]> git.proxmox.com Git - pve-firewall.git/commitdiff
projects / pve-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f76f3ca)
fix allowed group name length
authorDominik Csapak <d.csapak@proxmox.com>
Fri, 3 Jun 2016 13:14:24 +0000 (15:14 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Fri, 3 Jun 2016 13:57:16 +0000 (15:57 +0200)
the allowed length for an iptable chain is 28 chars

we had a max set of 20 but a format of
GROUP-<name>-IN and
GROUP-<name>-OUT

where <name> is the group name

but GROUP--OUT are 10 chars so we just allow 18 chars max

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
debian/changelog patch | blob | blame | history
src/PVE/Firewall.pm patch | blob | blame | history

diff --git a/debian/changelog b/debian/changelog
index 451bb31c7b8ef33c220466a42ce2c56c0864c109..b672a626c59ca7ac28fe15c47b04e04541077618 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,10 @@ pve-firewall (2.0-28) unstable; urgency=medium
 
   * use pve-common's ipv4_mask_hash_localnet
 
+  * fix allowed group name length
+
+  * make group digest stable
+
  -- Proxmox Support Team <support@proxmox.com>  Fri, 03 Jun 2016 11:01:47 +0200
 
 pve-firewall (2.0-27) unstable; urgency=medium
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1fa3e708437c56b1f0f3f8087243d252e17c3412..b52d324330e4bf6625ec76029e0eda2903b329af 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -50,7 +50,7 @@ our $ip_alias_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
 
 my $max_alias_name_length = 64;
 my $max_ipset_name_length = 64;
-my $max_group_name_length = 20;
+my $max_group_name_length = 18;
 
 PVE::JSONSchema::register_format('IPorCIDR', \&pve_verify_ip_or_cidr);
 sub pve_verify_ip_or_cidr {
Firewall test scripts