[pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests
@ 2025-11-10 17:11 Michael Köppl
  2025-11-10 18:51 ` Stoiko Ivanov
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Köppl @ 2025-11-10 17:11 UTC (permalink / raw)
  To: pve-devel

The default value of 0 is wrong, since NDP is allowed by default for
both iptables and nftables. Update the documentation accordingly.

Signed-off-by: Michael Köppl <m.koeppl@proxmox.com>
---
 pve-firewall-host-opts.adoc | 2 +-
 pve-firewall-vm-opts.adoc   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
index d561d0bf..e5770fbe 100644
--- a/pve-firewall-host-opts.adoc
+++ b/pve-firewall-host-opts.adoc
@@ -18,7 +18,7 @@ Log level for outgoing traffic.
 
 Enable logging of conntrack information.
 
-`ndp`: `<boolean>` ('default =' `0`)::
+`ndp`: `<boolean>` ('default =' `1`)::
 
 Enable NDP (Neighbor Discovery Protocol).
 
diff --git a/pve-firewall-vm-opts.adoc b/pve-firewall-vm-opts.adoc
index 9f191cf9..653ab4f4 100644
--- a/pve-firewall-vm-opts.adoc
+++ b/pve-firewall-vm-opts.adoc
@@ -22,7 +22,7 @@ Log level for outgoing traffic.
 
 Enable/disable MAC address filter.
 
-`ndp`: `<boolean>` ('default =' `0`)::
+`ndp`: `<boolean>` ('default =' `1`)::
 
 Enable NDP (Neighbor Discovery Protocol).
 
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests
  2025-11-10 17:11 [pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests Michael Köppl
@ 2025-11-10 18:51 ` Stoiko Ivanov
  2025-11-11  9:42   ` Michael Köppl
  0 siblings, 1 reply; 4+ messages in thread
From: Stoiko Ivanov @ 2025-11-10 18:51 UTC (permalink / raw)
  To: Michael Köppl; +Cc: Proxmox VE development discussion

Thanks for noticing and providing the patch!

parts of our documentation are generated based on the information we have
in our JSONSchema and API calls (see e.g. gen-pve-firewall-host-opts.pl
for a starting point)

so the change would need to be done in the pve-firewall repo IIRC:
https://git.proxmox.com/?p=pve-firewall.git;a=blob;f=src/PVE/Firewall.pm;h=ec9c9ae9c35ec31e7cd3ca28ac4b5c20fa7e8c39;hb=HEAD#l1404


On Mon, 10 Nov 2025 18:11:24 +0100
Michael Köppl <m.koeppl@proxmox.com> wrote:

> The default value of 0 is wrong, since NDP is allowed by default for
> both iptables and nftables. Update the documentation accordingly.
> 
> Signed-off-by: Michael Köppl <m.koeppl@proxmox.com>
> ---
>  pve-firewall-host-opts.adoc | 2 +-
>  pve-firewall-vm-opts.adoc   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
> index d561d0bf..e5770fbe 100644
> --- a/pve-firewall-host-opts.adoc
> +++ b/pve-firewall-host-opts.adoc
> @@ -18,7 +18,7 @@ Log level for outgoing traffic.
>  
>  Enable logging of conntrack information.
>  
> -`ndp`: `<boolean>` ('default =' `0`)::
> +`ndp`: `<boolean>` ('default =' `1`)::
>  
>  Enable NDP (Neighbor Discovery Protocol).
>  
> diff --git a/pve-firewall-vm-opts.adoc b/pve-firewall-vm-opts.adoc
> index 9f191cf9..653ab4f4 100644
> --- a/pve-firewall-vm-opts.adoc
> +++ b/pve-firewall-vm-opts.adoc
> @@ -22,7 +22,7 @@ Log level for outgoing traffic.
>  
>  Enable/disable MAC address filter.
>  
> -`ndp`: `<boolean>` ('default =' `0`)::
> +`ndp`: `<boolean>` ('default =' `1`)::
>  
>  Enable NDP (Neighbor Discovery Protocol).
>  



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests
  2025-11-10 18:51 ` Stoiko Ivanov
@ 2025-11-11  9:42   ` Michael Köppl
  2025-11-11 10:27     ` Michael Köppl
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Köppl @ 2025-11-11  9:42 UTC (permalink / raw)
  To: Stoiko Ivanov, Michael Köppl; +Cc: Proxmox VE development discussion

Thanks, I overlooked that there is a gen script for this! Will send a
patch for pve-firewall instead.

