X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=f4f0ccc7ea6e42db221c22b348201702d787f0f1;hb=d72c631cacc2112f1ace652adf5d0283ac087b37;hp=99afc57862d8a6239a963dbed831bba3f4dbcf7e;hpb=ddf1e07dce58c742826f89811396050e78f07e72;p=pve-firewall.git

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 99afc57..f4f0ccc 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1960,7 +1960,7 @@ sub parse_host_fw_rules {
 	push @{$res->{$section}}, $rule;
     }
 
-$res->{digest} = $digest->b64digest;
+    $res->{digest} = $digest->b64digest;
 
     return $res;
 }
@@ -1976,7 +1976,8 @@ sub parse_cluster_fw_rules {
 	options => {}, 
 	groups => {}, 
 	group_comments => {}, 
-	ipset => {} 
+	ipset => {} ,
+	ipset_comments => {}, 
     };
 
     my $digest = Digest::SHA->new('sha1');
@@ -2009,10 +2010,12 @@ sub parse_cluster_fw_rules {
 	    next;
 	}
 
-	if ($line =~ m/^\[ipset\s+(\S+)\]\s*$/i) {
+	if ($line =~ m/^\[ipset\s+(\S+)\]\s*(?:#\s*(.*?)\s*)?$/i) {
 	    $section = 'ipset';
 	    $group = lc($1);
+	    my $comment = $2;
 	    $res->{$section}->{$group} = [];
+	    $res->{ipset_comments}->{$group} = $comment if $comment;
 	    next;
 	}
 
@@ -2403,7 +2406,11 @@ sub save_clusterfw_conf {
     $raw .= &$format_options($options) if scalar(keys %$options);
 
     foreach my $ipset (sort keys %{$cluster_conf->{ipset}}) {
-	$raw .= "[IPSET $ipset]\n\n";
+	if (my $comment = $cluster_conf->{ipset_comments}->{$ipset}) {
+	    $raw .= "[IPSET $ipset] # $comment\n\n";
+	} else {
+	    $raw .= "[IPSET $ipset]\n\n";
+	}
 	my $options = $cluster_conf->{ipset}->{$ipset};
 	$raw .= &$format_ipset($options);
 	$raw .= "\n";