for example, the config parser drops a trailing /32 for IPv4, so we should do the same here. otherwise we can have one entry for $IP and one for $IP/32 with different properties until the next R-M-W cycle drops one of them again.
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> --- src/PVE/API2/Firewall/IPSet.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm index 913dd86..ec9326f 100644 --- a/src/PVE/API2/Firewall/IPSet.pm +++ b/src/PVE/API2/Firewall/IPSet.pm @@ -195,6 +195,13 @@ sub register_create_ip { my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param); my $cidr = $param->{cidr}; + if ($cidr =~ m/^${PVE::Firewall::ip_alias_pattern}$/) { + # make sure alias exists (if $cidr is an alias) + PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $cidr); + } else { + # normalize like config parser, otherwise duplicates might slip through + $cidr = PVE::Firewall::parse_ip_or_cidr($cidr); + } foreach my $entry (@$ipset) { raise_param_exc({ cidr => "address '$cidr' already exists" }) @@ -204,9 +211,6 @@ sub register_create_ip { raise_param_exc({ cidr => "a zero prefix is not allowed in ipset entries" }) if $cidr =~ m!/0+$!; - # make sure alias exists (if $cidr is an alias) - PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $cidr) - if $cidr =~ m/^${PVE::Firewall::ip_alias_pattern}$/; my $data = { cidr => $cidr }; -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel