From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 283BB1FF165 for ; Thu, 25 Sep 2025 12:04:55 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1616A1CF6B; Thu, 25 Sep 2025 12:05:18 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Thu, 25 Sep 2025 12:05:07 +0200 Message-ID: <20250925100514.130484-3-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20250925100514.130484-1-s.hanreich@proxmox.com> References: <20250925100514.130484-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.183 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH proxmox-firewall 1/3] run rustfmt X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Signed-off-by: Stefan Hanreich --- proxmox-firewall/src/config.rs | 6 +++--- proxmox-firewall/src/firewall.rs | 6 +++--- proxmox-firewall/src/object.rs | 6 +++--- proxmox-firewall/src/rule.rs | 30 ++++++++++++++---------------- 4 files changed, 23 insertions(+), 25 deletions(-) diff --git a/proxmox-firewall/src/config.rs b/proxmox-firewall/src/config.rs index d6a4df5..8bd9f2a 100644 --- a/proxmox-firewall/src/config.rs +++ b/proxmox-firewall/src/config.rs @@ -3,7 +3,7 @@ use std::default::Default; use std::fs::{self, DirEntry, File, ReadDir}; use std::io::{self, BufReader}; -use anyhow::{bail, format_err, Context, Error}; +use anyhow::{Context, Error, bail, format_err}; use proxmox_log as log; @@ -17,10 +17,10 @@ use proxmox_ve_config::guest::types::Vmid; use proxmox_ve_config::guest::{GuestEntry, GuestMap}; use proxmox_ve_config::host::types::BridgeName; -use proxmox_network_api::{get_network_interfaces, AltnameMapping}; +use proxmox_network_api::{AltnameMapping, get_network_interfaces}; +use proxmox_nftables::NftClient; use proxmox_nftables::command::{CommandOutput, Commands, List, ListOutput}; use proxmox_nftables::types::ListChain; -use proxmox_nftables::NftClient; use proxmox_ve_config::sdn::{ config::{RunningConfig, SdnConfig}, ipam::{Ipam, IpamJson}, diff --git a/proxmox-firewall/src/firewall.rs b/proxmox-firewall/src/firewall.rs index 8cac190..5012610 100644 --- a/proxmox-firewall/src/firewall.rs +++ b/proxmox-firewall/src/firewall.rs @@ -1,7 +1,7 @@ use std::collections::BTreeMap; use std::fs; -use anyhow::{Error, bail}; +use anyhow::{bail, Error}; use proxmox_log as log; @@ -25,17 +25,17 @@ use proxmox_ve_config::firewall::guest::Config as GuestConfig; use proxmox_ve_config::firewall::host::Config as HostConfig; use proxmox_network_types::ip_address::{Cidr, Ipv6Cidr}; -use proxmox_ve_config::firewall::types::Group; use proxmox_ve_config::firewall::types::ipset::{ Ipfilter, Ipset, IpsetEntry, IpsetName, IpsetScope, }; use proxmox_ve_config::firewall::types::log::{LogLevel as ConfigLogLevel, LogRateLimit}; use proxmox_ve_config::firewall::types::rule::{Direction, Verdict as ConfigVerdict}; +use proxmox_ve_config::firewall::types::Group; use proxmox_ve_config::guest::types::Vmid; use crate::config::FirewallConfig; use crate::object::{NftObjectEnv, ToNftObjects}; -use crate::rule::{NftRule, NftRuleEnv, generate_verdict}; +use crate::rule::{generate_verdict, NftRule, NftRuleEnv}; static CLUSTER_TABLE_NAME: &str = "proxmox-firewall"; static HOST_TABLE_NAME: &str = "proxmox-firewall"; diff --git a/proxmox-firewall/src/object.rs b/proxmox-firewall/src/object.rs index a7575bb..42423b9 100644 --- a/proxmox-firewall/src/object.rs +++ b/proxmox-firewall/src/object.rs @@ -1,19 +1,19 @@ -use anyhow::{Error, format_err}; +use anyhow::{format_err, Error}; use proxmox_log as log; use proxmox_nftables::{ - Command, Expression, command::{Add, Flush}, expression::Prefix, types::{ AddCtHelper, AddElement, CtHelperProtocol, ElementType, L3Protocol, SetConfig, SetFlag, SetName, TablePart, }, + Command, Expression, }; use proxmox_ve_config::{ firewall::{ ct_helper::CtHelperMacro, - types::{Alias, Ipset, alias::AliasName, ipset::IpsetAddress}, + types::{alias::AliasName, ipset::IpsetAddress, Alias, Ipset}, }, guest::types::Vmid, }; diff --git a/proxmox-firewall/src/rule.rs b/proxmox-firewall/src/rule.rs index 77bc6ea..2512537 100644 --- a/proxmox-firewall/src/rule.rs +++ b/proxmox-firewall/src/rule.rs @@ -1,20 +1,19 @@ use std::ops::{Deref, DerefMut}; -use anyhow::{Error, bail, format_err}; +use anyhow::{bail, format_err, Error}; use proxmox_log as log; use proxmox_nftables::{ - Expression, Statement, expression::{Ct, IpFamily, Meta, Payload, Prefix}, statement::{Log, LogLevel, Match, Operator}, types::{AddRule, ChainPart, SetName, TableFamily, TablePart}, + Expression, Statement, }; use proxmox_ve_config::{ firewall::{ ct_helper::CtHelperMacro, - fw_macros::{FwMacro, get_macro}, + fw_macros::{get_macro, FwMacro}, types::{ - Alias, Rule, alias::AliasName, ipset::{Ipfilter, IpsetName}, log::LogRateLimit, @@ -22,6 +21,7 @@ use proxmox_ve_config::{ rule_match::{ Icmp, Icmpv6, IpAddrMatch, IpMatch, Ports, Protocol, RuleMatch, Sctp, Tcp, Udp, }, + Alias, Rule, }, }, guest::types::Vmid, @@ -691,18 +691,16 @@ impl ToNftRules for Ipfilter<'_> { if env.contains_family(Family::V4) { base_rule.set_family(Family::V4); - base_rule.append(&mut vec![ - Match::new_ne( - Payload::field("arp", "saddr ip"), - Expression::set_name(&SetName::ipset_name( - Family::V4, - self.ipset().name(), - env.vmid, - false, - )), - ) - .into(), - ]); + base_rule.append(&mut vec![Match::new_ne( + Payload::field("arp", "saddr ip"), + Expression::set_name(&SetName::ipset_name( + Family::V4, + self.ipset().name(), + env.vmid, + false, + )), + ) + .into()]); rules.push(base_rule); } -- 2.47.3 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel