From b7ab6989be1cfbb4a170d1af3d2684dd0753da0b Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 26 May 2014 12:46:27 +0200
Subject: [PATCH] ruleset_generate_vm_rules: skip rules with errors

---
 src/PVE/Firewall.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 5f96c8a..f2f5331 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1610,7 +1610,7 @@ sub ruleset_generate_vm_rules {
 
     foreach my $rule (@$rules) {
 	next if $rule->{iface} && $rule->{iface} ne $netid;
-	next if !$rule->{enable};
+	next if !$rule->{enable} || $rule->{errors};
 	if ($rule->{type} eq 'group') {
 	    ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, $direction,
 				   $direction eq 'OUT' ? 'RETURN' : $in_accept);
-- 
2.39.2