From 1c870b532a20cb567206812d88800f8853d75dae Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 16 Sep 2010 12:17:04 -0700
Subject: [PATCH] Preserve dynamic blacklist during stop/clear/restore

---
 Shorewall/Perl/Shorewall/Rules.pm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 9bc36911f..4e660f652 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2394,6 +2394,17 @@ EOF
 
     case $COMMAND in
 	stop|clear|restore)
+            if chain_exists dynamic; then
+EOF
+
+    if ( $family == F_IPV4 ) {
+	emit( '                ${IPTABLES}-save -t filter | grep \'^-A dynamic\' > ${VARDIR}/.dynamic' );
+    } else {
+	emit( '                ${IP6TABLES}-save -t filter | grep \'^-A dynamic\' > ${VARDIR}/.dynamic' );
+    }
+
+    emit <<'EOF';
+            fi
 	    ;;
 	*)
 	    set +x