Remove ACCEPT- silliness; fix IPSET capability detection

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6156 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Chains.pm

@@ -197,7 +197,6 @@ use constant { STANDARD => 1,              #defined by Netfilter
 #
 our %targets = ('ACCEPT'       => STANDARD,
 		'ACCEPT+'      => STANDARD  + NONAT,
-		'ACCEPT-'      => STANDARD,
 		'ACCEPT!'      => STANDARD,
 		'NONAT'        => STANDARD  + NONAT + NATONLY,
 		'DROP'         => STANDARD,

Shorewall-perl/Shorewall/Config.pm

@@ -711,7 +711,7 @@ sub determine_capabilities() {
     if ( mywhich 'ipset' ) {
 	qt( "ipset -X fooX1234" );
 
-	if ( qt( "ipset -N fooX1234" ) ) {
+	if ( qt( "ipset -N fooX1234 iphash" ) ) {
 	    if ( qt( "$iptables -A fooX1234 -m set --set fooX1234 src -j ACCEPT" ) ) {
 		qt( "$iptables -D fooX1234 -m set --set fooX1234 src -j ACCEPT" );
 		$capabilities{IPSET_MATCH} = 1;

manpages/shorewall-rules.xml

@@ -309,16 +309,6 @@
               </listitem>
             </varlistentry>
 
-            <varlistentry>
-              <term><emphasis role="bold">ACCEPT-</emphasis></term>
-
-              <listitem>
-                <para>like ACCEPT but exempts the rule from being suppressed
-                by OPTIMIZE=1 in <ulink
-                url="shorewall.conf.html">shorewall.conf</ulink>(5).</para>
-              </listitem>
-            </varlistentry>
-
             <varlistentry>
               <term><emphasis role="bold">LOG</emphasis></term>