X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=16d73011e299489ad63ab7e05cbcafb40e6aad9d;hb=a9c463ce6917bcccd012bcfc37b1c756a16958cc;hp=ef724a7085871580b7bc11807fb29699827561a3;hpb=81a0a9ffb7acc40a1e39e8253adaad3622010159;p=pve-firewall.git

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ef724a7..16d7301 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2473,14 +2473,11 @@ sub enable_host_firewall {
 
 	PVE::Corosync::for_all_corosync_addresses($corosync_conf, $ipversion, sub {
 	    my ($node_name, $node_ip, $node_ipversion, $key) = @_;
+	    my $destination = $corosync_local_addresses->{$key};
 
-	    if ($node_name ne $local_hostname) {
-		my $destination = $corosync_local_addresses->{$key};
-
+	    if ($node_name ne $local_hostname && defined($destination)) {
 		# accept only traffic on same ring
-		if (defined($destination)) {
-		    ruleset_addrule($ruleset, $chain, "-d $destination -s $node_ip $corosync_rule", "-j $accept_action");
-		}
+		ruleset_addrule($ruleset, $chain, "-d $destination -s $node_ip $corosync_rule", "-j $accept_action");
 	    }
 	});
     }
@@ -2542,14 +2539,11 @@ sub enable_host_firewall {
 
 	PVE::Corosync::for_all_corosync_addresses($corosync_conf, $ipversion, sub {
 	    my ($node_name, $node_ip, $node_ipversion, $key) = @_;
+	    my $source = $corosync_local_addresses->{$key};
 
-	    if ($node_name ne $local_hostname) {
-		my $source = $corosync_local_addresses->{$key};
-
+	    if ($node_name ne $local_hostname && defined($source)) {
 		# accept only traffic on same ring
-		if (defined($source)) {
-		    ruleset_addrule($ruleset, $chain, "-s $source -d $node_ip $corosync_rule", "-j $accept_action");
-		}
+		ruleset_addrule($ruleset, $chain, "-s $source -d $node_ip $corosync_rule", "-j $accept_action");
 	    }
 	});
     }