[IPSET ipfilter-net0] - not working unless I add vm specific firewall rule to only allow traffic from the IPSET

[lina]

The fix for the issue with packets sometimes passing has been merged into upstream [1] and we are working on backporting it [2]. I will also look into the nomatch-logic issue this week.

[1] https://lore.kernel.org/netfilter-d.../T/#m3abf2ea4b93935387a14f61dce430a17acec6446
[2] https://lore.proxmox.com/pve-devel/20250911100555.63174-1-g.goller@proxmox.com/

Hello, please tell me, did you manage to resolve everything?

 

[shanreich]

Hello, please tell me, did you manage to resolve everything?

Yes, the fix should be included in the Kernel 6.14.11-3-pve or 6.17.2-1-pve

 

[lina]

Yes, the fix should be included in the Kernel 6.14.11-3-pve or 6.17.2-1-pve

Is 6.17.2-1-pve only available in version 9? What should those on version 8 do?

 

[shanreich]

Is 6.17.2-1-pve only available in version 9? What should those on version 8 do?

They're currently not backported for version 8, I'll check if we can do that.