From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id AC2201FF16B for ; Thu, 31 Oct 2024 11:10:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BCA6136B0A; Thu, 31 Oct 2024 11:10:42 +0100 (CET) From: Gabriel Goller To: pve-devel@lists.proxmox.com Date: Thu, 31 Oct 2024 11:10:35 +0100 Message-Id: <20241031101035.61272-2-g.goller@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241031101035.61272-1-g.goller@proxmox.com> References: <20241031101035.61272-1-g.goller@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.041 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH proxmox-firewall v2 2/2] firewall: delete unused sets X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" RGVsZXRlIHVudXNlZCBzZXRzIGluIG5mdGFibGVzLiBXZSBjaGVjayBpZiB0aGVyZSBhcmUgZXhp c3Rpbmcgc2V0cwp3aGljaCB3aWxsIG5vdCBiZSByZWNyZWF0ZWQgb24gdGhlIG5leHQgaXRlcmF0 aW9uIGFuZCBkZWxldGUgdGhlbS4KClNpZ25lZC1vZmYtYnk6IEdhYnJpZWwgR29sbGVyIDxnLmdv bGxlckBwcm94bW94LmNvbT4KLS0tCgp2MiwgdGhhbmtzIEBTdGVmYW46CiAtIG1vdmVkIGRlbGV0 ZV91bnVzZWRfc2V0cyBmdW5jdGlvbiBhbmQgaW52b2NhdGlvbiBpbnRvIEZpcmV3YWxsCiAgIHN0 cnVjdCDigJMgdGhpcyBtYWtlcyB0aGUgYmluIGZpbGVzIG11Y2ggY2xlYW5lcgoKIHByb3htb3gt ZmlyZXdhbGwvc3JjL2ZpcmV3YWxsLnJzIHwgNjEgKysrKysrKysrKysrKysrKysrKysrKysrKysr KysrLS0KIHByb3htb3gtbmZ0YWJsZXMvc3JjL2NsaWVudC5ycyAgIHwgIDkgKysrLS0KIHByb3ht b3gtbmZ0YWJsZXMvc3JjL3R5cGVzLnJzICAgIHwgMzMgKysrKysrKysrKysrKystLS0KIDMgZmls ZXMgY2hhbmdlZCwgOTQgaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQg YS9wcm94bW94LWZpcmV3YWxsL3NyYy9maXJld2FsbC5ycyBiL3Byb3htb3gtZmlyZXdhbGwvc3Jj L2ZpcmV3YWxsLnJzCmluZGV4IGJiNTQwMjM5M2ExZi4uYTQ1N2RlN2NkODhkIDEwMDY0NAotLS0g YS9wcm94bW94LWZpcmV3YWxsL3NyYy9maXJld2FsbC5ycworKysgYi9wcm94bW94LWZpcmV3YWxs L3NyYy9maXJld2FsbC5ycwpAQCAtMSw5ICsxLDEwIEBACi11c2Ugc3RkOjpjb2xsZWN0aW9uczo6 QlRyZWVNYXA7Cit1c2Ugc3RkOjpjb2xsZWN0aW9uczo6e0JUcmVlTWFwLCBIYXNoU2V0fTsKIHVz ZSBzdGQ6OmZzOwogCiB1c2UgYW55aG93Ojp7YmFpbCwgRXJyb3J9OwogCi11c2UgcHJveG1veF9u ZnRhYmxlczo6Y29tbWFuZDo6e0FkZCwgQ29tbWFuZHMsIERlbGV0ZSwgRmx1c2h9OwordXNlIHBy b3htb3hfbmZ0YWJsZXM6OmNsaWVudDo6TmZ0RXJyb3I7Cit1c2UgcHJveG1veF9uZnRhYmxlczo6 Y29tbWFuZDo6e0FkZCwgQ29tbWFuZHMsIERlbGV0ZSwgRmx1c2gsIExpc3QsIExpc3RPdXRwdXR9 