From 1c7476fe6182d3b33656adad6af98a81c3237eec Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 17 Feb 2012 15:46:28 -0800
Subject: [PATCH] Validate SOURCE/DEST fit for ipset flags

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index c1b418516..ccd989332 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4313,6 +4313,8 @@ sub get_set_flags( $$ ) {
     } elsif ( $setname =~ /^(.*)\[((src|dst)(,(src|dst))*)\]$/ ) {
 	$setname = $1;
 	$options = $2;
+	my @OPTIONS = split /,/, $options;
+	fatal_error "Invalid flags ($options) for a " . $option eq 'src' ? 'SOURCE' : 'DEST' . ' column';
     }
 
     $setname =~ s/^\+//;