Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-03-06 00:58:15 +03:00
Code Releases Activity

fix CT rule generation with ipfilter set

Browse Source 
commit 255698f65192e736708f123d380bbed2aa8c3eac tried to prevent an
error from happening but wasn't to well thought out, perl's operator
precedence was overlooked.
The commit resulted effectively in:
if (my $ip = ($net->{ip} && $vmfw_conf->{options}->{ipfilter})) ...

But intended was:
if (defined(my $ip = $net->{ip}) && $vmfw_conf->{options}->{ipfilter}) ...

First one makes $ip always boolean true (1 in perl) if the if branch
is hit, and the seconds really has then the $ip value in it..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2019-05-28 08:06:39 +02:00
parent 1b9bb7f785
commit 0398480886
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/PVE/Firewall.pm
View File

@ -3782,7 +3782,7 @@ sub compile_ebtables_filter {
push(@$arpfilter, $ip);
}
}
if (my $ip = $net->{ip} && $vmfw_conf->{options}->{ipfilter}) {
if (defined(my $ip = $net->{ip}) && $vmfw_conf->{options}->{ipfilter}) {
# ebtables changes this to a .0/MASK network but we just
# want the address here, no network - see #2193
$ip =~ s|/(\d+)$||;