I have a problem with IP sets in the Proxmox firewall. When I try to create a group with my three nodes 10.0.90.207,8,9/23, I start with 10.0.90.207/23. However, when I try to add .8/23, it gives me an error saying that the CIDR already exists. Should I enter the IPs without the CIDR?
the ipset already contains all addresses from 10.0.90.1-10.0.91.254 because of the /23 prefix.. if you want to add individual IPs, then you need to use /32 (for IPv4 )
Okay, I understand. To work around the problem, I created aliases like 10.0.90.208/23, etc., and then I put them into an IP set. So, it will create duplicates. Should I put 10.0.90.208/32, etc., in my aliases and then add them to the IP set ?
well, that depends on what the ipset contents should be? do you want to include the whole /23 subnet? then put that in. if you only want to include the three IPs you posted above, then just put those IPs in it (with /32 or no prefix). there is no need for aliases.
well, that depends on what the ipset contents should be? do you want to include the whole /23 subnet? then put that in. if you only want to include the three IPs you posted above, then just put those IPs in it (with /32 or no prefix). there is no need for aliases.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.