[pve-devel] [PATCH firewall 1/2] ipsets: catch zero-prefix entries

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Nov 29 12:06:22 CET 2016


This way the error is visible with pve-firewall compile
without breaking the rest.
---
 src/PVE/Firewall.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ef74ca2..c7d90f8 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2773,6 +2773,10 @@ sub generic_fw_config_parser {
 		$errors->{cidr} = $err;
 	    }
 
+	    if ($cidr =~ m!/0+$!) {
+		$errors->{cidr} = "a zero prefix is not allowed in ipset entries\n";
+	    }
+
 	    my $entry = { cidr => $cidr };
 	    $entry->{nomatch} = 1 if $nomatch;
 	    $entry->{comment} = $comment if $comment;
-- 
2.1.4





More information about the pve-devel mailing list