From b33ce1b52082f986a21e8030fef5b80f6bc57005 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 31 Oct 2014 12:03:17 +0100 Subject: [PATCH] fix venet rule generation: venet can have ipv4 and ipv6 address --- src/PVE/Firewall.pm | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index e99019e..40400c8 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -2971,18 +2971,20 @@ sub compile_iptables_filter { if ($conf->{ip_address} && $conf->{ip_address}->{value}) { my $ip = $conf->{ip_address}->{value}; $ip =~ s/\s+/,/g; - parse_address_list($ip); # make sure we have a valid $ip list - my @ips = split(',', $ip); + my @ips = (); - foreach my $singleip (@ips) { - my $venet0ipset = {}; - $venet0ipset->{cidr} = $singleip; - push @{$cluster_conf->{ipset}->{venet0}}, $venet0ipset; + foreach my $singleip (split(',', $ip)) { + my $singleip_ver = parse_address_list($singleip); # make sure we have a valid $ip list + push @{$cluster_conf->{ipset}->{venet0}}, { cidr => $singleip }; + push @ips, $singleip if $singleip_ver == $ipversion; } - generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip, 'IN', $ipversion); - generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip, 'OUT', $ipversion); + if (scalar(@ips)) { + my $ip_list = join(',', @ips); + generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip_list, 'IN', $ipversion); + generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip_list, 'OUT', $ipversion); + } } } -- 2.39.2