Am 15.07.2014 11:41, schrieb Alexandre DERUMIER: >>> But swap fails due to type missmatch. First one is hash:net and 2nd one >>> is list:set. > > Are you sure it was not a previously generated PVEFW-0-venet0, before > applying my patches ? > > can you try to force a > > iptables -F > iptables -X > ipset -F > ipset -X
Didn't work. Said kernel has that one in use. But after a reboot the ipset problem is fixed. Now i get: pve-firewall start -debug 1 ebtables : unable to update chain 'PVEFW-FWBR-OUT' ebtables : unable to update chain 'PVEFW-FWBR-OUT' ebtables : unable to update chain 'tap103i0-OUT' ebtables : unable to update chain 'tap103i0-OUT' ebtables : unable to update chain 'tap103i0-OUT' ebtables : unable to update chain 'tap103i0-OUT' will debug this one now. Stefan > ----- Mail original ----- > > De: "Stefan Priebe - Profihost AG" <[email protected]> > À: "Alexandre Derumier" <[email protected]>, [email protected] > Envoyé: Mardi 15 Juillet 2014 11:35:59 > Objet: Re: [pve-devel] pve-firewall : ebtables > > > Am 15.07.2014 10:48, schrieb Stefan Priebe - Profihost AG: >> >> Am 15.07.2014 06:39, schrieb Alexandre Derumier: >>> Hi, >>> here the ebtables patches, details are in commits. >>> >>> Please comment, feel free to change and adapt them. > > > The code generates the following ipset stuff: > > Name: PVEFW-0-venet0 > Type: hash:net > Header: family inet hashsize 64 maxelem 64 > Size in memory: 1424 > References: 4 > Members: > > later it tries this > input destroy PVEFW-0-venet0_swap > create PVEFW-0-venet0_swap list:set size 4 > swap PVEFW-0-venet0_swap PVEFW-0-venet0 > flush PVEFW-0-venet0_swap > destroy PVEFW-0-venet0_swap > > > But swap fails due to type missmatch. First one is hash:net and 2nd one > is list:set. > > > > Stefan > _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
