[pve-devel] [PATCH firewall 6/7] ipfilter: imiplicitly add the default link local address

Dietmar Maurer dietmar at proxmox.com
Wed Mar 2 07:47:52 CET 2016


comment inline:
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index 2e2b2f7..7f8fe98 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -2972,12 +2972,18 @@ sub generate_std_chains {
>  }
>  
>  sub generate_ipset_chains {
> -    my ($ipset_ruleset, $clusterfw_conf, $fw_conf) = @_; #fixme
> +    my ($ipset_ruleset, $clusterfw_conf, $fw_conf, $device_ips) = @_; #fixme
>  
>      foreach my $ipset (keys %{$fw_conf->{ipset}}) {
>  
>  	my $options = $fw_conf->{ipset}->{$ipset};
>  
> +	if ($device_ips && $ipset =~ /^ipfilter-(net\d+)$/) {
> +	    if (my $ips = $device_ips->{$1}) {
> +		$options = [@$options, @$ips];

Please can we use a loop to copy options? Or add an inline comment to make it
clear?




More information about the pve-devel mailing list