From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 28 Nov 2014 07:01:52 +0000 (+0100)
Subject: verify_rule: correctly set ipversion for aliases
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=eea9d2a1b76524876e3b84442e9c3db521fe7a66

verify_rule: correctly set ipversion for aliases
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1fbd403..f4b199b 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1217,6 +1217,16 @@ sub verify_rule {
 	$errors->{$param} = $msg if !$errors->{$param};
     };
 
+    my $ipversion;
+    my $set_ip_version = sub {
+	my $vers = shift;
+	if ($vers) {
+	    die "detected mixed ipv4/ipv6 adresses in rule\n"
+		if $ipversion && ($vers != $ipversion);
+	    $ipversion = $vers;
+	}
+    };
+
     my $check_ipset_or_alias_property = sub {
 	my ($name, $expected_ipversion) = @_;
 
@@ -1237,8 +1247,7 @@ sub verify_rule {
 		my $e = $fw_conf->{aliases}->{$alias} if $fw_conf;
 		$e = $cluster_conf->{aliases}->{$alias} if !$e && $cluster_conf;
 
-		die "detected mixed ipv4/ipv6 adresses in rule\n"
-		    if $expected_ipversion && ($expected_ipversion != $e->{ipversion});
+		&$set_ip_version($e->{ipversion});
 	    }
 	}
     };
@@ -1285,16 +1294,6 @@ sub verify_rule {
 	}
     }
 
-    my $ipversion;
-    my $set_ip_version = sub {
-	my $vers = shift;
-	if ($vers) {
-	    die "detected mixed ipv4/ipv6 adresses in rule\n"
-		if $ipversion && ($vers != $ipversion);
-	    $ipversion = $vers;
-	}
-    };
-
     if ($rule->{proto}) {
 	eval { pve_fw_verify_protocol_spec($rule->{proto}); };
 	&$add_error('proto', $@) if $@;