/update-alternatives --set ebtables-${VARIANT} >> ... > That's a good idea actually! I'll see what I can do on Monday. And FWIW, we do not have to chase down this road, moving the whole update-alternatives into a dedicated script might be also an option, as could make us also re-use a node option or the like and have the implementation do some error checking before trying to execute anything. OTOH. if we can really default to the nft based ones in a next point release and drop support for switching in PVE 10 or so it might not be worth to do much extra work here for something that is rather short lived anyway; for me either option is fine (if it works naturally ^^), just wanted to avoid that you think this is the only acceptable way. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel