nwfilter: loop generated too many rules

The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index ad1d0555ebf40448b494ab32fc8c1faffb4ea6fe..701c55c58c99c4e24cc7d76428d96f42c9c170b6 100644 (file)
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3374,10 +3374,10 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
 
         VIR_FREE(srcIPParam);
 
-        if (idx == num_dhcpsrvrs)
-            break;
-
         idx++;
+
+        if (idx >= num_dhcpsrvrs)
+            break;
     }
 
     virBufferAsprintf(&buf,