We need to check also the ipversion of venet0,
to avoid to try to create ipv4 rules in ip6tables
Signed-off-by: Alexandre Derumier <aderum...@odiso.com>
---
src/PVE/Firewall.pm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 8325b25..a58f815 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3153,7 +3153,7 @@ sub compile_iptables_filter {
if ($conf->{ip_address} && $conf->{ip_address}->{value}) {
my $ip = $conf->{ip_address}->{value};
$ip =~ s/\s+/,/g;
- parse_address_list($ip); # make sure we have a valid $ip
list
+ my $ipvers = parse_address_list($ip); # make sure we have a
valid $ip list
my @ips = split(',', $ip);
@@ -3163,6 +3163,8 @@ sub compile_iptables_filter {
push @{$cluster_conf->{ipset}->{venet0}}, $venet0ipset;
}
+ next if $ipvers ne $ipversion;
+
generate_venet_rules_direction($ruleset, $cluster_conf,
$vmfw_conf, $vmid, $ip, 'IN', $ipversion);
generate_venet_rules_direction($ruleset, $cluster_conf,
$vmfw_conf, $vmid, $ip, 'OUT', $ipversion);
}
--
1.7.10.4
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
