[pve-devel] [PATCH firewall 1/1] fix #3677 ipset_get_chains fixed to work with new ipset output

Mon Oct 18 22:21:32 CEST 2021

Signed-off-by: Mark Yardley <mgit at fragmentedpackets.net>
---
 src/PVE/Firewall.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index edc5336..6b9b787 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1948,6 +1948,10 @@ sub ipset_get_chains {
 	if ($line =~ m/^(?:\S+)\s(PVEFW-\S+)\s(?:\S+).*/) {
 	    my $chain = $1;
 	    $line =~ s/\s+$//; # delete trailing white space
+	    # ignore bucketsize onwards from output of ipset v7+
+	    if ($line =~ m/^(.*?)(?:\sbucketsize.*)/) {
+		$line = $1;
+	    }
 	    push @{$chains->{$chain}}, $line;
 	} else {
 	    # simply ignore the rest
-- 
2.33.0



