From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Stefan Hanreich <s.hanreich@proxmox.com>,
Wolfgang Bumiller <w.bumiller@proxmox.com>
Subject: [pve-devel] [PATCH proxmox-firewall 15/37] config: firewall: add firewall macros
Date: Tue, 2 Apr 2024 19:16:07 +0200 [thread overview]
Message-ID: <20240402171629.536804-16-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20240402171629.536804-1-s.hanreich@proxmox.com>
Co-authored-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
proxmox-ve-config/resources/macros.json | 896 ++++++++++++++++++++
proxmox-ve-config/src/firewall/fw_macros.rs | 69 ++
proxmox-ve-config/src/firewall/mod.rs | 1 +
3 files changed, 966 insertions(+)
create mode 100644 proxmox-ve-config/resources/macros.json
create mode 100644 proxmox-ve-config/src/firewall/fw_macros.rs
diff --git a/proxmox-ve-config/resources/macros.json b/proxmox-ve-config/resources/macros.json
new file mode 100644
index 0000000..666bcbf
--- /dev/null
+++ b/proxmox-ve-config/resources/macros.json
@@ -0,0 +1,896 @@
+{
+ "Amanda": {
+ "code": [
+ {
+ "dport": "10080",
+ "proto": "udp"
+ },
+ {
+ "dport": "10080",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Amanda Backup"
+ },
+ "Auth": {
+ "code": [
+ {
+ "dport": "113",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Auth (identd) traffic"
+ },
+ "BGP": {
+ "code": [
+ {
+ "dport": "179",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Border Gateway Protocol traffic"
+ },
+ "BitTorrent": {
+ "code": [
+ {
+ "dport": "6881:6889",
+ "proto": "tcp"
+ },
+ {
+ "dport": "6881",
+ "proto": "udp"
+ }
+ ],
+ "desc": "BitTorrent traffic for BitTorrent 3.1 and earlier"
+ },
+ "BitTorrent32": {
+ "code": [
+ {
+ "dport": "6881:6999",
+ "proto": "tcp"
+ },
+ {
+ "dport": "6881",
+ "proto": "udp"
+ }
+ ],
+ "desc": "BitTorrent traffic for BitTorrent 3.2 and later"
+ },
+ "CVS": {
+ "code": [
+ {
+ "dport": "2401",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Concurrent Versions System pserver traffic"
+ },
+ "Ceph": {
+ "code": [
+ {
+ "dport": "6789",
+ "proto": "tcp"
+ },
+ {
+ "dport": "3300",
+ "proto": "tcp"
+ },
+ {
+ "dport": "6800:7300",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Ceph Storage Cluster traffic (Ceph Monitors, OSD & MDS Daemons)"
+ },
+ "Citrix": {
+ "code": [
+ {
+ "dport": "1494",
+ "proto": "tcp"
+ },
+ {
+ "dport": "1604",
+ "proto": "udp"
+ },
+ {
+ "dport": "2598",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Citrix/ICA traffic (ICA, ICA Browser, CGP)"
+ },
+ "DAAP": {
+ "code": [
+ {
+ "dport": "3689",
+ "proto": "tcp"
+ },
+ {
+ "dport": "3689",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Digital Audio Access Protocol traffic (iTunes, Rythmbox daemons)"
+ },
+ "DCC": {
+ "code": [
+ {
+ "dport": "6277",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Distributed Checksum Clearinghouse spam filtering mechanism"
+ },
+ "DHCPfwd": {
+ "code": [
+ {
+ "dport": "67:68",
+ "proto": "udp",
+ "sport": "67:68"
+ }
+ ],
+ "desc": "Forwarded DHCP traffic"
+ },
+ "DHCPv6": {
+ "code": [
+ {
+ "dport": "546:547",
+ "proto": "udp",
+ "sport": "546:547"
+ }
+ ],
+ "desc": "DHCPv6 traffic"
+ },
+ "DNS": {
+ "code": [
+ {
+ "dport": "53",
+ "proto": "udp"
+ },
+ {
+ "dport": "53",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Domain Name System traffic (upd and tcp)"
+ },
+ "Distcc": {
+ "code": [
+ {
+ "dport": "3632",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Distributed Compiler service"
+ },
+ "FTP": {
+ "code": [
+ {
+ "dport": "21",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "File Transfer Protocol"
+ },
+ "Finger": {
+ "code": [
+ {
+ "dport": "79",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Finger protocol (RFC 742)"
+ },
+ "GNUnet": {
+ "code": [
+ {
+ "dport": "2086",
+ "proto": "tcp"
