- foreach my $entry (@$ipset) {
- next if $entry =~ m/^create/; # simply ignore
- if ($entry =~ m/add \S+ (\S+)$/) {
- my $test = Net::IP->new($1);
- if ($test->overlaps($ip)) {
- add_trace("IPSET $ipsetname match $ipaddr\n");
- return 1;
+ my $first = $ipset->[0];
+ if ($first =~ m/^create\s+\S+\s+list:/) {
+ foreach my $entry (@$ipset) {
+ next if $entry =~ m/^create/; # simply ignore
+ if ($entry =~ m/add \S+ (\S+)$/) {
+ return 1 if ipset_match($ipset_ruleset, $1, $ipaddr);
+ } else {
+ die "implement me";
+ }
+ }
+ return 0;
+ } elsif ($first =~ m/^create\s+\S+\s+hash:net/) {
+ foreach my $entry (@$ipset) {
+ next if $entry =~ m/^create/; # simply ignore
+ if ($entry =~ m/add \S+ (\S+)$/) {
+ my $test = Net::IP->new($1);
+ if ($test->overlaps($ip)) {
+ add_trace("IPSET $ipsetname match $ipaddr\n");
+ return 1;
+ }
+ } else {
+ die "implement me";