Already talked with Stefan offlist, but some major things I noted when testing: * It would be cool to have the generated IPSets visible in the IPSet menu under Firewall (Datacenter). We could add a checkmark to hide them (as there can be quite many) and make them read-only. * Zones can be restricted to specific Nodes, but we generate the IPSets on every Node for all Zones. This means some IPSets are useless and we could avoid generating them in the first place.
Otherwise the IPSet generation works fine. The algorithm for generating iptables ipset ranges also works perfectly! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