+ },
+ {
+ "dport": "2086",
+ "proto": "udp"
+ },
+ {
+ "dport": "1080",
+ "proto": "tcp"
+ },
+ {
+ "dport": "1080",
+ "proto": "udp"
+ }
+ ],
+ "desc": "GNUnet secure peer-to-peer networking traffic"
+ },
+ "GRE": {
+ "code": [
+ {
+ "proto": "47"
+ }
+ ],
+ "desc": "Generic Routing Encapsulation tunneling protocol"
+ },
+ "Git": {
+ "code": [
+ {
+ "dport": "9418",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Git distributed revision control traffic"
+ },
+ "HKP": {
+ "code": [
+ {
+ "dport": "11371",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "OpenPGP HTTP key server protocol traffic"
+ },
+ "HTTP": {
+ "code": [
+ {
+ "dport": "80",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Hypertext Transfer Protocol (WWW)"
+ },
+ "HTTPS": {
+ "code": [
+ {
+ "dport": "443",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Hypertext Transfer Protocol (WWW) over SSL"
+ },
+ "ICPV2": {
+ "code": [
+ {
+ "dport": "3130",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Internet Cache Protocol V2 (Squid) traffic"
+ },
+ "ICQ": {
+ "code": [
+ {
+ "dport": "5190",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "AOL Instant Messenger traffic"
+ },
+ "IMAP": {
+ "code": [
+ {
+ "dport": "143",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Internet Message Access Protocol"
+ },
+ "IMAPS": {
+ "code": [
+ {
+ "dport": "993",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Internet Message Access Protocol over SSL"
+ },
+ "IPIP": {
+ "code": [
+ {
+ "proto": "94"
+ }
+ ],
+ "desc": "IPIP capsulation traffic"
+ },
+ "IPsec": {
+ "code": [
+ {
+ "dport": "500",
+ "proto": "udp",
+ "sport": "500"
+ },
+ {
+ "proto": "50"
+ }
+ ],
+ "desc": "IPsec traffic"
+ },
+ "IPsecah": {
+ "code": [
+ {
+ "dport": "500",
+ "proto": "udp",
+ "sport": "500"
+ },
+ {
+ "proto": "51"
+ }
+ ],
+ "desc": "IPsec authentication (AH) traffic"
+ },
+ "IPsecnat": {
+ "code": [
+ {
+ "dport": "500",
+ "proto": "udp"
+ },
+ {
+ "dport": "4500",
+ "proto": "udp"
+ },
+ {
+ "proto": "50"
+ }
+ ],
+ "desc": "IPsec traffic and Nat-Traversal"
+ },
+ "IRC": {
+ "code": [
+ {
+ "dport": "6667",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Internet Relay Chat traffic"
+ },
+ "Jetdirect": {
+ "code": [
+ {
+ "dport": "9100",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "HP Jetdirect printing"
+ },
+ "L2TP": {
+ "code": [
+ {
+ "dport": "1701",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Layer 2 Tunneling Protocol traffic"
+ },
+ "LDAP": {
+ "code": [
+ {
+ "dport": "389",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Lightweight Directory Access Protocol traffic"
+ },
+ "LDAPS": {
+ "code": [
+ {
+ "dport": "636",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Secure Lightweight Directory Access Protocol traffic"
+ },
+ "MDNS": {
+ "code": [
+ {
+ "dport": "5353",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Multicast DNS"
+ },
+ "MSNP": {
+ "code": [
+ {
+ "dport": "1863",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft Notification Protocol"
+ },
+ "MSSQL": {
+ "code": [
+ {
+ "dport": "1433",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft SQL Server"
+ },
+ "Mail": {
+ "code": [
+ {
+ "dport": "25",
+ "proto": "tcp"
+ },
+ {
+ "dport": "465",
+ "proto": "tcp"
+ },
+ {
+ "dport": "587",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Mail traffic (SMTP, SMTPS, Submission)"
+ },
+ "Munin": {
+ "code": [
+ {
+ "dport": "4949",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Munin networked resource monitoring traffic"
+ },
+ "MySQL": {
+ "code": [
+ {
+ "dport": "3306",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "MySQL server"
+ },
+ "NNTP": {
+ "code": [
+ {
+ "dport": "119",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "NNTP traffic (Usenet)."
+ },
+ "NNTPS": {
+ "code": [
+ {
+ "dport": "563",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Encrypted NNTP traffic (Usenet)"
+ },
+ "NTP": {
+ "code": [
+ {
+ "dport": "123",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Network Time Protocol (ntpd)"
+ },
+ "NeighborDiscovery": {
+ "code": [
+ {
+ "dport": "nd-router-solicit",
+ "proto": "icmpv6"
+ },
+ {
+ "dport": "nd-router-advert",
+ "proto": "icmpv6"
+ },
+ {
+ "dport": "nd-neighbor-solicit",
+ "proto": "icmpv6"
+ },
+ {
+ "dport": "nd-neighbor-advert",
+ "proto": "icmpv6"
+ }
+ ],
+ "desc": "IPv6 neighbor solicitation, neighbor and router advertisement"
+ },
+ "OSPF": {
+ "code": [
+ {
+ "proto": "89"
+ }
+ ],
+ "desc": "OSPF multicast traffic"
+ },
+ "OpenVPN": {
+ "code": [
+ {
+ "dport": "1194",
+ "proto": "udp"
+ }
+ ],
+ "desc": "OpenVPN traffic"
+ },
+ "PCA": {
+ "code": [
+ {
+ "dport": "5632",
+ "proto": "udp"
+ },
+ {
+ "dport": "5631",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Symantec PCAnywere (tm)"
+ },
+ "PMG": {
+ "code": [
+ {
+ "dport": "8006",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Proxmox Mail Gateway web interface"
+ },
+ "POP3": {
+ "code": [
+ {
+ "dport": "110",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "POP3 traffic"
+ },
+ "POP3S": {
+ "code": [
+ {
+ "dport": "995",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Encrypted POP3 traffic"
+ },
+ "PPtP": {
+ "code": [
+ {
+ "proto": "47"
+ },
+ {
+ "dport": "1723",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Point-to-Point Tunneling Protocol"
+ },
+ "Ping": {
+ "code": [
+ {
+ "dport": "echo-request",
+ "proto": "icmp"
+ }
+ ],
+ "desc": "ICMP echo request"
+ },
+ "PostgreSQL": {
+ "code": [
+ {
+ "dport": "5432",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "PostgreSQL server"
+ },
+ "Printer": {
+ "code": [
+ {
+ "dport": "515",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Line Printer protocol printing"
+ },
+ "RDP": {
+ "code": [
+ {
+ "dport": "3389",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft Remote Desktop Protocol traffic"
+ },
+ "RIP": {
+ "code": [
+ {
+ "dport": "520",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Routing Information Protocol (bidirectional)"
+ },
+ "RNDC": {
+ "code": [
+ {
+ "dport": "953",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "BIND remote management protocol"
+ },
+ "Razor": {
+ "code": [
+ {
+ "dport": "2703",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Razor Antispam System"
+ },
+ "Rdate": {
+ "code": [
+ {
+ "dport": "37",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Remote time retrieval (rdate)"
+ },
+ "Rsync": {
+ "code": [
+ {
+ "dport": "873",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Rsync server"
+ },
+ "SANE": {
+ "code": [
+ {
+ "dport": "6566",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "SANE network scanning"
+ },
+ "SMB": {
+ "code": [
+ {
+ "dport": "135,445",
+ "proto": "udp"
+ },
+ {
+ "dport": "137:139",
+ "proto": "udp"
+ },
+ {
+ "dport": "1024:65535",
+ "proto": "udp",
+ "sport": "137"
+ },
+ {
+ "dport": "135,139,445",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Microsoft SMB traffic"
+ },
+ "SMBswat": {
+ "code": [
+ {
+ "dport": "901",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Samba Web Administration Tool"
+ },
+ "SMTP": {
+ "code": [
+ {
+ "dport": "25",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Simple Mail Transfer Protocol"
+ },
+ "SMTPS": {
+ "code": [
+ {
+ "dport": "465",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Encrypted Simple Mail Transfer Protocol"
+ },
+ "SNMP": {
+ "code": [
+ {
+ "dport": "161:162",
+ "proto": "udp"
+ },
+ {
+ "dport": "161",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Simple Network Management Protocol"
+ },
+ "SPAMD": {
+ "code": [
+ {
+ "dport": "783",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Spam Assassin SPAMD traffic"
+ },
+ "SSH": {
+ "code": [
+ {
+ "dport": "22",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Secure shell traffic"
+ },
+ "SVN": {
+ "code": [
+ {
+ "dport": "3690",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Subversion server (svnserve)"
+ },
+ "SixXS": {
+ "code": [
+ {
+ "dport": "3874",
+ "proto": "tcp"
+ },
+ {
+ "dport": "3740",
+ "proto": "udp"
+ },
+ {
+ "proto": "41"
+ },
+ {
+ "dport": "5072,8374",
+ "proto": "udp"
+ }
+ ],
+ "desc": "SixXS IPv6 Deployment and Tunnel Broker"
+ },
+ "Squid": {
+ "code": [
+ {
+ "dport": "3128",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Squid web proxy traffic"
+ },
+ "Submission": {
+ "code": [
+ {
+ "dport": "587",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Mail message submission traffic"
