Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Chains.pm

@@ -3312,7 +3312,7 @@ sub optimize_level4( $$ ) {
 		} else {
 		    #
 		    # Chain has more than one rule. If the last rule is a simple jump, then delete
-		    # all preceding rules that have the same target
+		    # all immediately preceding rules that have the same target
 		    #
 		    my $rulesref = $chainref->{rules};
 		    my $lastref = $rulesref->[-1];
@@ -3337,7 +3337,16 @@ sub optimize_level4( $$ ) {
 			    $rule--;
 			}
 
-			push @$rulesref, $lastref; #Now restore the last simple rule
+			if ( @$rulesref || ! $chainref->{builtin} || $target !~ /^(ACCEPT|DROP|REJECT)$/ ) {
+			    push @$rulesref, $lastref; # Restore the last simple rule
+			} else {
+			    #
+			    #empty builtin chain -- change it's policy
+			    #
+			    $chainref->{policy} = $target;
+			    trace( $chainref, 'P', undef, 'ACCEPT' ) if $debug;
+			    $count++;
+			}
 
 			progress_message "   $count $target rules deleted from chain $chainref->{name}" if $count;
 		    }

Shorewall/Perl/Shorewall/Compiler.pm

@@ -812,12 +812,12 @@ sub compiler {
 
 	optimize_level0;
 
-	if ( $config{OPTIMIZE} & 0x1E ) {
+	if ( ( my $optimize = $config{OPTIMIZE} ) & 0x1E ) {
 	    progress_message2 'Optimizing Ruleset...';
 	    #
 	    # Optimize Policy Chains
 	    #
-	    optimize_policy_chains if $config{OPTIMIZE} & 2;
+	    optimize_policy_chains if $optimize & 6 == 2; # Level 2 but not 4
 	    #
 	    # More Optimization
 	    #