rules.pl: Avoid creating iptables rules if the corresponding blocklist is not loaded

In case a blocklist is empty after de-duplication of the entries, it
would not be loaded. In such a case we also can skip creating any
iptables rules for this list.

This avoids us checking against an empty list and therefore saves a few cpu cycles.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 143161b55123a60328284e031448e7b3a1eb431c..52fdc8206be3e83fcabcd267bbb9a58de4f06982 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -749,8 +749,8 @@ sub ipblocklist () {
        foreach my $blocklist (@blocklists) {
                # Check if the blocklist feature and the current processed blocklist is enabled.
                if(($blocklistsettings{'ENABLE'} eq "on") && ($blocklistsettings{$blocklist}) && ($blocklistsettings{$blocklist} eq "on")) {
-                       # Call function to load the blocklist.
-                       &ipset_restore($blocklist);
+                       # Skip the blocklist if the set does not exist.
+                       next unless(&IPSet::Functions::ipset_exists($blocklist));
 
                        # Call function to check if the corresponding iptables drop chain already has been created.
                        if(&firewall_chain_exists("${blocklist}_DROP")) {