+ },
+ "Syslog": {
+ "code": [
+ {
+ "dport": "514",
+ "proto": "udp"
+ },
+ {
+ "dport": "514",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Syslog protocol (RFC 5424) traffic"
+ },
+ "TFTP": {
+ "code": [
+ {
+ "dport": "69",
+ "proto": "udp"
+ }
+ ],
+ "desc": "Trivial File Transfer Protocol traffic"
+ },
+ "Telnet": {
+ "code": [
+ {
+ "dport": "23",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Telnet traffic"
+ },
+ "Telnets": {
+ "code": [
+ {
+ "dport": "992",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Telnet over SSL"
+ },
+ "Time": {
+ "code": [
+ {
+ "dport": "37",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "RFC 868 Time protocol"
+ },
+ "Trcrt": {
+ "code": [
+ {
+ "dport": "33434:33524",
+ "proto": "udp"
+ },
+ {
+ "dport": "echo-request",
+ "proto": "icmp"
+ }
+ ],
+ "desc": "Traceroute (for up to 30 hops) traffic"
+ },
+ "VNC": {
+ "code": [
+ {
+ "dport": "5900:5999",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "VNC traffic for VNC display's 0 - 99"
+ },
+ "VNCL": {
+ "code": [
+ {
+ "dport": "5500",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "VNC traffic from Vncservers to Vncviewers in listen mode"
+ },
+ "Web": {
+ "code": [
+ {
+ "dport": "80",
+ "proto": "tcp"
+ },
+ {
+ "dport": "443",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "WWW traffic (HTTP and HTTPS)"
+ },
+ "Webcache": {
+ "code": [
+ {
+ "dport": "8080",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Web Cache/Proxy traffic (port 8080)"
+ },
+ "Webmin": {
+ "code": [
+ {
+ "dport": "10000",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Webmin traffic"
+ },
+ "Whois": {
+ "code": [
+ {
+ "dport": "43",
+ "proto": "tcp"
+ }
+ ],
+ "desc": "Whois (nicname, RFC 3912) traffic"
+ }
+}
diff --git a/proxmox-ve-config/src/firewall/fw_macros.rs b/proxmox-ve-config/src/firewall/fw_macros.rs
new file mode 100644
index 0000000..5fa8dab
--- /dev/null
+++ b/proxmox-ve-config/src/firewall/fw_macros.rs
@@ -0,0 +1,69 @@
+use std::collections::HashMap;
+
+use serde::Deserialize;
+use std::sync::OnceLock;
+
+use crate::firewall::types::rule_match::Protocol;
+
+use super::types::rule_match::RuleOptions;
+
+#[derive(Clone, Debug, Default, Deserialize)]
+struct FwMacroData {
+ #[serde(rename = "desc")]
+ pub description: &'static str,
+ pub code: Vec<RuleOptions>,
+}
+
+#[derive(Clone, Debug, Default)]
+pub struct FwMacro {
+ pub _description: &'static str,
+ pub code: Vec<Protocol>,
+}
+
+fn macros() -> &'static HashMap<String, FwMacro> {
+ const MACROS: &str = include_str!("../../resources/macros.json");
+ static HASHMAP: OnceLock<HashMap<String, FwMacro>> = OnceLock::new();
+
+ HASHMAP.get_or_init(|| {
+ let macro_data: HashMap<String, FwMacroData> = match serde_json::from_str(MACROS) {
+ Ok(m) => m,
+ Err(err) => {
+ log::error!("could not load data for macros: {err}");
+ HashMap::new()
+ }
+ };
+
+ let mut macros = HashMap::new();
+
+ 'outer: for (name, data) in macro_data {
+ let mut code = Vec::new();
+
+ for c in data.code {
+ match Protocol::from_options(&c) {
+ Ok(Some(p)) => code.push(p),
+ Ok(None) => {
+ continue 'outer;
+ }
+ Err(err) => {
+ log::error!("could not parse data for macro {name}: {err}");
+ continue 'outer;
+ }
+ }
+ }
+
+ macros.insert(
+ name,
+ FwMacro {
+ _description: data.description,
+ code,
+ },
+ );
+ }
+
+ macros
+ })
+}
+
+pub fn get_macro(name: &str) -> Option<&'static FwMacro> {
+ macros().get(name)
+}
diff --git a/proxmox-ve-config/src/firewall/mod.rs b/proxmox-ve-config/src/firewall/mod.rs
index afc3dcc..0f438ca 100644
--- a/proxmox-ve-config/src/firewall/mod.rs
+++ b/proxmox-ve-config/src/firewall/mod.rs
@@ -1,5 +1,6 @@
pub mod cluster;
pub mod common;
+pub mod fw_macros;
pub mod guest;
pub mod host;
pub mod ports;
--
2.39.2
next prev parent reply other threads:[~2024-04-02 17:17 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-02 17:15 [pve-devel] [RFC container/firewall/manager/proxmox-firewall/qemu-server 00/37] proxmox firewall nftables implementation Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 01/37] config: add proxmox-ve-config crate Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 02/37] config: firewall: add types for ip addresses Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 8:26 ` Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 03/37] config: firewall: add types for ports Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 04/37] config: firewall: add types for log level and rate limit Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 05/37] config: firewall: add types for aliases Stefan Hanreich
