pass ipset errors to GUI

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 8407e3cc8b4b344980f97837380969e9b0af829e..b2bcc32e5ca685cfafd84cc05019094c3ee6a925 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2269,23 +2269,28 @@ sub generic_fw_config_parser {
            $line =~ m/^(\!)?\s*(\S+)\s*$/;
            my $nomatch = $1;
            my $cidr = $2;
            $line =~ m/^(\!)?\s*(\S+)\s*$/;
            my $nomatch = $1;
            my $cidr = $2;

+           my $errors;
+
+           if ($nomatch && !$feature_ipset_nomatch) {
+               $errors->{nomatch} = "nomatch not supported by kernel";
+           }

 
            eval { 
                if ($cidr =~ m/^${ip_alias_pattern}$/) {
                    resolve_alias($cluster_conf, $res, $cidr); # make sure alias exists
                } else {
                    $cidr =~ s|/32$||;
 
            eval { 
                if ($cidr =~ m/^${ip_alias_pattern}$/) {
                    resolve_alias($cluster_conf, $res, $cidr); # make sure alias exists
                } else {
                    $cidr =~ s|/32$||;

-                   pve_verify_ipv4_or_cidr($cidr);
+                   pve_verify_ipv4_or_cidr_or_alias($cidr);

                }
            };
            if (my $err = $@) {
                }
            };
            if (my $err = $@) {

-               warn "$prefix: $cidr - $err";
-               next;
+               $errors->{cidr} = $err;

            }
 
            my $entry = { cidr => $cidr };
            $entry->{nomatch} = 1 if $nomatch;
            $entry->{comment} = $comment if $comment;
            }
 
            my $entry = { cidr => $cidr };
            $entry->{nomatch} = 1 if $nomatch;
            $entry->{comment} = $comment if $comment;

+           $entry->{errors} =  $errors if $errors;

 
            push @{$res->{$section}->{$group}}, $entry;
        } else {
 
            push @{$res->{$section}->{$group}}, $entry;
        } else {