From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9AF95C924 for ; Sun, 9 Jul 2023 21:11:46 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 807D038A48 for ; Sun, 9 Jul 2023 21:11:16 +0200 (CEST) Received: from mail.velder.link (mail.velder.link [IPv6:2a06:8280:0:5::29]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Sun, 9 Jul 2023 21:11:14 +0200 (CEST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 34DD51AE099 for ; Sun, 9 Jul 2023 21:11:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=velder.li; s=dkim; t=1688929868; h=from:subject:date:message-id:to:mime-version:content-type: content-language; bh=oEpDbaVUR1ByzmXI4Ks6W+hp1rz4QEdfXib3hlnPLPY=; b=aI7REW+pMlFJbZobNkL+UQF+xArDuygmDi/mMST3LDUbymMDfRbBQ3sNanRaabHkjm+DF+ 6QAI+SycoCGkPlTWzpqMWMnehyw5fmEQaze2lJC8Uea0a797Ys4XvSjwHP5bOf0t+uMqjK YZ3MmSAKW5ZQBizFllCG+3+OYxTWPzqyVZmNLvQDr2P3/xkzwkhDkdvb5HKsvW796eXYzY EAIU7dNtx7GFOeKKIqYNTBgP9X1MZjXoeTiyjL6hyYl2/x+LRAdQmtWK1VVeNcMza0WRWD K218C71nge9R8cWRzCcicqfmzT7bMY6pG5rHB4559zpswj1n/ESv2LqexgEJwQ== Message-ID: Date: Sun, 9 Jul 2023 21:11:05 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 To: pve-user@lists.proxmox.com Content-Language: en-US From: Patrick Velder X-Last-TLS-Session-Version: TLSv1.3 X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_MISSING 0.1 Missing DMARC policy HTML_MESSAGE 0.001 HTML included in message KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [PVE-User] PVE Firewall IPset+Alias broken in v8 X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Jul 2023 19:11:46 -0000 Hello, Since the upgrade to PVE 8, there appears to be a problem with the combination of ipset and alias. When checking the firewall status using the command "pve-firewall status," I receive the error message "value does not look like a valid IP address or CIDR network" repeated multiple times. Despite attempting to downgrade to pve-firewall_4.3-2_amd64.deb, the issue remains unresolved. To further investigate and find a potential solution, I recommend checking the following forum threads: * https://forum.proxmox.com/threads/pve-8-pve-firewall-status-no-such-alias.130202/ * https://forum.proxmox.com/threads/ipset-not-working-for-accepting-cluster-traffic.129599/ Is that a known issue and is there maybe a workaround, since many rules stopped working? Thanks and best regards Patrick