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 06/37] config: host: add helpers for host network configuration Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 8:32 ` Stefan Hanreich
2024-04-09 14:20 ` Lukas Wagner
2024-04-02 17:15 ` [pve-devel] [PATCH proxmox-firewall 07/37] config: guest: add helpers for parsing guest network config Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 08/37] config: firewall: add types for ipsets Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 09/37] config: firewall: add types for rules Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 8:36 ` Stefan Hanreich
2024-04-09 14:55 ` Lukas Wagner
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 10/37] config: firewall: add types for security groups Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 11/37] config: firewall: add generic parser for firewall configs Stefan Hanreich
2024-04-03 10:47 ` Max Carrara
2024-04-09 8:38 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 12/37] config: firewall: add cluster-specific config + option types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 13/37] config: firewall: add host specific " Stefan Hanreich
2024-04-03 10:47 ` Max Carrara
2024-04-09 8:55 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 14/37] config: firewall: add guest-specific " Stefan Hanreich
2024-04-02 17:16 ` Stefan Hanreich [this message]
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 16/37] config: firewall: add conntrack helper types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 17/37] nftables: add crate for libnftables bindings Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 18/37] nftables: add helpers Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 19/37] nftables: expression: add types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 20/37] nftables: expression: implement conversion traits for firewall config Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 21/37] nftables: statement: add types Stefan Hanreich
2024-04-03 10:47 ` Max Carrara
2024-04-09 8:58 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 22/37] nftables: statement: add conversion traits for config types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 23/37] nftables: commands: add types Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 24/37] nftables: types: add conversion traits Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 25/37] nftables: add libnftables bindings Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 26/37] firewall: add firewall crate Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 27/37] firewall: add base ruleset Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 28/37] firewall: add config loader Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 29/37] firewall: add rule generation logic Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 30/37] firewall: add object " Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 31/37] firewall: add ruleset " Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 32/37] firewall: add proxmox-firewall binary Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH proxmox-firewall 33/37] firewall: add files for debian packaging Stefan Hanreich
2024-04-03 13:14 ` Fabian Grünbichler
2024-04-09 8:56 ` Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH qemu-server 34/37] firewall: add handling for new nft firewall Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH pve-container 35/37] " Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH pve-firewall 36/37] add configuration option for new nftables firewall Stefan Hanreich
2024-04-02 17:16 ` [pve-devel] [PATCH pve-manager 37/37] firewall: expose " Stefan Hanreich
2024-04-02 20:47 ` [pve-devel] [RFC container/firewall/manager/proxmox-firewall/qemu-server 00/37] proxmox firewall nftables implementation Laurent GUERBY
2024-04-03 7:33 ` Stefan Hanreich
[not found] ` <mailman.54.1712122640.450.pve-devel@lists.proxmox.com>
2024-04-03 7:52 ` Stefan Hanreich
2024-04-03 12:26 ` Stefan Hanreich
[not found] ` <mailman.56.1712124362.450.pve-devel@lists.proxmox.com>
2024-04-03 8:15 ` Stefan Hanreich
[not found] ` <mailman.77.1712145853.450.pve-devel@lists.proxmox.com>
2024-04-03 12:25 ` Stefan Hanreich
[not found] ` <mailman.78.1712149473.450.pve-devel@lists.proxmox.com>
2024-04-03 13:08 ` Stefan Hanreich
2024-04-03 10:46 ` Max Carrara
2024-04-09 9:21 ` Stefan Hanreich
2024-04-10 10:25 ` Lukas Wagner
2024-04-11 5:21 ` Stefan Hanreich
2024-04-11 7:34 ` Thomas Lamprecht
2024-04-11 7:55 ` Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240402171629.536804-16-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox