Am 15.11.24 um 16:30 schrieb Hannes Laimer: > So it behaves the same way the 'old' firewall did. Since currently > ct state invalid are always dropped on the guest table, regardless > of the option. The host behaviour is not changed as it would > require `forward` to match the 'old' behaviour. > > Signed-off-by: Hannes Laimer <h.lai...@proxmox.com> > --- > based on what @Stefan suggested in response to [1]. This matches what the > old fw did with this option on vms. > > [1] > https://lore.proxmox.com/pve-devel/918ffc4c-c371-4d43-8c2c-849e61827...@proxmox.com/T/#t > > .../resources/proxmox-firewall.nft | 4 +++- > proxmox-firewall/src/firewall.rs | 10 ++++++++ > .../integration_tests__firewall.snap | 23 +++++++++++++++++++ > 3 files changed, 36 insertions(+), 1 deletion(-) > >
applied, thanks! I had to resolve some merge conflicts from context changes due to applying Stefan's proxmox-firewall patches upfront. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
