friendly-bits

I'm not sure if updating the wmem_max value takes immediate effect inside the container. One thing you could try would be restarting the container after issuing the command `sudo sysctl...

Glad you got it working! No need to buy a coffee. Your research may help other people and that's a welcome contribution. I'll link to this issue somewhere in the...

Hi @patanne, are you getting the same error `netlink: Error: Could not process rule: Message too long`? If so, could you try with only one country code, and pick some...

I took a brief look at Proxmox documentation and they regard nftables support as "tech preview" and "not suited for production use": [link](https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_nft). So I wonder if configuring geoip-shell to...

Good to know that using iptables works around the issue. I think this is a good reason to report a bug to the netlink developers: > https://bugzilla.kernel.org/ (You will need...

Also @patanne, could you specify which packages you installed besides `ipset`? This may help other people having a similar issue.

@patanne thank you for the research. In the meantime, I'm thinking to implement a more nuanced approach to setting the default firewall backend utility. Currently the code simply checks whether...

Hi @patanne, thank you for the information. I've had 0 experience with Proxmox or LXC until a few hours ago, but now I installed Proxmox and created a Debian Bookworm...

> When I last tested geoip-shell with nftables, a few weeks ago, Proxmox was still at version 8.3.1. nftables was still failing for me at that time. To clarify: was...

So to me this sounds like regardless of nesting, currently one can only load large nft sets when using a privileged container (at least with nftables versions lower than 1.0.8)....