ruleset_generate_vm_rules: skip rules with errors
authorDietmar Maurer <dietmar@proxmox.com>
Mon, 26 May 2014 10:46:27 +0000 (12:46 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Mon, 26 May 2014 10:46:27 +0000 (12:46 +0200)
src/PVE/Firewall.pm

index 5f96c8a..f2f5331 100644 (file)
@@ -1610,7 +1610,7 @@ sub ruleset_generate_vm_rules {
 
     foreach my $rule (@$rules) {
        next if $rule->{iface} && $rule->{iface} ne $netid;
-       next if !$rule->{enable};
+       next if !$rule->{enable} || $rule->{errors};
        if ($rule->{type} eq 'group') {
            ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, $direction,
                                   $direction eq 'OUT' ? 'RETURN' : $in_accept);