From 79f98f73e1305b2919f64025e97398f230ba60f5 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 15 Dec 2008 01:02:52 +0000
Subject: [PATCH] An optimization

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9062 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Rules.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index db601cecd..b9728ec70 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -1640,11 +1640,12 @@ sub generate_matrix() {
 	next if @zones <= 2 && ! $zoneref->{options}{complex};
 
 	my $exclusions = $zoneref->{exclusions};
-	my $frwd_ref   = new_standard_chain zone_forward_chain( $zone );
+	my $frwd_ref;   
 
 	if ( @$exclusions ) {
 	    my $in_ref  = new_standard_chain zone_input_chain $zone;
 	    my $out_ref = new_standard_chain zone_output_chain $zone;
+	    $frwd_ref = new_standard_chain zone_forward_chain( $zone );
 
 	    add_rule ensure_filter_chain( "${zone}2${zone}", 1 ) , '-j ACCEPT' if rules_target( $zone, $zone ) eq 'ACCEPT';
 
@@ -1668,6 +1669,7 @@ sub generate_matrix() {
 		if ( use_forward_chain( $interface ) ) {
 		    $sourcechainref = $filter_table->{forward_chain $interface};
 		} else {
+		    $frwd_ref = new_standard_chain zone_forward_chain( $zone ) unless $frwd_ref;
 		    $sourcechainref = $filter_table->{FORWARD};
 		    $interfacematch = match_source_dev $interface;
 		    move_rules( $filter_table->{forward_chain $interface} , $frwd_ref );
@@ -1678,6 +1680,7 @@ sub generate_matrix() {
 		for my $hostref ( @{$arrayref} ) {
 		    my $ipsec_match = match_ipsec_in $zone , $hostref;
 		    for my $net ( @{$hostref->{hosts}} ) {
+			$frwd_ref = new_standard_chain zone_forward_chain( $zone ) unless $frwd_ref;
 			add_jump(
 				 $sourcechainref,
 				 $frwd_ref,