From ab9a6ae6fc5e848cfd0b8deb0d25103adf35917f Mon Sep 17 00:00:00 2001 From: Mira Limbeck Date: Mon, 22 Feb 2021 13:00:18 +0100 Subject: [PATCH] fix #2358: allow -- in firewall rule config files The docs mention -- as valid syntax for firewall rules, but the code that parses the .fw files only accepts -. To make it consistent with the docs and the API, also accept --. In addition allow 'proto' as option, not only '-p'. Signed-off-by: Mira Limbeck --- src/PVE/Firewall.pm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 0bbe7d2..92ea33d 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -2747,33 +2747,33 @@ sub parse_fw_rule { last if $rule->{type} eq 'group'; - if ($line =~ s/^-p (\S+)\s*//) { + if ($line =~ s/^(?:-p|--?proto) (\S+)\s*//) { $rule->{proto} = $1; next; } - if ($line =~ s/^-dport (\S+)\s*//) { + if ($line =~ s/^--?dport (\S+)\s*//) { $rule->{dport} = $1; next; } - if ($line =~ s/^-sport (\S+)\s*//) { + if ($line =~ s/^--?sport (\S+)\s*//) { $rule->{sport} = $1; next; } - if ($line =~ s/^-source (\S+)\s*//) { + if ($line =~ s/^--?source (\S+)\s*//) { $rule->{source} = $1; next; } - if ($line =~ s/^-dest (\S+)\s*//) { + if ($line =~ s/^--?dest (\S+)\s*//) { $rule->{dest} = $1; next; } - if ($line =~ s/^-log (emerg|alert|crit|err|warning|notice|info|debug|nolog)\s*//) { + if ($line =~ s/^--?log (emerg|alert|crit|err|warning|notice|info|debug|nolog)\s*//) { $rule->{log} = $1; next; } - if ($line =~ s/^-icmp-type (\S+)\s*//) { + if ($line =~ s/^--?icmp-type (\S+)\s*//) { $rule->{'icmp-type'} = $1; next; } -- 2.39.5