Simplify ipset external checks and optionally initialize ispet name from external...
[project/firewall3.git] / rules.c
diff --git a/rules.c b/rules.c
index 36bb6ce..7f748eb 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -134,7 +134,7 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p)
                        continue;
                }
                else if (rule->ipset.set && !rule->ipset.any &&
-                        !(rule->_ipset = fw3_lookup_ipset(state, rule->ipset.name, false)))
+                        !(rule->_ipset = fw3_lookup_ipset(state, rule->ipset.name)))
                {
                        warn_elem(e, "refers to unknown ipset '%s'", rule->ipset.name);
                        fw3_free_rule(rule);
@@ -365,6 +365,14 @@ expand_rule(struct fw3_state *state, enum fw3_family family,
                        return;
                }
 
+               if (!fw3_check_ipset(rule->_ipset))
+               {
+                       info("     ! Skipping due to missing ipset '%s'",
+                            rule->_ipset->external
+                                       ? rule->_ipset->external : rule->_ipset->name);
+                       return;
+               }
+
                set(rule->_ipset->flags, family, family);
        }