pass $ruleset instead of $rule

[pve-firewall.git] / PVE / Firewall.pm

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 2c5e6b4e27408d0281a3f525a953809cf59bcc4e..d266bd66fc325088dbe453c6d588be05d1125407 100644 (file)
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -258,6 +258,8 @@ sub ruleset_generate_rule {
 sub ruleset_create_chain {
     my ($ruleset, $chain) = @_;
 
+    die "Invalid chain name '$chain' (28 char max)\n" if length($chain) > 28;
+
     die "chain '$chain' already exists\n" if $ruleset->{$chain};
 
     $ruleset->{$chain} = [];
@@ -448,7 +450,7 @@ sub generate_group_rules {
             # we go the PVEFW-BRIDGE-IN because we need to check also other tap rules 
             # (and group rules can be set on any bridge, so we can't go to VMBRXX-IN)
             $rule->{action} = 'PVEFW-BRIDGE-IN' if $rule->{action} eq 'ACCEPT';
-            ruleset_generate_rule($rule, $chain, $rule);
+            ruleset_generate_rule($ruleset, $chain, $rule);
         }
     }
 }