[pve-devel] [PATCH firewall 7/7] rules: verify referenced security group exists
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Apr 29 10:52:56 CEST 2020
while this was already handled properly (as empty rules), adding this as
error makes it much more visible (in the GUI as well).
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/PVE/Firewall.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4d86032..40468e4 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1623,6 +1623,8 @@ sub verify_rule {
if !$allow_groups;
&$add_error('action', "invalid characters in security group name")
if $action && ($action !~ m/^${security_group_name_pattern}$/);
+ &$add_error('action', "security group '$action' does not exist")
+ if $action && !defined($cluster_conf->{groups}->{$action});
} else {
&$add_error('type', "unknown rule type '$type'");
}
--
2.20.1
More information about the pve-devel
mailing list