On Mon Nov 10, 2025 at 7:51 PM CET, Stoiko Ivanov wrote:
> Thanks for noticing and providing the patch!
>
> parts of our documentation are generated based on the information we have
> in our JSONSchema and API calls (see e.g. gen-pve-firewall-host-opts.pl
> for a starting point)
>
> so the change would need to be done in the pve-firewall repo IIRC:
> https://git.proxmox.com/?p=pve-firewall.git;a=blob;f=src/PVE/Firewall.pm;h=ec9c9ae9c35ec31e7cd3ca28ac4b5c20fa7e8c39;hb=HEAD#l1404
>
>
> On Mon, 10 Nov 2025 18:11:24 +0100
> Michael Köppl <m.koeppl@proxmox.com> wrote:
>
>> The default value of 0 is wrong, since NDP is allowed by default for
>> both iptables and nftables. Update the documentation accordingly.
>> 
>> Signed-off-by: Michael Köppl <m.koeppl@proxmox.com>
>> ---
>>  pve-firewall-host-opts.adoc | 2 +-
>>  pve-firewall-vm-opts.adoc   | 2 +-
>>  2 files changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
>> index d561d0bf..e5770fbe 100644
>> --- a/pve-firewall-host-opts.adoc
>> +++ b/pve-firewall-host-opts.adoc
>> @@ -18,7 +18,7 @@ Log level for outgoing traffic.
>>  
>>  Enable logging of conntrack information.
>>  
>> -`ndp`: `<boolean>` ('default =' `0`)::
>> +`ndp`: `<boolean>` ('default =' `1`)::
>>  
>>  Enable NDP (Neighbor Discovery Protocol).
>>  
>> diff --git a/pve-firewall-vm-opts.adoc b/pve-firewall-vm-opts.adoc
>> index 9f191cf9..653ab4f4 100644
>> --- a/pve-firewall-vm-opts.adoc
>> +++ b/pve-firewall-vm-opts.adoc
>> @@ -22,7 +22,7 @@ Log level for outgoing traffic.
>>  
>>  Enable/disable MAC address filter.
>>  
>> -`ndp`: `<boolean>` ('default =' `0`)::
>> +`ndp`: `<boolean>` ('default =' `1`)::
>>  
>>  Enable NDP (Neighbor Discovery Protocol).
>>  



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests
  2025-11-11  9:42   ` Michael Köppl
@ 2025-11-11 10:27     ` Michael Köppl
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Köppl @ 2025-11-11 10:27 UTC (permalink / raw)
  To: Michael Köppl, Stoiko Ivanov; +Cc: Proxmox VE development discussion

Sent a patch for pve-firewall:
https://lore.proxmox.com/pve-devel/20251111102546.38254-1-m.koeppl@proxmox.com

On Tue Nov 11, 2025 at 10:42 AM CET, Michael Köppl wrote:
> Thanks, I overlooked that there is a gen script for this! Will send a
> patch for pve-firewall instead.
>
> On Mon Nov 10, 2025 at 7:51 PM CET, Stoiko Ivanov wrote:
>> Thanks for noticing and providing the patch!
>>
>> parts of our documentation are generated based on the information we have
>> in our JSONSchema and API calls (see e.g. gen-pve-firewall-host-opts.pl
>> for a starting point)
>>
>> so the change would need to be done in the pve-firewall repo IIRC:
>> https://git.proxmox.com/?p=pve-firewall.git;a=blob;f=src/PVE/Firewall.pm;h=ec9c9ae9c35ec31e7cd3ca28ac4b5c20fa7e8c39;hb=HEAD#l1404
>>
>>
>> On Mon, 10 Nov 2025 18:11:24 +0100
>> Michael Köppl <m.koeppl@proxmox.com> wrote:
>>
>>> The default value of 0 is wrong, since NDP is allowed by default for
>>> both iptables and nftables. Update the documentation accordingly.
>>> 
>>> Signed-off-by: Michael Köppl <m.koeppl@proxmox.com>
>>> ---
>>>  pve-firewall-host-opts.adoc | 2 +-
>>>  pve-firewall-vm-opts.adoc   | 2 +-
>>>  2 files changed, 2 insertions(+), 2 deletions(-)
>>> 
>>> diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
>>> index d561d0bf..e5770fbe 100644
>>> --- a/pve-firewall-host-opts.adoc
>>> +++ b/pve-firewall-host-opts.adoc
>>> @@ -18,7 +18,7 @@ Log level for outgoing traffic.
>>>  
>>>  Enable logging of conntrack information.
>>>  
>>> -`ndp`: `<boolean>` ('default =' `0`)::
>>> +`ndp`: `<boolean>` ('default =' `1`)::
>>>  
>>>  Enable NDP (Neighbor Discovery Protocol).
>>>  
>>> diff --git a/pve-firewall-vm-opts.adoc b/pve-firewall-vm-opts.adoc
>>> index 9f191cf9..653ab4f4 100644
>>> --- a/pve-firewall-vm-opts.adoc
>>> +++ b/pve-firewall-vm-opts.adoc
>>> @@ -22,7 +22,7 @@ Log level for outgoing traffic.
>>>  
>>>  Enable/disable MAC address filter.
>>>  
>>> -`ndp`: `<boolean>` ('default =' `0`)::
>>> +`ndp`: `<boolean>` ('default =' `1`)::
>>>  
>>>  Enable NDP (Neighbor Discovery Protocol).
>>>  



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-11-11 10:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-10 17:11 [pve-devel] [PATCH docs 1/1] firewall: set default value of NDP to 1 for nodes and guests Michael Köppl
2025-11-10 18:51 ` Stoiko Ivanov
2025-11-11  9:42   ` Michael Köppl
2025-11-11 10:27     ` Michael Köppl

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal