From b14db52fbd10eb4c4a61331fd2f33520272b9a43 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 29 Nov 2016 12:06:22 +0100 Subject: [PATCH] ipsets: catch zero-prefix entries This way the error is visible with pve-firewall compile without breaking the rest. --- src/PVE/Firewall.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index ef74ca2..c7d90f8 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -2773,6 +2773,10 @@ sub generic_fw_config_parser { $errors->{cidr} = $err; } + if ($cidr =~ m!/0+$!) { + $errors->{cidr} = "a zero prefix is not allowed in ipset entries\n"; + } + my $entry = { cidr => $cidr }; $entry->{nomatch} = 1 if $nomatch; $entry->{comment} = $comment if $comment; -- 2.39.2