fix invalid vmfw config being interpreted as enabled

MAC filter was enabled as long as the VM firewall config existed even
with an invalid config.

With this change the check now matches the one for CTs.

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index e2331d865808154f9685e0cb2d678b53768215ff..3c6f0df11cdea1abb0abaafafd6102ab8167074d 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3964,7 +3964,7 @@ sub compile_ebtables_filter {
        eval {
            my $conf = $vmdata->{qemu}->{$vmid};
            my $vmfw_conf = $vmfw_configs->{$vmid};
        eval {
            my $conf = $vmdata->{qemu}->{$vmid};
            my $vmfw_conf = $vmfw_configs->{$vmid};

-           return if !$vmfw_conf;
+           return if !$vmfw_conf || !$vmfw_conf->{options}->{enable};

            my $ipsets = $vmfw_conf->{ipset};
 
            foreach my $netid (sort keys %$conf) {
            my $ipsets = $vmfw_conf->{ipset};
 
            foreach my $netid (sort keys %$conf) {