From 54f5aaca63ce0fd0f34106e6368c29f2e511f60d Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 1 May 2013 11:15:36 -0700
Subject: [PATCH] Fix handling of CT_TARGET

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 47 ++++++++++++------------------
 1 file changed, 18 insertions(+), 29 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 6a26546d8..904168fe1 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -1185,14 +1185,24 @@ sub cleanup() {
 	qt1( "$iptables -X $sillyname" );
 	qt1( "$iptables -F $sillyname1" );
 	qt1( "$iptables -X $sillyname1" );
-	qt1( "$iptables -t mangle -F $sillyname" );
-	qt1( "$iptables -t mangle -X $sillyname" );
-	qt1( "$iptables -t nat -F $sillyname" );
-	qt1( "$iptables -t nat -X $sillyname" );
-	qt1( "$iptables -t raw -F $sillyname" );
-	qt1( "$iptables -t raw -X $sillyname" );
-	qt1( "$iptables -t rawpost -F $sillyname" );
-	qt1( "$iptables -t rawpost -X $sillyname" );
+
+	if ( $capabilities{MANGLE_ENABLED} ) {
+	    qt1( "$iptables -t mangle -F $sillyname" );
+	    qt1( "$iptables -t mangle -X $sillyname" );
+	}
+
+	if ( $capabilities{NAT_ENABLED} ) {
+	    qt1( "$iptables -t nat -F $sillyname" );
+	    qt1( "$iptables -t nat -X $sillyname" );
+	}
+
+	if ( $capabilities{RAW_TABLE} ) {
+	    qt1( "$iptables -t raw -F $sillyname" );
+	    qt1( "$iptables -t raw -X $sillyname" );
+	}
+
+	$sillyname = $sillyname1 = undef;
+
 	$sillyname = '';
     }
 }
@@ -4335,27 +4345,6 @@ sub determine_capabilities() {
 	    $capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';
 	}
 
-	qt1( "$iptables -F $sillyname" );
-	qt1( "$iptables -X $sillyname" );
-	qt1( "$iptables -F $sillyname1" );
-	qt1( "$iptables -X $sillyname1" );
-
-	if ( $capabilities{MANGLE_ENABLED} ) {
-	    qt1( "$iptables -t mangle -F $sillyname" );
-	    qt1( "$iptables -t mangle -X $sillyname" );
-	}
-
-	if ( $capabilities{NAT_ENABLED} ) {
-	    qt1( "$iptables -t nat -F $sillyname" );
-	    qt1( "$iptables -t nat -X $sillyname" );
-	}
-
-	if ( $capabilities{RAW_TABLE} ) {
-	    qt1( "$iptables -t raw -F $sillyname" );
-	    qt1( "$iptables -t raw -X $sillyname" );
-	}
-
-	$sillyname = $sillyname1 = undef;
     }
 }