[pve-devel] [PATCH firewall 1/2] ipsets: catch zero-prefix entries

Wolfgang Bumiller Tue, 29 Nov 2016 03:07:34 -0800

This way the error is visible with pve-firewall compile
without breaking the rest.
---
 src/PVE/Firewall.pm | 4 ++++
 1 file changed, 4 insertions(+)


diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ef74ca2..c7d90f8 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2773,6 +2773,10 @@ sub generic_fw_config_parser {
                $errors->{cidr} = $err;
            }
 
+           if ($cidr =~ m!/0+$!) {
+               $errors->{cidr} = "a zero prefix is not allowed in ipset 
entries\n";
+           }
+
            my $entry = { cidr => $cidr };
            $entry->{nomatch} = 1 if $nomatch;
            $entry->{comment} = $comment if $comment;
-- 
2.1.4


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH firewall 1/2] ipsets: catch zero-prefix entries

Reply via email to