Signed-off-by: Alexandre Derumier <[email protected]>
---
src/PVE/Firewall.pm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index e6809ef..d1535f8 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -894,7 +894,7 @@ sub ipset_get_chains {
return if $line =~ m/^#/;
return if $line =~ m/^\s*$/;
- if ($line =~ m/^(?:\S+)\s(\S+)\s(?:\S+).*/) {
+ if ($line =~ m/^(?:\S+)\s(PVEFW-\S+)\s(?:\S+).*/) {
my $chain = $1;
$line =~ s/\s+$//; # delete trailing white space
push @{$chains->{$chain}}, $line;
@@ -935,7 +935,7 @@ sub ruleset_generate_cmdstr {
if ($source){
if($source =~ m/^(\+)(\S+)$/){
die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2};
- push @cmd, "-m set --match-set $2 src";
+ push @cmd, "-m set --match-set PVEFW-$2 src";
}elsif ($source =~
m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
push @cmd, "-m iprange --src-range $source";
@@ -948,7 +948,7 @@ sub ruleset_generate_cmdstr {
if ($dest){
if($dest =~ m/^(\+)(\S+)$/){
die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2};
- push @cmd, "-m set --match-set $2 dst";
+ push @cmd, "-m set --match-set PVEFW-$2 dst";
}elsif ($dest =~
m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
push @cmd, "-m iprange --dst-range $dest";
@@ -1993,7 +1993,7 @@ sub generate_ipset_chains {
my ($ipset_ruleset, $fw_conf) = @_;
foreach my $ipset (keys %{$fw_conf->{ipset}}) {
- generate_ipset($ipset_ruleset, $ipset, $fw_conf->{ipset}->{$ipset});
+ generate_ipset($ipset_ruleset, "PVEFW-$ipset",
$fw_conf->{ipset}->{$ipset});
}
}
--
1.7.10.4
_______________________________________________
pve-devel mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
