> The idea was to have a forward compatible upgrade path for existing users.
> And current users only had the option of running LUN code on proxmox
> servers. So it did not sound as a bad thing to keep this constraint if this
> allowed having a smaller/simpler script.
Oh, I see what you what to d
> (just an idea, but couldn't it be related to slow backups storages ? )
Already tested with overloaded/slow storage, but I cannot reproduce.
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>@alexandre: You are still using NexentStore? If so, does backup work for you?
Yes.
But to be honest, I never use proxmox backup, because I have too much datas.
(waiting for differential backup ;)
But I can give it a try, I see indeed a lot of bug reports with backup on
proxmox 3.2.
(just an
Good point, I'll check that today
- Mail original -
De: "Dietmar Maurer"
À: "Alexandre Derumier" , pve-devel@pve.proxmox.com
Envoyé: Mardi 25 Mars 2014 06:42:51
Objet: RE: [pve-devel] [PATCH 3/3] add ips optimizations
> + my $ips_enable = undef;
Can we simply test for: defined($r
> +my $ips_enable = undef;
Can we simply test for: defined($ruleset->{PVEFW-IPS}) instead?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
applied, thanks!
> -Original Message-
> From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf
> Of Alexandre Derumier
> Sent: Dienstag, 25. März 2014 05:15
> To: pve-devel@pve.proxmox.com
> Subject: [pve-devel] pve-firwall : ips feature v7
>
> changelog:
>
> add optimizati
Still on my todo list.
I am currently busy, because I am working on the firewall.
And there is that backup bug, and I am still unable to reproduce it. ...
> i'm missing a response to a lot of patches sent in Feb and Mar?
___
pve-devel mailing list
pv
Hi Alexandre,
first, my plan is to rename 'groups.fw' to 'cluster.fw'. That new file can
also
include a cluster wide 'rules' section, and we can add further sections
if needed.
> So, this avoid to parse all taps rules to finally drop (which can be cpu
> heavy, as
> the connection is never est
This add ips (like suricata) support through nfqueues.
The main idea is to replace -j ACCEPT with -J NFQUEUE , to pass packets to ips
it's using --queue-bypass (only available in 3.10 kernel), so it's suricata
daemon is down,
packets are not dropped.
tap-out chain,
-
we goto PVEFW-S
Signed-off-by: Alexandre Derumier
---
src/PVE/Firewall.pm | 33 +++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 794a9ac..2f8fc51 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -700,7
this flag enble optimizations on rules processing
host.fw
---
optimize:1
Signed-off-by: Alexandre Derumier
---
example/host.fw |3 +++
src/PVE/Firewall.pm |7 ++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/example/host.fw b/example/host.fw
index 663d2d7..4
changelog:
add optimization flag in host.fw
(I have splitted optimizations in separates patches)
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>To be of any use the user should be able to enter some wildcard like
>>*.foo.bar or *.bar
Hi Michael, I was talking about ip blacklisting.
(so you can blacklist range if you want, or import some public blocklist list
like
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
)
--
Hi,
i'm missing a response to a lot of patches sent in Feb and Mar?
Greets,
Stefan
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> > Are you able to reproduce the segfault?
> >
> I am unable to reproduce it.
@alexandre: You are still using NexentStore? If so, does backup work for you?
One user reported he can reproduce the bug with dbench and zfs plugin:
http://forum.proxmox.com/threads/18069-After-update-to-3-2-VM-crashi
On Mon, 24 Mar 2014 18:17:45 +0100 (CET)
Alexandre DERUMIER wrote:
> Hi,
>
> I'm thinking about a feature:
>
> adding a datacenter global drop/blacklist rules
>
To be of any use the user should be able to enter some wildcard like
*.foo.bar or *.bar
--
Hilsen/Regards
Michael Rasmussen
Get my
Hi,
I'm thinking about a feature:
adding a datacenter global drop/blacklist rules
this could be useful in case of an attack,ddos... for example
adding at the begin of PVE-FORWARD,
a drop for matching ip (or maybe better, an ipset group "blacklist")
So, this avoid to parse all taps rules
Maybe you can reproduce the problem with little RAM in the PVE Host?
Since that e100 show a problem of Segmentation fault according to this
link:
http://forum.proxmox.com/threads/18069-After-update-to-3-2-VM-crashing-during-backup?p=92374#post92374
- Original Message -
From: "Eric Blev
Are you able to reproduce the segfault?
I am unable to reproduce it.
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>we can use that format if you want (just send d a patch).
Ok,I'll try to have a look at it this week.
- Mail original -
De: "Dietmar Maurer"
À: "Alexandre DERUMIER" , "pve-devel"
Envoyé: Lundi 24 Mars 2014 09:17:06
Objet: RE: [pve-devel] pve-firewall : logstash tests
> + if (
> + if (pp_is_valid(inp, opi->usec_idx)) {
> + snprintf(timestr, MAX_LOCAL_TIME_STRING,
> + "%04d-%02d-
> %02dT%02d:%02d:%02d.%06u",
> + t->tm_year + 1900, t->tm_mon + 1,
> +
Hi,
I have done tests with logstash.
I can parse easily currents logs, so no need for json format.
Only thing,is that logstash works better(more precision),
with ISO_8601 date format.
They are a example in json ulogd plugin
http://git.netfilter.org/ulogd2/commit/?id=2b39df550fbad944b4aab77617d42
>>Maybe we can add a new 'optimize' flag to the host.fw. So that we can easily
>>turn on/off
>>those optimizations?
Yes, good idea !
I'll send a new patch today
- Mail original -
De: "Dietmar Maurer"
À: "Alexandre DERUMIER"
Cc: "pve-devel"
Envoyé: Vendredi 21 Mars 2014 16:31:1
23 matches
Mail list logo
