diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm
index 6ace9c998..7d6920308 100644
--- a/Shorewall-perl/Shorewall/Config.pm
+++ b/Shorewall-perl/Shorewall/Config.pm
@@ -858,7 +858,7 @@ sub find_file($)
 sub split_list( $$ ) {
     my ($list, $type ) = @_;
 
-    fatal_error "Invalid $type list ($list)" if $list =~ /^,/ or $list =~/,$/ or $list =~ /,,/;
+    fatal_error "Invalid $type list ($list)" if $list =~ /^,|,$|,,|!,|,!$/;
     
     split /,/, $list;
 }
diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm
index fcfbed934..0dce9b8fb 100644
--- a/Shorewall-perl/Shorewall/IPAddrs.pm
+++ b/Shorewall-perl/Shorewall/IPAddrs.pm
@@ -91,6 +91,7 @@ sub validate_net( $$ ) {
     my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
     my $allow_name = $_[1];
 
+    fatal_error "Missing address" if $net eq '';
     fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
 
     if ( defined $vlsm ) {
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index fc6ec5c2a..c9a3f9aa3 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -176,7 +176,8 @@ sub setup_ecn()
 
 	    $hosts = ALLIPv4 if $hosts eq '-';
 
-	    for my $host( split_list $hosts, 'host' ) {
+	    for my $host( split_list $hosts, 'address' ) {
+		validate_net( $host , 1 );
 		push @hosts, [ $interface, $host ];
 	    }
 	}