From 5b9d1a61594aef7ef7d334be1b551a37b2b64acb Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 3 Feb 2013 07:59:47 -0800
Subject: [PATCH] Handle UNTRACKED_DISPOSITION=ACCEPT correctly.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 1daa6a716..89de8af86 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -961,13 +961,17 @@ sub finish_chain_section ($$$) {
 	}
     }
 
-    if ( keys %state && ! $config{FASTACCEPT} ) {
+    if ( keys %state ) {
 	my @state;
 
-	for ( qw/ESTABLISHED RELATED/ ) {
-	    push @state, $_ if $state{$_};
+	unless ( $config{FASTACCEPT} ) {
+	    for ( qw/ESTABLISHED RELATED/ ) {
+		push @state, $_ if $state{$_};
+	    }
 	}
 
+	push @state, 'UNTRACKED' if $state{UNTRACKED};
+
 	add_ijump( $chain1ref, j => 'ACCEPT', state_imatch join(',', @state ) ) if @state;
     }