diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index eeffddda5..9d1ca063e 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1725,26 +1725,28 @@ sub process_host( ) {
 	if ( $hosts =~ /^([\w.@%-]+\+?):(.*)$/ ) {
 	    $interface = $1;
 	    $hosts = $2;
-
-	    if ( $hosts =~ /^\+/ ) {
-		$zoneref->{options}{complex} = 1;
-		fatal_error "ipset name qualification is disallowed in this file" if $hosts =~ /[\[\]]/;
-		fatal_error "Invalid ipset name ($hosts)" unless $hosts =~ /^\+[a-zA-Z][-\w]*$/;
-	    }
-
 	    fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface}) && $interfaceref->{root};
 	} else {
 	    fatal_error "Invalid HOST(S) column contents: $hosts";
 	}
-    } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>\s*$/ || $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]\s*$/ || $hosts =~ /^([\w.@%-]+\+?):(dynamic)\s*$/   ) {
+    } elsif ( $hosts =~ /^([\w.@%-]+\+?):<(.*)>$/   ||
+	      $hosts =~ /^([\w.@%-]+\+?):\[(.*)\]$/ ||
+	      $hosts =~ /^([\w.@%-]+\+?):(\+.*)$/   ||
+	      $hosts =~ /^([\w.@%-]+\+?):(dynamic)$/ ) {
 	$interface = $1;
 	$hosts = $2;
-	$zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;
+
 	fatal_error "Unknown interface ($interface)" unless ($interfaceref = $interfaces{$interface})->{root};
     } else {
 	fatal_error "Invalid HOST(S) column contents: $hosts" 
     }
 
+    if ( $hosts =~ /^\+/ ) {
+	$zoneref->{options}{complex} = 1;
+	fatal_error "ipset name qualification is disallowed in this file" if $hosts =~ /[\[\]]/;
+	fatal_error "Invalid ipset name ($hosts)" unless $hosts =~ /^\+[a-zA-Z][-\w]*$/;
+    }
+
     if ( $type == BPORT ) {
 	if ( $zoneref->{bridge} eq '' ) {
 	    fatal_error 'Bridge Port Zones may only be associated with bridge ports' unless $interfaceref->{options}{port};