From 90ace544eb71aedb1848e8c0ac38ce81fe2ea8e7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 12 Mar 2016 16:39:46 -0800
Subject: [PATCH] Implement '+' to specify inline matches as "early"

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 582650ac5..e07fd97f4 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2487,6 +2487,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
     my $raw_matches = '';
     my $exceptionrule = '';
     my $usergenerated;
+    my $prerule = '';
 
     if ( $inchain = defined $chainref ) {
 	( $inaction, undef, undef, undef ) = split /:/, $normalized_action = $chainref->{action}, 4 if $chainref->{action};
@@ -2500,6 +2501,13 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	$raw_matches = get_inline_matches(0);
     }
     #
+    # Handle early matches
+    #
+    if ( $raw_matches =~ s/s*\+// ) {
+	$prerule = $raw_matches;
+	$raw_matches = '';
+    }
+    #
     # Determine the validity of the action
     #
     $actiontype = ( $targets{$basictarget} || find_macro ( $basictarget ) );
@@ -3142,7 +3150,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 
 	expand_rule( $chainref ,
 		     $restriction ,
-		     '' ,
+		     $prerule ,
 		     $rule ,
 		     $source ,
 		     $dest ,