From 4803b296c5728bd70bca35bc48279225acf6e453 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 30 May 2014 12:40:25 +0200
Subject: [PATCH] skip non-existent aliases inside ipset configuration

---
 src/PVE/Firewall.pm | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 8f1d6b5..8407e3c 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2270,13 +2270,17 @@ sub generic_fw_config_parser {
 	    my $nomatch = $1;
 	    my $cidr = $2;
 
-	    if($cidr !~ m/^${ip_alias_pattern}$/) {
-		$cidr =~ s|/32$||;
-		eval { pve_verify_ipv4_or_cidr($cidr); };
-		if (my $err = $@) {
-		    warn "$prefix: $cidr - $err";
-		    next;
+	    eval { 
+		if ($cidr =~ m/^${ip_alias_pattern}$/) {
+		    resolve_alias($cluster_conf, $res, $cidr); # make sure alias exists
+		} else {
+		    $cidr =~ s|/32$||;
+		    pve_verify_ipv4_or_cidr($cidr);
 		}
+	    };
+	    if (my $err = $@) {
+		warn "$prefix: $cidr - $err";
+		next;
 	    }
 
 	    my $entry = { cidr => $cidr };
-- 
2.39.2