From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 28F331FF140 for ; Fri, 24 Apr 2026 10:22:25 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 7BE98CFB7; Fri, 24 Apr 2026 10:22:24 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=rchrist.io; s=default; t=1777018903; bh=39dY2Af3BMI4QeZQSJV+NNr6fEh9rOj4ONudbD/MsVU=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=N7re8n0VwY/XiB3mbP0nHyVDK/nO8erC7hYvavzhLM11meR0P3RhGM0exGALemqEG ClUlwMSTSp75DT871CnUpuo9dyXja+IgoZcomJWGxxQEKqvthMy+EJJGXFPXFL5uBA +HTaUFna7A6DH8HUbHmWhFTzgRDzaG1yGcR8W+TEXpSHG9AmQfpI5IvssqmChHzSfn D6O4kW0Z9lkpL0tAE1nRgqqB2A7BV2RYipzE1p7Nd0kobLdGXYrSVshFlnPs2CFyCb VwTgB1A+YNEFwfbU+Oi8oZmXtr5njYY8hrBeWOJjHvfduU5Vzg24Odre7+qA31pZqU ugbITO1TyAawg== Content-Type: text/plain; charset=UTF-8 Date: Fri, 24 Apr 2026 10:21:36 +0200 Message-Id: Subject: Re: [pve-devel] [PATCH pve-firewall] rename sysctl.d/pve-firewall.conf to 10-pve-firewall.conf From: "Robin Christ" To: "Proxmox VE development discussion" Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Mailer: aerc 0.20.1-270-g2fb08ac189a1 References: In-Reply-To: X-Virus-Scanned: ClamAV using ClamSMTP X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust RCVD_IN_MSPIKE_H3 0.001 Good reputation (+3) RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: P4COHH77G6HELJOYKZ5RPZKAA2VJB66Q X-Message-ID-Hash: P4COHH77G6HELJOYKZ5RPZKAA2VJB66Q X-MailFrom: robin@rchrist.io X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: > Currently, It's not possible to override the values in sysctl.conf > because pve-firewall.conf is exected after. > > * Applying /usr/lib/sysctl.d/10-pve-ct-inotify-limits.conf ... > * Applying /usr/lib/sysctl.d/10-pve.conf ... > * Applying /etc/sysctl.d/30-ceph-osd.conf ... > * Applying /usr/lib/sysctl.d/50-pid-max.conf ... > * Applying /usr/lib/sysctl.d/99-protect-links.conf ... > * Applying /etc/sysctl.d/99-sysctl.conf ... > * Applying /usr/lib/sysctl.d/pve-firewall.conf ... > * Applying /etc/sysctl.conf ... > > (For evpn with multiple exit nodes, we need to allow asymetric routing > with disabling rp_filter) > > reported on the forum: > https://forum.proxmox.com/threads/evpn-vpls-with-multi-exit-nodes-firewal= l-drop-packet-with-asymetric-routing.158225/#post-729042 Hi, Could this patch please be reviewed? I just ran into this issue with some s= pecial EVPN / BGP setup. Not particularly nice to have an override file nam= ed "z-..." CC @Stefan Hanreich Cheers, Robin