rules.pl: Avoid creating iptables rules if the corresponding blocklist is not loaded

In case a blocklist is empty after de-duplication of the entries, it
would not be loaded. In such a case we also can skip creating any
iptables rules for this list.

This avoids us checking against an empty list and therefore saves a few cpu cycles.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 24a5c6b2ca6f50bd27a45d6a6a9e304d8362f2f7..7da47ed6ad7a39e7ca04b5e0cc75f37c524b2541 100644 (file)
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -750,8 +750,8 @@ sub ipblocklist () {
        foreach my $blocklist (@blocklists) {
                # Check if the blocklist feature and the current processed blocklist is enabled.
                if(($blocklistsettings{'ENABLE'} eq "on") && ($blocklistsettings{$blocklist}) && ($blocklistsettings{$blocklist} eq "on")) {
-                       # Call function to load the blocklist.
-                       &ipset_restore($blocklist);
+                       # Skip the blocklist if the set does not exist.
+                       next unless(&IPSet::Functions::ipset_exists($blocklist));
 
                        # Call function to check if the corresponding iptables drop chain already has been created.
                        if(&firewall_chain_exists("${blocklist}_DROP")) {