From 938d53fa8f22fc6b2484f6fc02d6f188a350551c Mon Sep 17 00:00:00 2001
From: Vegard Engen <vegard@engen.priv.no>
Date: Sat, 28 Jun 2025 18:33:54 +0200
Subject: [PATCH] Fix namespace matching for firewallgroups in firewallpolicies

---
 internal/controller/firewallpolicy_controller.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/controller/firewallpolicy_controller.go b/internal/controller/firewallpolicy_controller.go
index 292fbe7..a0b4fc9 100644
--- a/internal/controller/firewallpolicy_controller.go
+++ b/internal/controller/firewallpolicy_controller.go
@@ -340,7 +340,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				skipService = true
 			}
 		}
-		if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) && !skipService {
+		if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == service.Namespace)) && !skipService {
 			myServices = append(myServices, service)
 		} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
 			myServices = append(myServices, service)