From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 20D301FF185 for ; Mon, 23 Jun 2025 05:53:52 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0D83036EFE; Mon, 23 Jun 2025 05:54:18 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.10.3 morty.keekles.org C31BD19E1DA8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bryanfields.net; s=909DCF92-EFE7-11EB-9235-648EB8AF1B81; t=1750650816; bh=OkmjhCxaWGnCmaDdpkIrkDVUFJvq+Zf+F+dugwNsgSM=; h=Message-ID:Date:MIME-Version:From:To; b=SVuTJtmq49DW+R4VHmgj1QObA4w6G0BJLOefU6kTN9fZx6sFc8dEbkRfWo08mgonE aQgi9wY9ShnqFRDcTiPBCvRyLvFSxRrRYAuumuP7Ys4pVpIIXSKn5b9OJv1xPIUiJP ewM8EHp1cmE/mM3WbczL+jbEN7oRCwJWwKPTWClsKJbz845lPvql4tTR04l1ykSiOv gkv8xRz4Vp2PeV/mUW4sE9WT+7hhxkVPLXULK1hTY24Lwcw139zhWBO3LmemowYBlU lecfNE7CBTzVWenF5HwScQIG+a7m/Qx/g9T+yMjXBrpKOISCi9ZhiOXo4+wV8oxeXR Ld/2yqtpzpthQ== X-Virus-Scanned: amavis at morty.keekles.org Message-ID: <8308d4c1-c352-4df2-bd34-9f004f7b3a21@bryanfields.net> Date: Sun, 22 Jun 2025 23:53:35 -0400 MIME-Version: 1.0 User-Agent: Mutt/1.12.0 (2019-05-25) From: Bryan Fields To: pve-user@lists.proxmox.com References: <1d20bc9d-b794-4124-bd47-f7586ab1ccd7@bryanfields.net> Content-Language: en-US Autocrypt: addr=Bryan@bryanfields.net; keydata= xsFNBFaW5aYBEAC6uM1IbtChDLC2cT+v2uP5AMIJyzjFFh0e6BkCeyqTupw1459dBQlRrgsr WNBFAAzUoqWiGT8xb3CUS9y7CS3cfUL06TIUbDVUcytOPS71Z5YbSICShe8cFOzqdXlvWYQR HbAP2enVeBqLyCtwBfaKwCjgUdwR/qmD/jIIOaDBxuxVmvs4ivIRdEqVJFXOIUaeKPSA8PPD eLBuaAlHhLBKXGNDjgf3EzfWiZiCkZ7vkPaVHJ7PYV+3eazeTahyvuYD1KzNaIlOy0XyKksO EmqPO0H5Qsu9ZpQEPd5qzm20tov9hA4F91tl1NX2OcZV3FqxAZ7hA8n+OmW8ep90T6e8H7UR 3l+DtGGrBmaNqJDx8cH0qQv2x+NmieNdaKiLhdgBAeTgBC2wgJ3j8xetHIEsr6pBJQWFPs4i ZsNMHGNP2qJxRTG17O2GIPlcQUIm7Nnk3vG5QvejdPS+7ULprMTDCYVcNydJ9Ar3WJawAkvZ Ombg4Of0Has7/0eNEczJIl56+EoKNKxF74LxnFx+XLOJSBUMsyQr76VE7dG1PuYiTziA8Yb5 P4vt7YJSvbn1x/BhRUuQhxFHc6cQgIfytsUusbt04EwoH3CK2O6EVIsMKhvjdKgjiKWuY4Hl zSpiDBuqg36ppqr2GrGDngYERPiB86FGgGtqyS+fnMysu/okqQARAQABzTtCcnlhbiBGaWVs ZHMgKEJyeWFuIEZpZWxkcyBOZXcgS2V5KSA8QnJ5YW5AYnJ5YW5maWVsZHMubmV0PsLBfgQT AQIAKAUCVpblpgIbIwUJEswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQYTmgYVLG kUDExw//Y91BqsMNUnC51+Yl6z3N5Xxkt6xRvyHDekz0oQyZTEjMSonFlZK6T+IDRGwjkRFI GhiLF805+L2Vx0g5+N3S5TlW1BW3o3DlvmAdRZXCqSi6zK8xFxxhrq5OfQyr2f4aG38qmCA1 bhgYFUamxOmneQI1/yZayl6ZIlESsZ70TtRADBl0KPYaDTh/xU26ywQemKlbW1R2LeAquiSn OweC1huw6wLC0nQcO3j/83ZFZmHGyhNV8yfU1hAl94MurRy2I/jpXGtTkkkSBKotb9dPkf0P hXfVnhTIVMwj6YfwtTT7Fz7u24WSauxGfO5nq7PJfs/wdqcrgYzXa3ax8q6qQai3GdUyP0Zg HPLm7PsWTY9OT/MU61QH+PZHU2GHodofF03XSlCsebX770GMZcgBESBHNyAVfJb9cfdzqpl9 AKlIhfvwqYp3NeXfBZPXPN5kWHUVCRhhgUahLtIUDiNJE0beiQhqSo6/SBZOJI1DBCovhCQZ mv8dmERl/L8jesZhO+vHk1t8BW6cUaZIeKe7Di/F+84T0GKsyIXUVoZvmAnCs9XaF/BS7746 CbTHrIum45xYTPOAfr3VAgZ+Fe/hxLZ8YZsfyYrWayS0dxOvy/V7QeP3ZnBdAqgyXhWpTYRi x5mJpV49ZESKOMo2NZKZUGG6fchYdAvN4mZBUkkqsF7OwU0EVpblpgEQAMpXB+O2fPI7/HVU lM95Ifn0bl9mc1gQ0mBYkt60pNMc89L0Ej0CEDymRk/vAcoyTRPuUC7+c/EbV3fL59NXn3xY q5NQD+DVyoBcr3gU1ybgYdqdvuvdY07LOdQWwCPcDzc6HN/PxVKglyFKyUvvhIkdm3G+j8Zx jVCtiWhXcKXWY55wga7CPebqZZ5IzoLwDbR7BWNx6ACgD/W2FxKS9DitWqVQ+oAoUvsV682j vQojt4Jz59FqDqgNpkmoQeTIkulGmfjCZVPUIcd0+Vhn3PBgt+Td10l6bx6FJsM/Wp1hDLq8 AA8IqVGUZgvdzXRw0XGQN1sQZiECi77msr/n7v/+xelLex/B0eSnZUtE6TnHPNgUrrfaRwAJ O2uoX/zbmVvRgPThgrzaj75HJmuKOraJst0s5rAipaiXZdB5kbHsi/uBI7MEsSIc0auyy7lQ Vrc2P3Mb1CznZGX0Wk6E1Ovyl4AMQHsGCXJLHUTYV/dulsh0aLDKdyx3GQPjr0Q3l0OhudCb 6tHCWBJ/gAEvINRttaVswMKMCrMvcLfH+quGJFEm9Nmo0kDXa7+CuAITZT4hhDOakV2ghAa/ 9Psj6ylfpJk2Zsg+XMuhsPtMHxXXBk/akkB6VDoix94ADemXANdw8hQAOT3krASxv1hSZvJW 4CClxanP9WI5imhUT0gPABEBAAHCwWUEGAECAA8FAlaW5aYCGwwFCRLMAwAACgkQYTmgYVLG kUAvTA//f5o34tYC6yy3VMbEvwJNs93ij45csdnaZuFjoETiBjt6pTL0Gp8IMTjVHsMWNmB2 sbqlz5F/2fwaMFq/3WoJqwumZu2du/+Jqql3b/ydg9gKQaKeQdHTjwdEjH54JY+dpQbl/Y7V jHRzOcSlR4WgZ0/gAIlbKCV5OQvP/6HwGFIgN83MmPhHvYIUdus3tcDxf74uq4wo6vLtEFLY mbJZs1oRl/bzyok0ZvdmII4xhnyVieX98uyAFgWewHvSg1hFPHAtX6GxLFRR2Xz3df7dA60A BSupmW2C1km82Ionna5xUUQ+XBmjoVRE7wYiUg68/O4KCQv54vR7HcH6uEAWOI3eTpSkn6OF 1u4mNZexLJ/LF86DRYYRtYHTpEAxPsYy/idOt8oWWaR/L9aAEnWnWi3G462zfa+2XollAwBG 2oQmazAKwQasdi2W37OXKywSePuUOaQf7PSm3Uy/PVLR86RJaBfQ8IjkU7qlFrGrCN4NM4Sk CtqY84HtlsDY0ZuIg+gJCb13RT0b/HYWk11VRoeC1ys4E+3bOcSXxiyMaLz+Jwy2EJjsCixa jHmJOY69icegMGLQiHnfx3WlFewy+mQRJl+4gkA1VWyxLwwQmMqOaTQ79bF9GoF6qXROXo9b 9rT3q8jorgOm+1x6PsqQ9M0QL+qshhal/EIaMaOdoN0= In-Reply-To: <1d20bc9d-b794-4124-bd47-f7586ab1ccd7@bryanfields.net> X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [PVE-User] PVE-firewall and multicast with linux bridging X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE user list Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pve-user-bounces@lists.proxmox.com Sender: "pve-user" On 6/22/25 02:22, Bryan Fields wrote: > I've run into this multicast issue. Even with the interface as unfirewalled, > proxmox is blocking multicast/invalid traffic at the server and datacenter level. did more digging on this using the TRACE tool in iptables. I believe it's 100% a bug at this point, as there is no way to disable these rules other than to disable the firewall at the cluster level. Disabling the entire firewall is unacceptable. I've updated this and filed a bug here: https://bugzilla.proxmox.com/show_bug.cgi?id=6478 -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user