followup: code cleanup and comment

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index e6791278ecc1fec1e8f4b6dda37b97d577a0ae30..e46a3b1716fef8665a0c17c472b651ab0a0cca47 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3782,9 +3782,11 @@ sub compile_ebtables_filter {
                        push(@$arpfilter, $ip);
                    }
                }
                        push(@$arpfilter, $ip);
                    }
                }

-               if($net->{ip} && $vmfw_conf->{options}->{ipfilter}) {
+               if ($net->{ip} && $vmfw_conf->{options}->{ipfilter}) {
+                   # ebtables changes this to a .0/MASK network but we just
+                   # want the address here, no network - see #2193

                    $net->{ip} =~ s|/(\d+)$||;
                    $net->{ip} =~ s|/(\d+)$||;

-                   push(@$arpfilter, $net->{ip});
+                   push @$arpfilter, $net->{ip};

                }
                generate_tap_layer2filter($ruleset, $iface, $macaddr, $vmfw_conf, $vmid, $arpfilter);
            }
                }
                generate_tap_layer2filter($ruleset, $iface, $macaddr, $vmfw_conf, $vmid, $arpfilter);
            }