X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=b08cea57312b9e6a54680e24abced4e4de4c47be;hp=f84e6d9b0852228e3f352b65b288913d3e702aa9;hb=0398480886f82189988edcd00fa20683cbbed4ce;hpb=255698f65192e736708f123d380bbed2aa8c3eac

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index f84e6d9..b08cea5 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2387,10 +2387,10 @@ sub generate_tap_rules_direction {
     # plug the tap chain to bridge chain
     if ($direction eq 'IN') {
 	ruleset_addrule($ruleset, "PVEFW-FWBR-IN",
-			"-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain", $loglevel, 'FWBR-IN: ', $vmid);
+			"-m physdev --physdev-is-bridged --physdev-out $iface", "-j $tapchain");
     } else {
 	ruleset_addrule($ruleset, "PVEFW-FWBR-OUT",
-			"-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain", $loglevel, 'FWBR-OUT: ', $vmid);
+			"-m physdev --physdev-is-bridged --physdev-in $iface", "-j $tapchain");
     }
 }
 
@@ -3782,7 +3782,7 @@ sub compile_ebtables_filter {
 			push(@$arpfilter, $ip);
 		    }
 		}
-		if (my $ip = $net->{ip} && $vmfw_conf->{options}->{ipfilter}) {
+		if (defined(my $ip = $net->{ip}) && $vmfw_conf->{options}->{ipfilter}) {
 		    # ebtables changes this to a .0/MASK network but we just
 		    # want the address here, no network - see #2193
 		    $ip =~ s|/(\d+)$||;