[pve-devel] [PATCH] fix ip6tables for venet0 ips

Alexandre Derumier aderumier at odiso.com
Tue Jul 15 07:11:59 CEST 2014


We need to check also the ipversion of venet0,

to avoid to try to create ipv4 rules in ip6tables

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/Firewall.pm |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 8325b25..a58f815 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3153,7 +3153,7 @@ sub compile_iptables_filter {
 		if ($conf->{ip_address} && $conf->{ip_address}->{value}) {
 		    my $ip = $conf->{ip_address}->{value};
 		    $ip =~ s/\s+/,/g;
-		    parse_address_list($ip); # make sure we have a valid $ip list
+		    my $ipvers = parse_address_list($ip); # make sure we have a valid $ip list
 
 		    my @ips = split(',', $ip);
 
@@ -3163,6 +3163,8 @@ sub compile_iptables_filter {
 			push @{$cluster_conf->{ipset}->{venet0}}, $venet0ipset;
 		    }
 
+		    next if $ipvers ne $ipversion;
+
 		    generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip, 'IN', $ipversion);
 		    generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip, 'OUT', $ipversion);
 		}
-- 
1.7.10.4




More information about the pve-devel mailing list