]> git.proxmox.com Git - pve-firewall.git/blobdiff - src/PVE/Firewall.pm
projects / pve-firewall.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
assume rule is enabled if {enable} is not defined
[pve-firewall.git] / src / PVE / Firewall.pm
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 646d1a9953b5aca7edf5c51460a99201c1418462..160e32b3d6cf7aff8e1d2e436478d0b445430dc0 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -765,7 +765,7 @@ sub iptables_rule_exist {
 sub ruleset_generate_cmdstr {
     my ($ruleset, $chain, $rule, $actions, $goto) = @_;
 
-    return if !$rule->{enable};
+    return if defined($rule->{enable}) && !$rule->{enable};
 
     my @cmd = ();
 
@@ -970,7 +970,7 @@ sub ruleset_create_vm_chain {
 
     if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
        if ($direction eq 'OUT') {
-           ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 68 --dport 67 -j PVEFW-SET-ACCEPT-MARK");
+           ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 68 --dport 67 -g PVEFW-SET-ACCEPT-MARK");
        } else {
            ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 67 --dport 68 -j ACCEPT");
        }
Firewall test scripts