From f58ea79e8e366cd108073fdb0bc150dddca8e4ea Mon Sep 17 00:00:00 2001
From: Charlie Tonneslan <cst0520@gmail.com>
Date: Sun, 17 May 2026 07:48:42 -0400
Subject: [PATCH] iptables: return error from ListById when chain has no
 matching rule

executeList returns an empty slice when the chain has no rule at the
given id, but ListById indexed rule[0] unconditionally and panicked
with index-out-of-range. Return a descriptive error instead so callers
can recover.

Closes #130

Signed-off-by: Charlie Tonneslan <cst0520@gmail.com>
---
 iptables/iptables.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables/iptables.go b/iptables/iptables.go
index b058995..5c958eb 100644
--- a/iptables/iptables.go
+++ b/iptables/iptables.go
@@ -280,6 +280,9 @@ func (ipt *IPTables) ListById(table, chain string, id int) (string, error) {
 	if err != nil {
 		return "", err
 	}
+	if len(rule) == 0 {
+		return "", fmt.Errorf("no rule with id %d in chain %s of table %s", id, chain, table)
+	}
 	return rule[0], nil
 }