fix max ipset name lenght

author Dietmar Maurer <dietmar@proxmox.com>

Tue, 14 Oct 2014 14:28:44 +0000 (16:28 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 14 Oct 2014 14:28:44 +0000 (16:28 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Tue, 14 Oct 2014 14:28:44 +0000 (16:28 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 14 Oct 2014 14:28:44 +0000 (16:28 +0200)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index 727204a733afd20fe7780456495ecbfd0f388a60..2270ad73eb159bb36699c3e9215c0d632c4cbab4 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -760,7 +760,10 @@ sub local_network {
      return $__local_network;
  }
  
-my $max_iptables_ipset_name_length = 27;
+# ipset names are limited to 31 characters, and we use '_swap' 
+# suffix for atomic update, for example PVEFW-${VMID}-${ipset_name}_swap
+
+my $max_iptables_ipset_name_length = 31 - length("_swap");
  
  sub compute_ipset_chain_name {
      my ($vmid, $ipset_name) = @_;
author	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 14 Oct 2014 14:28:44 +0000 (16:28 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 14 Oct 2014 14:28:44 +0000 (16:28 +0200)