On 3/4/25 13:24, Stefan Hanreich wrote:
default-in is also checking for conntrack status, so we should put this
I think `default-in` is currently noop'ing[1] ct state invalid, am I
missing something? I though maybe there's a reason for that, so I
left it as is, as with the change we'd drop there with invalid ct
state.
[1]
https://git.proxmox.com/?p=proxmox-firewall.git;a=blob;f=proxmox-firewall/resources/proxmox-firewall.nft;h=2dd7c48bc68b3ddf404e53a1c7be9e624227be13;hb=refs/heads/master#l208
there as well. Other than that consider this:
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
