vyatta-cfg-firewall: update network-group check to allow "this" network

Update the check for network-groups to allow zero net addresses as they
are accepted by the current version of ipset used in VyOS, rejecting
only the 0.0.0.0/0 address.  This allows the "this" network (0.0.0.0/8)
to be used in network-groups.

Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628

1 files changed, 3 insertions, 3 deletions

diff --git a/lib/Vyatta/IpTables/IpSet.pm b/lib/Vyatta/IpTables/IpSet.pm
index 37bbb37..ea9bc8d 100755
--- a/lib/Vyatta/IpTables/IpSet.pm
+++ b/lib/Vyatta/IpTables/IpSet.pm
@@ -361,10 +361,10 @@ sub check_member {
         }
         if ($member =~ /([\d.]+)\/(\d+)/) {
             my ($net, $mask) = ($1, $2);
-            return "Error: zero net invalid in network-group\n"
-                if $net eq '0.0.0.0';
+            return "Error: 0.0.0.0/0 invalid in network-group\n"
+                if (($net eq '0.0.0.0') and ($mask == 0));
             return "Error: invalid mask [$mask] - must be between 1-31\n"
-                if $mask < 1 or $mask > 31;
+                if (($mask < 1) or ($mask > 31));
         } else {
             return "Error: Invalid network group [$member]\n";
         }