From 65f4a6ac58ca1fae1fb89c6472df0fdd8a079acb Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Fri, 14 Apr 2023 18:32:54 +0200
Subject: [PATCH] rules.pl: Avoid creating iptables rules if the corresponding
 blocklist is not loaded

In case a blocklist is empty after de-duplication of the entries, it
would not be loaded. In such a case we also can skip creating any
iptables rules for this list.

This avoids us checking against an empty list and therefore saves a few cpu cycles.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/firewall/rules.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/firewall/rules.pl b/config/firewall/rules.pl
index 143161b551..52fdc8206b 100644
--- a/config/firewall/rules.pl
+++ b/config/firewall/rules.pl
@@ -749,8 +749,8 @@ sub ipblocklist () {
 	foreach my $blocklist (@blocklists) {
 		# Check if the blocklist feature and the current processed blocklist is enabled.
 		if(($blocklistsettings{'ENABLE'} eq "on") && ($blocklistsettings{$blocklist}) && ($blocklistsettings{$blocklist} eq "on")) {
-			# Call function to load the blocklist.
-			&ipset_restore($blocklist);
+			# Skip the blocklist if the set does not exist.
+			next unless(&IPSet::Functions::ipset_exists($blocklist));
 
 			# Call function to check if the corresponding iptables drop chain already has been created.
 			if(&firewall_chain_exists("${blocklist}_DROP")) {
-- 
2.39.5