From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mgit@fragmentedpackets.net>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 04EBE7647D
 for <pve-devel@lists.proxmox.com>; Mon, 18 Oct 2021 22:22:18 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id E711325B84
 for <pve-devel@lists.proxmox.com>; Mon, 18 Oct 2021 22:21:47 +0200 (CEST)
Received: from luna.fragmentedpackets.net (luna.fragmentedpackets.net
 [IPv6:2001:4d48:4604:cafe::1337])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 85F4A25B7C
 for <pve-devel@lists.proxmox.com>; Mon, 18 Oct 2021 22:21:47 +0200 (CEST)
Received: from SHED-X.fragmentedpackets.net
 (cpc116982-telf14-2-0-cust426.16-1.cable.virginm.net [86.28.27.171])
 by luna.fragmentedpackets.net (Postfix) with ESMTPSA id 16CC041AC0;
 Mon, 18 Oct 2021 21:21:47 +0100 (BST)
From: Mark Yardley <mgit@fragmentedpackets.net>
To: pve-devel@lists.proxmox.com
Date: Mon, 18 Oct 2021 21:21:31 +0100
Message-Id: <20211018202132.4072-1-mgit@fragmentedpackets.net>
X-Mailer: git-send-email 2.33.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH firewall 0/1] fix #3677 ipset_get_chains fixed
 to work with new ipset output
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2021 20:22:18 -0000

As I reported in 3677, there has been a change to the output of ipset since the
update to bullseye and the introduction of ipset 7.

There are now additional items on each line which is causing the firewall to
stay in pending changes as the comparison to the applied rules never matches
despite being valid.

This patch ignores the additonal values and provides a valid line that can
be matched from the ipset output.

Mark Yardley (1):
  fix #3677 ipset_get_chains fixed to work with new ipset output

 src/PVE/Firewall.pm | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.33.0