This way the error is visible with pve-firewall compile without breaking the rest. --- src/PVE/Firewall.pm | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index ef74ca2..c7d90f8 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -2773,6 +2773,10 @@ sub generic_fw_config_parser { $errors->{cidr} = $err; } + if ($cidr =~ m!/0+$!) { + $errors->{cidr} = "a zero prefix is not allowed in ipset entries\n"; + } + my $entry = { cidr => $cidr }; $entry->{nomatch} = 1 if $nomatch; $entry->{comment} = $comment if $comment; -- 2.1.4 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel