From 9e995c9a238b1ba69885c0eb66dabb8bcae28d83 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 30 Aug 2012 13:51:27 -0400
Subject: [PATCH] nwfilter: loop generated too many rules

The loop processing the trusted DHCP server generated one too
many rules and added one final rules that accepted responses
from all DHCP servers. Below patch fixes this.
---
 src/nwfilter/nwfilter_ebiptables_driver.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index ad1d0555eb..701c55c58c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3374,10 +3374,10 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
 
         VIR_FREE(srcIPParam);
 
-        if (idx == num_dhcpsrvrs)
-            break;
-
         idx++;
+
+        if (idx >= num_dhcpsrvrs)
+            break;
     }
 
     virBufferAsprintf(&buf,