diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index dcb9080dc..b98b2f182 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -648,14 +648,18 @@ sub resolve_6dnsname( $ ) {
 sub validate_6net( $$ ) {
     my ( $net, $allow_name ) = @_;
 
-    if ( $net =~ /^\[(.*)]$/ ) {
+    if ( $net =~ /^\[(.+)]$/ ) {
 	$net = $1;
-    } elsif ( $net =~ /^\[(.*)\]\/(\d+)$/ ) {
+    } elsif ( $net =~ /^\[(.+)\]\/(\d+)$/ ) {
 	$net = join( '/', $1, $2 );
     }
 
+    fatal_error "Invalid Network Address($net)" if $net =~ /\[/;
+
     ($net, my $vlsm, my $rest) = split( '/', $net, 3 );
 
+    fatal_error 'Invalid Network Address(' . join( '/', $net, $vlsm, $rest ) if defined $rest;
+
     if ( $net =~ /\+(\[?)/ ) {
 	if ( $1 ) {
 	    fatal_error "An ipset list ($net) is not allowed in this context";