The introduction of scopes to alias / ipset names in firewall rules in Proxmox VE 8 did not include any automated mechanism for converting firewall rules. Many users still have firewall configurations containing unscoped names. The initial decision to only support the new format with proxmox-firewall led to problems with users trying to migrate to the nftables firewall, since the daemon fails to parse the configuration and generates no nftables ruleset at all.
proxmox-ve-rs: Stefan Hanreich (2): config: firewall: add support for legacy alias names config: firewall: add support for legacy ipset names proxmox-ve-config/src/firewall/cluster.rs | 16 ++- proxmox-ve-config/src/firewall/common.rs | 4 + proxmox-ve-config/src/firewall/guest.rs | 10 +- proxmox-ve-config/src/firewall/types/alias.rs | 98 ++++++++++++++++- proxmox-ve-config/src/firewall/types/ipset.rs | 104 +++++++++++++++++- proxmox-ve-config/src/firewall/types/rule.rs | 14 ++- .../src/firewall/types/rule_match.rs | 14 +-- 7 files changed, 232 insertions(+), 28 deletions(-) proxmox-firewall: Stefan Hanreich (1): fix #6107: add support for legacy ipset / alias names proxmox-firewall/src/config.rs | 93 ++++++++-- proxmox-firewall/src/firewall.rs | 15 +- proxmox-firewall/src/object.rs | 4 +- proxmox-firewall/src/rule.rs | 28 ++- proxmox-firewall/tests/input/cluster.fw | 2 + .../integration_tests__firewall.snap | 172 ++++++++++++++++++ 6 files changed, 276 insertions(+), 38 deletions(-) Summary over all repositories: 13 files changed, 508 insertions(+), 66 deletions(-) -- Generated by git-murpp 0.8.0 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
