Check whether ipset exists before referencing it in rules or redirects

[project/firewall3.git] / rules.c

diff --git a/rules.c b/rules.c
index 5a6ea00..785621f 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -365,6 +365,14 @@ expand_rule(struct fw3_state *state, enum fw3_family family,
                        return;
                }
 
+               if (!fw3_check_ipset(rule->_ipset))
+               {
+                       info("     ! Skipping due to missing ipset '%s'",
+                            (rule->_ipset->external && *rule->_ipset->external) ?
+                                       rule->_ipset->external : rule->_ipset->name);
+                       return;
+               }
+
                set(rule->_ipset->flags, family, family);
        }