[pve-devel] [PATCH firewall 7/7] rules: verify referenced security group exists

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Apr 29 10:52:56 CEST 2020


while this was already handled properly (as empty rules), adding this as
error makes it much more visible (in the GUI as well).

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 src/PVE/Firewall.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4d86032..40468e4 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1623,6 +1623,8 @@ sub verify_rule {
 		if !$allow_groups;
 	    &$add_error('action', "invalid characters in security group name")
 		if $action && ($action !~ m/^${security_group_name_pattern}$/);
+	    &$add_error('action', "security group '$action' does not exist")
+		if $action && !defined($cluster_conf->{groups}->{$action});
 	} else {
 	    &$add_error('type', "unknown rule type '$type'");
 	}
-- 
2.20.1





More information about the pve-devel mailing list