We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If I have an ipset defined in files with fdc8:1324:5678:0::/64, firewalld will return an error on reload like this:
Error: INVALID_ENTRY: Entry 'fdc8:1324:5678::/64' overlaps with existing entry 'fdc8:1324:5678:0::/64'
In that case, firewalld blocks all new connections, locking the machine out of the network.
It should treat both as the same address
Use this ipset and reload firewalld:
<?xml version="1.0" encoding="utf-8"?> <ipset type="hash:net"> <option name="family" value="inet6"/> <entry>fdc8:1324:5678:0::/64</entry> </ipset>
If the ipset was created using the firewall-cmd command, it avoids the issue by compacting the address before writing to the config file.
2.1.1
nftables
OpenSUSE Tumbleweed
6.7.5-1-default
No response
The text was updated successfully, but these errors were encountered:
test(ipset): verify overlap detection for ipv6
1222d53
Coverage: firewalld#1318
I was unable to reproduce this. I created a test case using your XML from above and reload works as expected.
erig0@1222d53
Do you have any more information that can be used to reproduce this?
Sorry, something went wrong.
No branches or pull requests
What happened
If I have an ipset defined in files with fdc8:1324:5678:0::/64, firewalld will return an error on reload like this:
Error: INVALID_ENTRY: Entry 'fdc8:1324:5678::/64' overlaps with existing entry 'fdc8:1324:5678:0::/64'
In that case, firewalld blocks all new connections, locking the machine out of the network.
What you expected to happen
It should treat both as the same address
How to reproduce it (as minimally and precisely as possible)
Use this ipset and reload firewalld:
Anything else we need to know?
If the ipset was created using the firewall-cmd command, it avoids the issue by compacting the address before writing to the config file.
Firewalld Version
2.1.1
Firewalld Backend
nftables
Linux distribution
OpenSUSE Tumbleweed
Linux kernel version
6.7.5-1-default
Other information
No response
The text was updated successfully, but these errors were encountered: