[pve-devel] [PATCH firewall] fix invalid vmfw config being interpreted as enabled
Mira Limbeck
m.limbeck at proxmox.com
Wed Aug 24 14:24:30 CEST 2022
MAC filter was enabled as long as the VM firewall config existed even
with an invalid config.
With this change the check now matches the one for CTs.
Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
---
src/PVE/Firewall.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 71746d2..2930661 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3964,7 +3964,7 @@ sub compile_ebtables_filter {
eval {
my $conf = $vmdata->{qemu}->{$vmid};
my $vmfw_conf = $vmfw_configs->{$vmid};
- return if !$vmfw_conf;
+ return if !$vmfw_conf || !$vmfw_conf->{options}->{enable};
my $ipsets = $vmfw_conf->{ipset};
foreach my $netid (sort keys %$conf) {
--
2.30.2
More information about the pve-devel
mailing list