sub parse_address_list {
my ($str) = @_;
+ return if $str !~ m/^(\+)(\S+)$/; # ipset ref
+
my $count = 0;
my $iprange = 0;
foreach my $elem (split(/,/, $str)) {
die "no such ipset $2" if !$cluster_conf->{ipset}->{$2};
push @cmd, "-m set --match-set PVEFW-$2 src";
- } elsif ($source =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
+ } elsif ($source =~ m/\-/){
push @cmd, "-m iprange --src-range $source";
} else {
parse_port_name_number_or_range($dport) if defined($dport);
parse_port_name_number_or_range($sport) if defined($sport);
- parse_address_list($source) if $source && $source !~ m/^(\+)(\S+)$/;
- parse_address_list($dest) if $dest && $dest !~ m/^(\+)(\S+)$/;
+ parse_address_list($source) if $source;
+ parse_address_list($dest) if $dest;
return {
type => $type,