[pve-devel] [PATCH firewall 2/2] ipset: don't allow the creation of zero-prefix entries
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Nov 29 12:06:23 CET 2016
---
src/PVE/API2/Firewall/IPSet.pm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 6129c9d..ea6d1a2 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -187,6 +187,9 @@ sub register_create_ip {
if $entry->{cidr} eq $cidr;
}
+ raise_param_exc({ cidr => "a zero prefix is not allowed in ipset entries" })
+ if $cidr =~ m!/0+$!;
+
# make sure alias exists (if $cidr is an alias)
PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $cidr)
if $cidr =~ m/^${PVE::Firewall::ip_alias_pattern}$/;
--
2.1.4
More information about the pve-devel
mailing list