Update:
Upon further investigation, I discovered that the error message "value
does not look like a valid IP address or CIDR network" also occurs on
functioning PVE 7.xx systems. It appears that these messages are
unrelated to the current issue. However, they can cause confusion when
troubleshooting firewall-related problems and should also be addressed.
The actual problem lies in the fact that when a global IP set is defined
at the datacenter level, which includes aliases with the prefixes "dc/"
or "guest/", the rules fail to work, also resulting in the following
error messages:
no such alias 'xxx'
no such alias 'yyy'
Best regards
Patrick
On 7/9/23 21:11, Patrick Velder wrote:
Hello,
Since the upgrade to PVE 8, there appears to be a problem with the
combination of ipset and alias. When checking the firewall status
using the command "pve-firewall status," I receive the error message
"value does not look like a valid IP address or CIDR network" repeated
multiple times. Despite attempting to downgrade to
pve-firewall_4.3-2_amd64.deb, the issue remains unresolved.
To further investigate and find a potential solution, I recommend
checking the following forum threads:
*
https://forum.proxmox.com/threads/pve-8-pve-firewall-status-no-such-alias.130202/
*
https://forum.proxmox.com/threads/ipset-not-working-for-accepting-cluster-traffic.129599/
Is that a known issue and is there maybe a workaround, since many
rules stopped working?
Thanks and best regards
Patrick
_______________________________________________
pve-user mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