OwogdXNlIHByb3htb3hfbmZ0YWJsZXM6OmV4cHJlc3Npb246OntNZXRhLCBQYXlsb2FkfTsKIHVz ZSBwcm94bW94X25mdGFibGVzOjpoZWxwZXI6Ok5mVmVjOwogdXNlIHByb3htb3hfbmZ0YWJsZXM6 OnN0YXRlbWVudDo6e0Fub255bW91c0xpbWl0LCBMb2csIExvZ0xldmVsLCBNYXRjaCwgU2V0LCBT ZXRPcGVyYXRpb259OwpAQCAtMTEsNyArMTIsNyBAQCB1c2UgcHJveG1veF9uZnRhYmxlczo6dHlw ZXM6OnsKICAgICBBZGRFbGVtZW50LCBBZGRSdWxlLCBDaGFpblBhcnQsIE1hcFZhbHVlLCBSYXRl VGltZXNjYWxlLCBTZXROYW1lLCBUYWJsZUZhbWlseSwgVGFibGVOYW1lLAogICAgIFRhYmxlUGFy dCwgVmVyZGljdCwKIH07Ci11c2UgcHJveG1veF9uZnRhYmxlczo6e0V4cHJlc3Npb24sIFN0YXRl bWVudH07Cit1c2UgcHJveG1veF9uZnRhYmxlczo6e0NvbW1hbmQsIEV4cHJlc3Npb24sIE5mdENs aWVudCwgU3RhdGVtZW50fTsKIAogdXNlIHByb3htb3hfdmVfY29uZmlnOjpob3N0Ojp0eXBlczo6 QnJpZGdlTmFtZTsKIApAQCAtMjAxLDYgKzIwMiw1NSBAQCBpbXBsIEZpcmV3YWxsIHsKICAgICAg ICAgT2soKCkpCiAgICAgfQogCisgICAgLy8vIEZldGNoIGFsbCB0aGUgc2V0cyB0aGF0IGN1cnJl bnRseSBleGlzdCwgdGhlbiBnZXQgYWxsIHRoZSBzZXRzIHRoYXQgd2lsbCBiZSBhZGRlZCBpbiB0 aGUgbmV4dAorICAgIC8vLyBpbnRlcmF0aW9uLiBNYWtlIHRoZSBkaWZmZXJlbmNlIGJldHdlZW4g dGhlbSBhbmQgcmVtb3ZlIHRoZSB1bnVzZWQgb25lcy4KKyAgICBmbiBkZWxldGVfdW51c2VkX3Nl dHMoJnNlbGYsIGNvbW1hbmRzOiAmQ29tbWFuZHMpIC0+IFJlc3VsdDxDb21tYW5kcywgTmZ0RXJy b3I+IHsKKyAgICAgICAgbGV0IG11dCBkZWxldGVfY29tbWFuZHMgPSBDb21tYW5kczo6ZGVmYXVs dCgpOworCisgICAgICAgIC8vIGdldCBzZXRzIHRoYXQgd2lsbCBiZSBhZGRlZAorICAgICAgICBs ZXQgbmV3X3NldHMgPSBjb21tYW5kcworICAgICAgICAgICAgLml0ZXIoKQorICAgICAgICAgICAg LmZpbHRlcl9tYXAofHd8IG1hdGNoIHcgeworICAgICAgICAgICAgICAgIENvbW1hbmQ6OkFkZChB ZGQ6OlNldCh4KSkgPT4gU29tZSh4LmNvbmZpZy5uYW1lKCkpLAorICAgICAgICAgICAgICAgIF8g PT4gTm9uZSwKKyAgICAgICAgICAgIH0pCisgICAgICAgICAgICAuY29sbGVjdDo6PEhhc2hTZXQ8 JlNldE5hbWU+PigpOworCisgICAgICAgIC8vIGdldCBleGlzdGluZyBzZXRzCisgICAgICAgIGxl dCBsaXN0X2NvbW1hbmRzID0gQ29tbWFuZHM6Om5ldyh2ZWMhW0xpc3Q6OnNldHMoKV0pOworICAg ICAgICBsZXQgZXhpc3Rpbmdfc2V0cyA9IE5mdENsaWVudDo6cnVuX2pzb25fY29tbWFuZHMoJmxp c3RfY29tbWFuZHMpOworICAgICAgICBtYXRjaCBleGlzdGluZ19zZXRzIHsKKyAgICAgICAgICAg IE9rKFNvbWUoZXhpc3Rpbmdfc2V0cykpID0+IHsKKyAgICAgICAgICAgICAgICBsZXQgZXhpc3Rp bmdfc2V0cyA9IGV4aXN0aW5nX3NldHMKKyAgICAgICAgICAgICAgICAgICAgLm5mdGFibGVzCisg ICAgICAgICAgICAgICAgICAgIC5pdGVyKCkKKyAgICAgICAgICAgICAgICAgICAgLmZpbHRlcl9t