From eea9d2a1b76524876e3b84442e9c3db521fe7a66 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 28 Nov 2014 08:01:52 +0100
Subject: [PATCH 1/1] verify_rule: correctly set ipversion for aliases

---
 src/PVE/Firewall.pm | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1fbd403..f4b199b 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1217,6 +1217,16 @@ sub verify_rule {
 	$errors->{$param} = $msg if !$errors->{$param};
     };
 
+    my $ipversion;
+    my $set_ip_version = sub {
+	my $vers = shift;
+	if ($vers) {
+	    die "detected mixed ipv4/ipv6 adresses in rule\n"
+		if $ipversion && ($vers != $ipversion);
+	    $ipversion = $vers;
+	}
+    };
+
     my $check_ipset_or_alias_property = sub {
 	my ($name, $expected_ipversion) = @_;
 
@@ -1237,8 +1247,7 @@ sub verify_rule {
 		my $e = $fw_conf->{aliases}->{$alias} if $fw_conf;
 		$e = $cluster_conf->{aliases}->{$alias} if !$e && $cluster_conf;
 
-		die "detected mixed ipv4/ipv6 adresses in rule\n"
-		    if $expected_ipversion && ($expected_ipversion != $e->{ipversion});
+		&$set_ip_version($e->{ipversion});
 	    }
 	}
     };
@@ -1285,16 +1294,6 @@ sub verify_rule {
 	}
     }
 
-    my $ipversion;
-    my $set_ip_version = sub {
-	my $vers = shift;
-	if ($vers) {
-	    die "detected mixed ipv4/ipv6 adresses in rule\n"
-		if $ipversion && ($vers != $ipversion);
-	    $ipversion = $vers;
-	}
-    };
-
     if ($rule->{proto}) {
 	eval { pve_fw_verify_protocol_spec($rule->{proto}); };
 	&$add_error('proto', $@) if $@;
-- 
2.39.2