From a7e52291dd46013579fe1a542cb8874d314cfcec Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sat, 21 Jul 2007 15:35:45 +0000
Subject: [PATCH] Improve editing of ipset-based rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6922 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Chains.pm | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm
index 269dd65d3..c4b7b3f0d 100644
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@@ -1142,19 +1142,19 @@ sub get_set_flags( $$ ) {
     my ( $setname, $option ) = @_;
     my $options = $option;
 
-    fatal_error "Your kernel and/or iptables does not include ipset match ($setname)" unless $capabilities{IPSET_MATCH};
-
-    if ( $setname =~ /(.*)\[([1-6])\]$/ ) {
+    if ( $setname =~ /^(.*)\[([1-6])\]$/ ) {
 	$setname  = $1;
 	my $count = $2;
 	$options .= ",$option" while --$count > 0;
-    } elsif ( $setname =~ /(.+)\[(.*)\]$/ ) {
+    } elsif ( $setname =~ /^(.*)\[(.*)\]$/ ) {
 	$setname = $1;
 	$options = $2;
     }
 
     $setname =~ s/^\+//;
 
+    fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^[a-zA-Z]\w*/;
+
     "--set $setname $options "
 }
 
@@ -1179,7 +1179,6 @@ sub match_source_net( $ ) {
     } elsif ( $net =~ /^!/ ) {
 	$net =~ s/!//;
 	validate_net $net;
-	validate_net $net;
 	"-s ! $net ";
     } else {
 	validate_net $net;