Currently when setting ICMPv6 types on the old firewall (iptables) then switching to the new one (nftables) a few types will fail because they have been renamed in nftables. The most prominent are neighbor-solicitation/advertisement but there are a few more. There are also some that are not supported in nftables and need to be handled accordingly. Add a mapping which maps old types to new types and converts them when parsing the config. This way we are transparent and can switch to using the new nftables names in the future.
ve-rs: Gabriel Goller (2): fix: firewall: introduce iptables to nftables mapping for icmpv6-types firewall: correctly return errors when parsing icmpv6 types and codes. .../src/firewall/types/rule_match.rs | 89 ++++++++++++++----- 1 file changed, 69 insertions(+), 20 deletions(-) proxmox-firewall: Gabriel Goller (1): tests: add icmpv6 type mapping test proxmox-firewall/tests/input/host.fw | 1 + .../integration_tests__firewall.snap | 63 +++++++++++++++++++ 2 files changed, 64 insertions(+) Summary over all repositories: 3 files changed, 133 insertions(+), 20 deletions(-) -- Generated by git-murpp 0.8.0 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
