X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=ipsets.c;h=8f88885546c68bb16f124294c51b073d10be68a2;hp=06aafb77ecab50be9b5ffbdb8f917183e9b176b9;hb=93aea77092b0c178fefe3ab95fc040534eda90a3;hpb=9767873f92a53e996cc90fd8ff56d72dd3026567

diff --git a/ipsets.c b/ipsets.c
index 06aafb7..8f88885 100644
--- a/ipsets.c
+++ b/ipsets.c
@@ -107,6 +107,11 @@ check_types(struct uci_element *e, struct fw3_ipset *ipset)
 	{
 		for (i = 0; i < ARRAY_SIZE(ipset_types); i++)
 		{
+			/* skip type for v6 if it does not support family */
+			if (ipset->family != FW3_FAMILY_V4 &&
+			    !(ipset_types[i].optional & OPT_FAMILY))
+				continue;
+
 			if (ipset_types[i].types == typelist)
 			{
 				ipset->method = ipset_types[i].method;
@@ -259,6 +264,10 @@ fw3_load_ipsets(struct fw3_state *state, struct uci_package *p)
 		{
 			warn_elem(e, "must not have family 'any'");
 		}
+		else if (ipset->iprange.set && ipset->family != ipset->iprange.family)
+		{
+			warn_elem(e, "has iprange of wrong address family");
+		}
 		else if (list_empty(&ipset->datatypes))
 		{
 			warn_elem(e, "has no datatypes assigned");
@@ -292,6 +301,9 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 		first = false;
 	}
 
+	if (ipset->method == FW3_IPSET_METHOD_HASH)
+		fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
+
 	if (ipset->iprange.set)
 	{
 		fw3_pr(" range %s", fw3_address_to_string(&ipset->iprange, false));
@@ -302,8 +314,6 @@ create_ipset(struct fw3_ipset *ipset, struct fw3_state *state)
 		       ipset->portrange.port_min, ipset->portrange.port_max);
 	}
 
-	fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6");
-
 	if (ipset->timeout > 0)
 		fw3_pr(" timeout %u", ipset->timeout);