YXAofGl0ZW18IHsKKyAgICAgICAgICAgICAgICAgICAgICAgIGlmIGxldCBMaXN0T3V0cHV0OjpT ZXQoZSkgPSBpdGVtIHsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBTb21lKGUubmFtZSgp KQorICAgICAgICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAgICAgICAgICAg ICAgICAgICBOb25lCisgICAgICAgICAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICAgICAg ICAgIH0pCisgICAgICAgICAgICAgICAgICAgIC5jb2xsZWN0Ojo8SGFzaFNldDwmU2V0TmFtZT4+ KCk7CisgICAgICAgICAgICAgICAgbGV0IHRvX2RlbGV0ZSA9IGV4aXN0aW5nX3NldHMuZGlmZmVy ZW5jZSgmbmV3X3NldHMpOworCisgICAgICAgICAgICAgICAgbG9nOjpkZWJ1ZyEoImV4aXN0aW5n IHNldHM6IHs6Iz99IiwgZXhpc3Rpbmdfc2V0cyk7CisgICAgICAgICAgICAgICAgbG9nOjpkZWJ1 ZyEoIm5ldyBzZXRzOiB7OiM/fSIsIG5ld19zZXRzKTsKKyAgICAgICAgICAgICAgICBsb2c6OmRl YnVnISgidGhlc2Ugc2V0cyBhcmUgZ29pbmcgdG8gYmUgZGVsZXRlZDogezojP30iLCB0b19kZWxl dGUpOworCisgICAgICAgICAgICAgICAgZm9yIHNldCBpbiB0b19kZWxldGUuaW50b19pdGVyKCku Y2xvbmVkKCkuY2xvbmVkKCkgeworICAgICAgICAgICAgICAgICAgICBkZWxldGVfY29tbWFuZHMu cHVzaChDb21tYW5kOjpEZWxldGUoRGVsZXRlOjpTZXQoc2V0KSkpOworICAgICAgICAgICAgICAg IH0KKyAgICAgICAgICAgICAgICBPayhkZWxldGVfY29tbWFuZHMpCisgICAgICAgICAgICB9Cisg ICAgICAgICAgICBPayhOb25lKSA9PiB7CisgICAgICAgICAgICAgICAgbG9nOjpkZWJ1ZyEoIm5v IHNldHMgZXhpc3QiKTsKKyAgICAgICAgICAgICAgICBPayhkZWxldGVfY29tbWFuZHMpCisgICAg ICAgICAgICB9CisgICAgICAgICAgICBFcnIoZXJyKSA9PiBFcnIoZXJyKSwKKyAgICAgICAgfQor ICAgIH0KKwogICAgIHB1YiBmbiBmdWxsX2hvc3RfZncoJnNlbGYpIC0+IFJlc3VsdDxDb21tYW5k cywgRXJyb3I+IHsKICAgICAgICAgbGV0IG11dCBjb21tYW5kcyA9IENvbW1hbmRzOjpkZWZhdWx0 KCk7CiAKQEAgLTM0NCw2ICszOTQsMTEgQEAgaW1wbCBGaXJld2FsbCB7CiAgICAgICAgICAgICBz ZWxmLmNyZWF0ZV9icmlkZ2VfY2hhaW4oJm11dCBjb21tYW5kcywgYnJpZGdlX25hbWUsIGJyaWRn ZV9jb25maWcpPzsKICAgICAgICAgfQogCisgICAgICAgIG1hdGNoIHNlbGYuZGVsZXRlX3VudXNl ZF9zZXRzKCZjb21tYW5kcykgeworICAgICAgICAgICAgT2sobXV0IGRlbGV0ZV9jb21tYW5kcykg PT4gY29tbWFuZHMuYXBwZW5kKCZtdXQgZGVsZXRlX2NvbW1hbmRzKSwKKyAgICAgICAgICAgIEVy cihlcnIpID0+IGxvZzo6ZXJyb3IhKCJlcnJvciBkZWxldGluZyB1bnVzZWQgc2V0cyB7ZXJyOj99 IiksCisgICAgICAgIH0KKwogICAgICAgICBPayhjb21tYW5kcykKICAgICB9CiAKZGlmZiAtLWdp dCBhL3Byb3htb3gtbmZ0YWJsZXMvc3JjL2NsaWVudC5ycyBiL3Byb3htb3gtbmZ0YWJsZXMvc3Jj L2NsaWVudC5ycwppbmRleCBlYWEzZGQyMTM2ZWUuLjBmZDk1MGNkYzFlMSAxMDA2NDQKLS0tIGEv