use PVE::Cluster;
use PVE::ProcFSTools;
use PVE::Tools qw($IPV4RE $IPV6RE);
+use PVE::Network;
use File::Basename;
use File::Path;
use IO::File;
my $max_alias_name_length = 64;
my $max_ipset_name_length = 64;
-my $max_group_name_length = 20;
+my $max_group_name_length = 18;
PVE::JSONSchema::register_format('IPorCIDR', \&pve_verify_ip_or_cidr);
sub pve_verify_ip_or_cidr {
return $etc_protocols;
}
-my $ipv4_mask_hash_localnet = {
- '255.255.0.0' => 16,
- '255.255.128.0' => 17,
- '255.255.192.0' => 18,
- '255.255.224.0' => 19,
- '255.255.240.0' => 20,
- '255.255.248.0' => 21,
- '255.255.252.0' => 22,
- '255.255.254.0' => 23,
- '255.255.255.0' => 24,
- '255.255.255.128' => 25,
- '255.255.255.192' => 26,
- '255.255.255.224' => 27,
- '255.255.255.240' => 28,
- '255.255.255.248' => 29,
- '255.255.255.252' => 30,
-};
-
my $__local_network;
sub local_network {
if ($isv6) {
$mask = $entry->{prefix};
} else {
- $mask = $ipv4_mask_hash_localnet->{$entry->{mask}};
+ $mask = $PVE::Network::ipv4_mask_hash_localnet->{$entry->{mask}};
next if !defined($mask);
}
my $cidr = "$entry->{dest}/$mask";
}
# generate firewall rules for QEMU VMs
- foreach my $vmid (keys %{$vmdata->{qemu}}) {
+ foreach my $vmid (sort keys %{$vmdata->{qemu}}) {
eval {
my $conf = $vmdata->{qemu}->{$vmid};
my $vmfw_conf = $vmfw_configs->{$vmid};
return if !$vmfw_conf;
- foreach my $netid (keys %$conf) {
+ foreach my $netid (sort keys %$conf) {
next if $netid !~ m/^net(\d+)$/;
my $net = PVE::QemuServer::parse_net($conf->{$netid});
next if !$net->{firewall};
}
# generate firewall rules for LXC containers
- foreach my $vmid (keys %{$vmdata->{lxc}}) {
+ foreach my $vmid (sort keys %{$vmdata->{lxc}}) {
eval {
my $conf = $vmdata->{lxc}->{$vmid};
my $vmfw_conf = $vmfw_configs->{$vmid};
return if !$vmfw_conf;
if ($vmfw_conf->{options}->{enable}) {
- foreach my $netid (keys %$conf) {
+ foreach my $netid (sort keys %$conf) {
next if $netid !~ m/^net(\d+)$/;
my $net = PVE::LXC::Config->parse_lxc_network($conf->{$netid});
next if !$net->{firewall};
{ cidr => $linklocal },
{ cidr => 'fe80::/10', nomatch => 1 }
];
- if ($net->{ip} =~ m!^($IPV4RE)(?:/\d+)?$!) {
+ if (defined($net->{ip}) && $net->{ip} =~ m!^($IPV4RE)(?:/\d+)?$!) {
push @$set, { cidr => $1 };
}
- if ($net->{ip6} =~ m!^($IPV6RE)(?:/\d+)?$!) {
+ if (defined($net->{ip6}) && $net->{ip6} =~ m!^($IPV6RE)(?:/\d+)?$!) {
push @$set, { cidr => $1 };
}
}