[pve-devel] [RFC firewall 7/8] avoid double spaces in ruleset_addrule

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Mar 28 10:53:30 CEST 2018


ebtables doesn't have comment rules we could store the
digest in, so we need to match the ebtables-save output
instead.

Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
 src/PVE/Firewall.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 5452167..b8ade7c 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2065,7 +2065,9 @@ sub ruleset_addrule {
 	my $logaction = get_log_rule_base($chain, $vmid, $logmsg, $log);
 	push @{$ruleset->{$chain}}, "-A $chain $match $logaction";
    }
-   push @{$ruleset->{$chain}}, "-A $chain $match $action";
+   # for stable ebtables digests avoid double-spaces to match ebtables-save output
+   $match .= ' ' if length($match);
+   push @{$ruleset->{$chain}}, "-A $chain ${match}$action";
 }
 
 sub ruleset_insertrule {
-- 
2.11.0




More information about the pve-devel mailing list