cHJveG1veC1uZnRhYmxlcy9zcmMvY2xpZW50LnJzCisrKyBiL3Byb3htb3gtbmZ0YWJsZXMvc3Jj L2NsaWVudC5ycwpAQCAtNTIsOCArNTIsMTMgQEAgaW1wbCBOZnRDbGllbnQgewogICAgICAgICBs ZXQgb3V0cHV0ID0gU2VsZjo6ZXhlY3V0ZV9uZnRfY29tbWFuZHModHJ1ZSwgJmpzb24pPzsKIAog ICAgICAgICBpZiAhb3V0cHV0LmlzX2VtcHR5KCkgewotICAgICAgICAgICAgbGV0IHBhcnNlZF9v dXRwdXQ6IE9wdGlvbjxDb21tYW5kT3V0cHV0PiA9IHNlcmRlX2pzb246OmZyb21fc3RyKCZvdXRw dXQpLm9rKCk7Ci0gICAgICAgICAgICByZXR1cm4gT2socGFyc2VkX291dHB1dCk7CisgICAgICAg ICAgICByZXR1cm4gbWF0Y2ggc2VyZGVfanNvbjo6ZnJvbV9zdHI6OjxDb21tYW5kT3V0cHV0Pigm b3V0cHV0KSB7CisgICAgICAgICAgICAgICAgT2sob3V0cHV0KSA9PiBPayhTb21lKG91dHB1dCkp LAorICAgICAgICAgICAgICAgIEVycihlcnIpID0+IHsKKyAgICAgICAgICAgICAgICAgICAgbG9n OjplcnJvciEoIkVycm9yIGRlc2VyaWFsaXppbmcgb3V0cHV0OiB7ZXJyOiM/fSIpOworICAgICAg ICAgICAgICAgICAgICBPayhOb25lKQorICAgICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH07 CiAgICAgICAgIH0KIAogICAgICAgICBPayhOb25lKQpkaWZmIC0tZ2l0IGEvcHJveG1veC1uZnRh Ymxlcy9zcmMvdHlwZXMucnMgYi9wcm94bW94LW5mdGFibGVzL3NyYy90eXBlcy5ycwppbmRleCAz MjBjNzU3YzdjYmEuLjI1OGJmYzg5OTczNCAxMDA2NDQKLS0tIGEvcHJveG1veC1uZnRhYmxlcy9z cmMvdHlwZXMucnMKKysrIGIvcHJveG1veC1uZnRhYmxlcy9zcmMvdHlwZXMucnMKQEAgLTE5LDcg KzE5LDcgQEAgdXNlIHByb3htb3hfdmVfY29uZmlnOjpndWVzdDo6dHlwZXM6OlZtaWQ7CiAjW2Rl cml2ZShDbG9uZSwgQ29weSwgRGVidWcsIEVxLCBQYXJ0aWFsRXEsIFBhcnRpYWxPcmQsIE9yZCwg RGVzZXJpYWxpemUsIFNlcmlhbGl6ZSldCiBwdWIgc3RydWN0IEhhbmRsZShpMzIpOwogCi0jW2Rl cml2ZShDbG9uZSwgQ29weSwgRGVidWcsIEVxLCBQYXJ0aWFsRXEsIFBhcnRpYWxPcmQsIE9yZCwg RGVzZXJpYWxpemUsIFNlcmlhbGl6ZSldCisjW2Rlcml2ZShDbG9uZSwgQ29weSwgRGVidWcsIEVx LCBQYXJ0aWFsRXEsIFBhcnRpYWxPcmQsIE9yZCwgRGVzZXJpYWxpemUsIFNlcmlhbGl6ZSwgSGFz aCldCiAjW3NlcmRlKHJlbmFtZV9hbGwgPSAibG93ZXJjYXNlIildCiBwdWIgZW51bSBUYWJsZUZh bWlseSB7CiAgICAgSXAsCkBAIC0yMTAsNyArMjEwLDcgQEAgaW1wbCBUYWJsZU5hbWUgewogICAg IH0KIH0KIAotI1tkZXJpdmUoQ2xvbmUsIERlYnVnLCBEZXNlcmlhbGl6ZSwgU2VyaWFsaXplLCBQ YXJ0aWFsRXEsIEVxLCBQYXJ0aWFsT3JkLCBPcmQpXQorI1tkZXJpdmUoQ2xvbmUsIERlYnVnLCBE ZXNlcmlhbGl6ZSwgU2VyaWFsaXplLCBQYXJ0aWFsRXEsIEVxLCBQYXJ0aWFsT3JkLCBPcmQsIEhh c2gpXQogcHViIHN0cnVjdCBUYWJsZVBhcnQgewogICAgIGZhbWlseTogVGFibGVGYW1pbHksCiAg ICAgdGFibGU6IFN0cmluZywKQEAgLTU2NCw3ICs1NjQsNyBAQCBpbXBsIERlcmVmTXV0IGZvciBB