[pve-devel] [PATCH 17/19] fix ip6tables for venet0 ips
Alexandre Derumier
aderumier at odiso.com
Wed Jul 16 01:14:33 CEST 2014
We need to check also the ipversion of venet0,
to avoid to try to create ipv4 rules in ip6tables
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
src/PVE/Firewall.pm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 9248ced..06a02ee 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3105,7 +3105,7 @@ sub compile_iptables_filter {
if ($conf->{ip_address} && $conf->{ip_address}->{value}) {
my $ip = $conf->{ip_address}->{value};
$ip =~ s/\s+/,/g;
- parse_address_list($ip); # make sure we have a valid $ip list
+ my $ipvers = parse_address_list($ip); # make sure we have a valid $ip list
my @ips = split(',', $ip);
@@ -3115,6 +3115,8 @@ sub compile_iptables_filter {
push @{$cluster_conf->{ipset}->{venet0}}, $venet0ipset;
}
+ next if $ipvers ne $ipversion;
+
generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip, 'IN', $ipversion);
generate_venet_rules_direction($ruleset, $cluster_conf, $vmfw_conf, $vmid, $ip, 'OUT', $ipversion);
}
--
1.7.10.4
More information about the pve-devel
mailing list