X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=8f545e7b439768f11d524e4d1031b9675066fc58;hp=545216724614f3e21e73ef27c3d8eaa7474583f0;hb=fc1f1de97e005b3d84dca3c4723708b24ba2219f;hpb=151c209e05a9e15d5d7a9402391ca936e562a173

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 5452167..8f545e7 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1836,7 +1836,10 @@ sub ebtables_get_chains {
 	my $line = shift;
 	return if $line =~ m/^#/;
 	return if $line =~ m/^\s*$/;
-	if ($line =~ m/^(?:\S+)\s(PVEFW-\S+)\s(?:\S+).*/) {
+	if ($line =~ m/^:(\S+)\s\S+$/) {
+	    # Make sure we know chains exist even if they're empty.
+	    $chains->{$1} //= [];
+	} elsif ($line =~ m/^(?:\S+)\s(PVEFW-\S+)\s(?:\S+).*/) {
 	    my $chain = $1;
 	    $line =~ s/\s+$//;
 	    push @{$chains->{$chain}}, $line;
@@ -2065,7 +2068,9 @@ sub ruleset_addrule {
 	my $logaction = get_log_rule_base($chain, $vmid, $logmsg, $log);
 	push @{$ruleset->{$chain}}, "-A $chain $match $logaction";
    }
-   push @{$ruleset->{$chain}}, "-A $chain $match $action";
+   # for stable ebtables digests avoid double-spaces to match ebtables-save output
+   $match .= ' ' if length($match);
+   push @{$ruleset->{$chain}}, "-A $chain ${match}$action";
 }
 
 sub ruleset_insertrule {