search

jiangcuo / Proxmox-Port

Proxmox VE arm64 riscv64 loongarch64
GNU Affero General Public License v3.0
629 stars 31 forks source link

invalid ipset name #41

Open liberodark opened 7 months ago

liberodark commented 7 months ago

Hi,

I currently have a PVE 8.1.x on RISC-V And I'm stuck on a small problem defining via ipset. I can't use my firewall as I would like. My configuration works on a classic x86_64. But here I tell myself that I probably forgot a defconfig side for the kernel. Do you have any ideas or recommendations on this ? That is my last issue actually have fixe other issues and now pve work great but without fw ipset.

Best Regards

image

Jan 26 12:15:58 sv1 pve-firewall[4109]: /etc/pve/firewall/cluster.fw (line 25) - errors in rule parameters: IN HTTPS(ACCEPT) -source +dc/whitelist -log nolog
Jan 26 12:15:58 sv1 pve-firewall[4109]:   source: invalid ipset name '+dc/whitelist'
Jan 26 12:16:08 sv1 pve-firewall[4109]: /etc/pve/firewall/cluster.fw (line 21) - errors in rule parameters: IN Ping(ACCEPT) -source +dc/whitelist -log nolog
Jan 26 12:16:08 sv1 pve-firewall[4109]:   source: invalid ipset name '+dc/whitelist'
Jan 26 12:16:08 sv1 pve-firewall[4109]: /etc/pve/firewall/cluster.fw (line 22) - errors in rule parameters: IN ACCEPT -source +dc/whitelist -p tcp -dport 800>
Jan 26 12:16:08 sv1 pve-firewall[4109]:   source: invalid ipset name '+dc/whitelist'
Jan 26 12:16:08 sv1 pve-firewall[4109]: /etc/pve/firewall/cluster.fw (line 23) - errors in rule parameters: IN SSH(ACCEPT) -source +dc/whitelist -log nolog
Jan 26 12:16:08 sv1 pve-firewall[4109]:   source: invalid ipset name '+dc/whitelist'
Jan 26 12:16:08 sv1 pve-firewall[4109]: /etc/pve/firewall/cluster.fw (line 25) - errors in rule parameters: IN HTTPS(ACCEPT) -source +dc/whitelist -log nolog
Jan 26 12:16:08 sv1 pve-firewall[4109]:   source: invalid ipset name '+dc/whitelist'
jiangcuo commented 7 months ago

Enable ipset in kernel config

liberodark commented 6 months ago

Yes that have been made same as official PVE. But that not fix my issue that why im asking here.

That is example of my config

CONFIG_IP_SET=m
CONFIG_IP_SET_BITMAP_IP=m
CONFIG_IP_SET_BITMAP_IPMAC=m
CONFIG_IP_SET_BITMAP_PORT=m
CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPMAC=m
CONFIG_IP_SET_HASH_IPMARK=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
CONFIG_IP_SET_HASH_MAC=m
CONFIG_IP_SET_HASH_NET=m
CONFIG_IP_SET_HASH_NETIFACE=m
CONFIG_IP_SET_HASH_NETNET=m
CONFIG_IP_SET_HASH_NETPORT=m
CONFIG_IP_SET_HASH_NETPORTNET=m
CONFIG_IP_SET_LIST_SET=m

PS : Also have test : https://mirrors.apqa.cn/proxmox/debian/kernel/dists/sid/port/binary-riscv64/linux-image-5.15.0-pve_5.15.0-pve-9_riscv64.deb Have same issue.

liberodark commented 6 months ago

Ok for support that is needed to upgrade pve-firewall: 4.1-4 to pve-firewall: 5.0.3

liberodark commented 6 months ago

I confirm the pve-firewall 5.0.3 fix the issue Have build the package on my side.

OfficialMuffin commented 6 months ago

I have pve-firewall: 5.0.3 installed. I am still getting the same error. I am using the CIDR notation in the source box.

liberodark commented 6 months ago

What is your hardware ? @OfficialMuffin