[pve-devel] [PATCH firewall 1/2] ipsets: catch zero-prefix entries
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Nov 29 12:06:22 CET 2016
This way the error is visible with pve-firewall compile
without breaking the rest.
---
src/PVE/Firewall.pm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ef74ca2..c7d90f8 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2773,6 +2773,10 @@ sub generic_fw_config_parser {
$errors->{cidr} = $err;
}
+ if ($cidr =~ m!/0+$!) {
+ $errors->{cidr} = "a zero prefix is not allowed in ipset entries\n";
+ }
+
my $entry = { cidr => $cidr };
$entry->{nomatch} = 1 if $nomatch;
$entry->{comment} = $comment if $comment;
--
2.1.4
More information about the pve-devel
mailing list