From 64147cd24e84c09605633a8cec4aae5f39c4f903 Mon Sep 17 00:00:00 2001
From: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
Date: Mon, 28 Apr 2025 19:12:25 -0400
Subject: [PATCH] fix(firewall): prevent reordering of CIDRs in `ipset`
 resource with mixed IPv4/IPv6 (#1935)

Signed-off-by: Pavel Boldyrev <627562+bpg@users.noreply.github.com>
---
 fwprovider/test/resource_firewall_test.go | 26 +++++++++++++++++++++++
 proxmoxtf/resource/firewall/ipset.go      |  1 +
 2 files changed, 27 insertions(+)

diff --git a/fwprovider/test/resource_firewall_test.go b/fwprovider/test/resource_firewall_test.go
index a875b866..793130b6 100644
--- a/fwprovider/test/resource_firewall_test.go
+++ b/fwprovider/test/resource_firewall_test.go
@@ -47,6 +47,32 @@ func TestAccResourceClusterFirewall(t *testing.T) {
 				}),
 			),
 		}}},
+		{"ipset with ipV4 and ipV6 cidrs", []resource.TestStep{{
+			Config: te.RenderConfig(`
+			resource "proxmox_virtual_environment_firewall_ipset" "ipset" {
+				name = "test"
+				cidr {
+					name    = "192.168.0.0/24"
+					comment = "Local IPv4"
+				}
+				cidr {
+					name    = "2001:db8:ab21:7b00::/64"
+					comment = "LAN IPv6"
+				}
+				cidr {
+					name    = "172.10.0.0/24"
+					comment = "ext IPv4"
+				}
+				cidr {
+					name    = "2001:db8:5a93:1e00::/64"
+					comment = "ext IPv6"
+				}
+				cidr {
+					name    = "2001:0DB8:91AA:7C30::1"
+					comment = "ext 2 IPv6"
+				}
+			}`),
+		}}},
 	}
 
 	for _, tt := range tests {
diff --git a/proxmoxtf/resource/firewall/ipset.go b/proxmoxtf/resource/firewall/ipset.go
index 27076633..4e9594d0 100644
--- a/proxmoxtf/resource/firewall/ipset.go
+++ b/proxmoxtf/resource/firewall/ipset.go
@@ -52,6 +52,7 @@ func IPSet() *schema.Resource {
 			DefaultFunc: func() (interface{}, error) {
 				return []interface{}{}, nil
 			},
+			DiffSuppressFunc: structure.SuppressIfListsOfMapsAreEqualIgnoringOrderByKey(mkIPSetCIDRName),
 			Elem: &schema.Resource{
 				Schema: map[string]*schema.Schema{
 					mkIPSetCIDRName: {