[pve-devel] [PATCH] Added the optional ! (invert sense) of IPs/IPset/range in Firewall rules
Dietmar Maurer
dietmar at proxmox.com
Tue May 12 08:37:34 CEST 2015
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index 2bdff20..a3b4ccb 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -960,6 +960,11 @@ sub compute_ipfilter_ipset_name {
> sub parse_address_list {
> my ($str) = @_;
>
> + # if it is a not
> + if ($str =~ m/^!\s*(.*)/) {
> + $str = $1;
> + }
> +
Why do we allow spaces after '!'?
> if ($str =~ m/^(\+)(\S+)$/) { # ipset ref
> die "ipset name too long\n" if length($str) > ($max_ipset_name_length + 1);
> return;
> @@ -1634,16 +1639,20 @@ sub ruleset_generate_cmdstr {
> my $source = $rule->{source};
> my $dest = $rule->{dest};
>
> + my $negate = "";
> if ($source) {
> + if ($source =~ s/^!\s*//) {
> + $negate = "! ";
> + }
same her - why spaces?
Also, would you mind to provide some regression tests for
this new feature?
More information about the pve-devel
mailing list