Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewall

group address-group" command
- handle special case where temp group begins with a '-'.
(cherry picked from commit fa22559d3baa7ae5443f14e0ff774c4d6a49cc36)

2 files changed, 6 insertions, 0 deletions

diff --git a/templates/firewall/group/address-group/node.tag/address/node.def b/templates/firewall/group/address-group/node.tag/address/node.def
index 389a057..b0bd955 100644
--- a/templates/firewall/group/address-group/node.tag/address/node.def
+++ b/templates/firewall/group/address-group/node.tag/address/node.def
@@ -14,6 +14,9 @@ create: tmpgrp=$VAR(../@)-$PPID
         len=${#tmpgrp}
         if [ "$len" -gt 31 ]; then
            tmpgrp=${tmpgrp: -31};
+           if [[ "$tmpgrp" =~ ^- ]]; then
+              tmpgrp=${tmpgrp/-/Z};
+           fi
         fi
         tmpfile="/tmp/$tmpgrp";
 
diff --git a/templates/firewall/group/port-group/node.tag/port/node.def b/templates/firewall/group/port-group/node.tag/port/node.def
index de73950..f0ab759 100644
--- a/templates/firewall/group/port-group/node.tag/port/node.def
+++ b/templates/firewall/group/port-group/node.tag/port/node.def
@@ -16,6 +16,9 @@ create: tmpgrp=$VAR(../@)-$PPID
         len=${#tmpgrp}
         if [ "$len" -gt 31 ]; then
            tmpgrp=${tmpgrp: -31};
+           if [[ "$tmpgrp" =~ ^- ]]; then
+              tmpgrp=${tmpgrp/-/Z};
+           fi
         fi
         tmpfile="/tmp/$tmpgrp";