X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=6d4127e8585917c51c841497959d902a8a8620cd;hp=83a9921774fc2354030bf0203ea4b8682022cbae;hb=5b7974dfa29048836d6ca5f66a05c96e54732cbf;hpb=d72beb8eaf0ae633e4d05268b96b451fa8a81aaa

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 83a9921..6d4127e 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -767,12 +767,28 @@ sub add_rule_properties {
     my ($properties) = @_;
 
     foreach my $k (keys %$rule_properties) {
-	$properties->{$k} = $rule_properties->{$k};
+	my $h = $rule_properties->{$k};
+	# copy data, so that we can modify later without side effects
+	foreach my $opt (keys %$h) { $properties->{$k}->{$opt} = $h->{$opt}; }
     }
 
     return $properties;
 }
 
+sub delete_rule_properties {
+    my ($rule, $delete_str) = @_;
+    
+    foreach my $opt (PVE::Tools::split_list($delete_str)) {
+	raise_param_exc({ 'delete' => "no such property ('$opt')"})
+	    if !defined($rule_properties->{$opt});
+	raise_param_exc({ 'delete' => "unable to delete required property '$opt'"})
+	    if $opt eq 'type' || $opt eq 'action';
+	delete $rule->{$opt};
+    }
+
+    return $rule;
+}
+
 sub copy_rule_data {
     my ($rule, $param) = @_;
 
@@ -952,7 +968,7 @@ sub ruleset_generate_cmdstr {
 	    die "no such ipset $2" if !$cluster_conf->{ipset}->{$2};
 	    push @cmd, "-m set --match-set PVEFW-$2 src";
 
-        } elsif ($source =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
+        } elsif ($source =~ m/\-/){
 	    push @cmd, "-m iprange --src-range $source";
 
 	} else {