ZGRNYXAgewogI1tkZXJpdmUoQ2xvbmUsIERlYnVnLCBEZXNlcmlhbGl6ZSwgU2VyaWFsaXplKV0K IHB1YiBzdHJ1Y3QgQWRkU2V0IHsKICAgICAjW3NlcmRlKGZsYXR0ZW4pXQotICAgIGNvbmZpZzog U2V0Q29uZmlnLAorICAgIHB1YiBjb25maWc6IFNldENvbmZpZywKIAogICAgICNbc2VyZGUoZGVm YXVsdCwgc2tpcF9zZXJpYWxpemluZ19pZiA9ICJWZWM6OmlzX2VtcHR5IildCiAgICAgZWxlbTog TmZWZWM8U2V0RWxlbT4sCkBAIC02MDIsNyArNjAyLDcgQEAgaW1wbCBBZGRTZXQgewogICAgIH0K IH0KIAotI1tkZXJpdmUoQ2xvbmUsIERlYnVnLCBEZXNlcmlhbGl6ZSwgU2VyaWFsaXplKV0KKyNb ZGVyaXZlKENsb25lLCBEZWJ1ZywgRGVzZXJpYWxpemUsIFNlcmlhbGl6ZSwgUGFydGlhbEVxLCBF cSwgSGFzaCldCiBwdWIgc3RydWN0IFNldE5hbWUgewogICAgICNbc2VyZGUoZmxhdHRlbildCiAg ICAgdGFibGU6IFRhYmxlUGFydCwKQEAgLTkwOSw5ICs5MDksMzQgQEAgaW1wbCBMaXN0Q2hhaW4g ewogfQogCiAjW2Rlcml2ZShDbG9uZSwgRGVidWcsIERlc2VyaWFsaXplLCBTZXJpYWxpemUpXQor I1tzZXJkZShyZW5hbWVfYWxsID0gImtlYmFiLWNhc2UiKV0KIHB1YiBzdHJ1Y3QgTGlzdFNldCB7 CiAgICAgI1tzZXJkZShmbGF0dGVuKV0KICAgICBuYW1lOiBTZXROYW1lLAorCisgICAgI1tzZXJk ZShyZW5hbWUgPSAidHlwZSIsIGRlZmF1bHQsIHNraXBfc2VyaWFsaXppbmdfaWYgPSAiVmVjOjpp c19lbXB0eSIpXQorICAgIHR5OiBOZlZlYzxFbGVtZW50VHlwZT4sCisKKyAgICAjW3NlcmRlKHNr aXBfc2VyaWFsaXppbmdfaWYgPSAiT3B0aW9uOjppc19ub25lIildCisgICAgcG9saWN5OiBPcHRp b248U2V0UG9saWN5PiwKKworICAgICNbc2VyZGUoc2tpcF9zZXJpYWxpemluZ19pZiA9ICJWZWM6 OmlzX2VtcHR5IiwgZGVmYXVsdCldCisgICAgZmxhZ3M6IFZlYzxTZXRGbGFnPiwKKworICAgICNb c2VyZGUoc2tpcF9zZXJpYWxpemluZ19pZiA9ICJPcHRpb246OmlzX25vbmUiKV0KKyAgICBoYW5k bGU6IE9wdGlvbjxpNjQ+LAorCisgICAgI1tzZXJkZShza2lwX3NlcmlhbGl6aW5nX2lmID0gIk9w dGlvbjo6aXNfbm9uZSIpXQorICAgIGVsZW06IE9wdGlvbjxOZlZlYzxFeHByZXNzaW9uPj4sCisK KyAgICAjW3NlcmRlKHNraXBfc2VyaWFsaXppbmdfaWYgPSAiT3B0aW9uOjppc19ub25lIildCisg ICAgdGltZW91dDogT3B0aW9uPGk2ND4sCisKKyAgICAjW3NlcmRlKHNraXBfc2VyaWFsaXppbmdf aWYgPSAiT3B0aW9uOjppc19ub25lIildCisgICAgZ2NfaW50ZXJ2YWw6IE9wdGlvbjxpNjQ+LAor CisgICAgI1tzZXJkZShza2lwX3NlcmlhbGl6aW5nX2lmID0gIk9wdGlvbjo6aXNfbm9uZSIpXQor ICAgIHNpemU6IE9wdGlvbjxpNjQ+LAogfQogCiBpbXBsIExpc3RTZXQgewotLSAKMi4zOS41CgoK Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCnB2ZS1kZXZl bCBtYWlsaW5nIGxpc3QKcHZlLWRldmVsQGxpc3RzLnByb3htb3guY29tCmh0dHBzOi8vbGlzdHMu cHJveG1veC5jb20vY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL3B2ZS1kZXZlbAo=