From 070a67d665351299c2682896b5f63c766b929f9e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 24 Jan 2018 10:52:04 -0800
Subject: [PATCH] Deimplement OPTIMIZE_USE_FIRST

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 6 ------
 Shorewall/Perl/Shorewall/Config.pm | 5 +----
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 8cc8dc50e..52f40a2ce 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2301,8 +2301,6 @@ sub use_forward_chain($$) {
 
     my $interfaceref = find_interface($interface);
     my $nets = $interfaceref->{nets};
-
-    return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & OPTIMIZE_USE_FIRST );
     #
     # Use it if we already have jumps to it
     #
@@ -2377,8 +2375,6 @@ sub use_input_chain($$) {
     my ( $interface, $chainref ) = @_;
     my $interfaceref = find_interface($interface);
     my $nets = $interfaceref->{nets};
-
-    return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & OPTIMIZE_USE_FIRST );
     #
     # We must use the interfaces's chain if the interface is associated with multiple Zones
     #
@@ -2458,8 +2454,6 @@ sub use_output_chain($$) {
     my ( $interface, $chainref)  = @_;
     my $interfaceref = find_interface($interface);
     my $nets = $interfaceref->{nets};
-
-    return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & OPTIMIZE_USE_FIRST );
     #
     # We must use the interfaces's chain if the interface is associated with multiple Zones
     #
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 9fdca363a..36dca4fe2 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -306,7 +306,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       OPTIMIZE_POLICY_MASK
 				       OPTIMIZE_POLICY_MASK2n4
 				       OPTIMIZE_RULESET_MASK
-				       OPTIMIZE_USE_FIRST
 				       OPTIMIZE_ALL
 				     ) , ] ,
 		   protocols => [ qw (
@@ -547,8 +546,6 @@ use constant {
 	       OPTIMIZE_RULESET_MASK   => 0x1C , # Call optimize_ruleset()
                OPTIMIZE_MASK           => 0x1E , # Do optimizations beyond level 1
 	       OPTIMIZE_ALL            => 0x1F , # Maximum value for documented categories.
-
-	       OPTIMIZE_USE_FIRST      => 0x1000 # Always use interface 'first' chains -- undocumented
 	     };
 
 our %helpers = ( amanda          => UDP,
@@ -6879,7 +6876,7 @@ sub get_configuration( $$$$ ) {
     } else {
 	$val = numeric_value $config{OPTIMIZE};
 
-	fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless supplied( $val ) && $val >= 0 && ( $val & ~OPTIMIZE_USE_FIRST ) <= OPTIMIZE_ALL;
+	fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless supplied( $val ) && $val >= 0 && $val <= OPTIMIZE_ALL;
     }
 
     require_capability 'XMULTIPORT', 'OPTIMIZE level 16', 's' if $val & 16;