followup: do not replace original variable content

this could be confusing, if someone adds code which uses $net->{ip}
it may work for the case were ipfilter is off but not else (which may
not get tested), so keep the original $net intact and copy the scalar
value..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index e46a3b1716fef8665a0c17c472b651ab0a0cca47..f84e6d9b0852228e3f352b65b288913d3e702aa9 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3782,11 +3782,11 @@ sub compile_ebtables_filter {
                        push(@$arpfilter, $ip);
                    }
                }
                        push(@$arpfilter, $ip);
                    }
                }

-               if ($net->{ip} && $vmfw_conf->{options}->{ipfilter}) {
+               if (my $ip = $net->{ip} && $vmfw_conf->{options}->{ipfilter}) {

                    # ebtables changes this to a .0/MASK network but we just
                    # want the address here, no network - see #2193
                    # ebtables changes this to a .0/MASK network but we just
                    # want the address here, no network - see #2193

-                   $net->{ip} =~ s|/(\d+)$||;
-                   push @$arpfilter, $net->{ip};
+                   $ip =~ s|/(\d+)$||;
+                   push @$arpfilter, $ip;

                }
                generate_tap_layer2filter($ruleset, $iface, $macaddr, $vmfw_conf, $vmid, $arpfilter);
            }
                }
                generate_tap_layer2filter($ruleset, $iface, $macaddr, $vmfw_conf, $vmid, $arpfilter);
            }