foreach my $elem (split(/,/, $str)) {
$count++;
- if (!Net::IP->new($elem)) {
+ my $ip = Net::IP->new($elem);
+ if (!$ip) {
my $err = Net::IP::Error();
die "invalid IP address: $err\n";
}
$iprange = 1 if $elem =~ m/-/;
- my $new_ipversion = Net::IP::ip_get_version($elem); #fixme : don't work with range
+ my $new_ipversion = Net::IP::ip_is_ipv6($ip->ip()) ? 6 : 4;
die "detected mixed ipv4/ipv6 addresses in address list '$str'\n"
if defined($ipversion) && ($new_ipversion != $ipversion);
my ($rule, $cluster_conf, $fw_conf, $rule_env, $noerr) = @_;
my $allow_groups = $rule_env eq 'group' ? 0 : 1;
- my $ipversion = undef;
my $allow_iface = $rule_env_iface_lookup->{$rule_env};
die "unknown rule_env '$rule_env'\n" if !defined($allow_iface); # should not happen
if !$rule->{proto};
}
+ my $ipversion;
+
if ($rule->{source}) {
eval { $ipversion = parse_address_list($rule->{source}); };
&$add_error('source', $@) if $@;
}
if ($rule->{dest}) {
- eval { $ipversion = parse_address_list($rule->{dest}); };
+ eval {
+ my $dest_ipversion = parse_address_list($rule->{dest});
+ die "detected mixed ipv4/ipv6 adresses in rule\n"
+ if defined($ipversion) && ($dest_ipversion != $ipversion);
+ $ipversion = $dest_ipversion;
+ };
&$add_error('dest', $@) if $@;
&$check_ipset_or_alias_property('dest');
}
projects / pve-firewall.git / blobdiff