From a589b6acd93aeee0d7d49ff48a27708f39852bff Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 30 Oct 2014 12:58:09 +0100
Subject: [PATCH] parse_address_list: make sure we only have one type of
 addresses (ipv4 or ipv6)

---
 src/PVE/Firewall.pm | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ad52ee7..37dbcb0 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -802,7 +802,7 @@ sub parse_address_list {
 
     my $count = 0;
     my $iprange = 0;
-    my $ipversion = undef;
+    my $ipversion;
 
     foreach my $elem (split(/,/, $str)) {
 	$count++;
@@ -811,10 +811,17 @@ sub parse_address_list {
 	    die "invalid IP address: $err\n";
 	}
 	$iprange = 1 if $elem =~ m/-/;
-	$ipversion = Net::IP::ip_get_version($elem); #fixme : don't work with range
+
+	my $new_ipversion = Net::IP::ip_get_version($elem); #fixme : don't work with range
+
+	die "detected mixed ipv4/ipv6 addresses in address list '$str'\n"
+	    if defined($ipversion) && ($new_ipversion != $ipversion);
+
+	$ipversion = $new_ipversion;
     }
 
     die "you can't use a range in a list\n" if $iprange && $count > 1;
+
     return $ipversion;
 }
 
-- 
2.39.2