]> git.proxmox.com Git - proxmox-firewall.git/commit
projects / proxmox-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 90ac474) | patch
firewall: properly handle REJECT rules
authorStefan Hanreich <s.hanreich@proxmox.com>
Tue, 23 Apr 2024 16:02:53 +0000 (18:02 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 23 Apr 2024 16:33:15 +0000 (18:33 +0200)
commit6a824765a7b64e5b001b6f238e368d04f066a12b
tree2f1fbdf84860d862c91a4d399d9565ff32bb8836tree
parent90ac474bf3955d163a39ca810d11794ba94c3271commit | diff
firewall: properly handle REJECT rules

Currently we generated DROP statements for all rules involving REJECT.
We only need to generate DROP when in the postrouting chain of tables
with type bridge, since REJECT is disallowed there. Otherwise we jump
into the do-reject chain which properly handles rejects for different
protocol types.

Reported-By: Stefan Sterz <s.sterz@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
proxmox-firewall/resources/proxmox-firewall.nft diff | blob | blame | history
proxmox-firewall/src/firewall.rs diff | blob | blame | history
proxmox-firewall/src/rule.rs diff | blob | blame | history
proxmox-firewall/tests/input/100.fw diff | blob | blame | history
proxmox-firewall/tests/input/host.fw diff | blob | blame | history
proxmox-firewall/tests/snapshots/integration_tests__firewall.snap diff | blob | blame | history
proxmox-nftables/src/statement.rs diff | blob | blame | history
nftables based implementation of the Proxmox VE firewall, written in rust