use 'all' instead of 'any'

[pve-firewall.git] / PVE / Firewall.pm

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 8be0c33005de8a6ac28d4f6f9c4f5facdbd9f9f6..7ff4ddf52acce5e97338f2849490fad23caabcbd 100644 (file)
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -50,7 +50,7 @@ my $generate_input_rule = sub {
            $source = "${zoneref}:$rule->{source}";
        }
     } else {
-       $source = "any:$rule->{source}";
+       $source = "all:$rule->{source}";
     }
 
     return sprintf($rule_format, $action, $source, $dest, $rule->{proto} || '-', 
@@ -70,9 +70,9 @@ my $generate_output_rule = sub {
     my $dest;
 
     if (!$rule->{dest}) {
-       $dest = 'any';
+       $dest = 'all';
     } else {
-       $dest = "any:$rule->{dest}";
+       $dest = "all:$rule->{dest}";
     }
 
     return sprintf($rule_format, $action, "$zid:$tap", $dest, 
@@ -299,7 +299,7 @@ sub compile {
            foreach my $rule (@$inrules) {
                foreach my $netid (keys %{$netinfo->{$vmid}}) {
                    my $net = $netinfo->{$vmid}->{$netid};
-                   next if !($rule->{iface} eq 'any' || $rule->{iface} eq $netid);
+                   next if $rule->{iface} && $rule->{iface} ne $netid;
                    $out .= &$generate_input_rule($zoneinfo, $rule, $net, $netid);
                }
            }
@@ -310,7 +310,7 @@ sub compile {
            foreach my $rule (@$outrules) {
                foreach my $netid (keys %{$netinfo->{$vmid}}) {
                    my $net = $netinfo->{$vmid}->{$netid};
-                   next if !($rule->{iface} eq 'any' || $rule->{iface} eq $netid);
+                   next if $rule->{iface} && $rule->{iface} ne $netid;
                    $out .= &$generate_output_rule($zoneinfo, $rule, $net, $netid);
                }
            }