Don't optimize the 'blacklst' chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Rules.pm

@@ -228,7 +228,7 @@ sub setup_blacklist() {
     # for 'refresh' to work properly.
     #
     if ( @$hosts ) {
-	$chainref = new_standard_chain 'blacklst';
+	$chainref = dont_delete new_standard_chain 'blacklst';
 
 	if ( defined $level && $level ne '' ) {
 	    my $logchainref = new_standard_chain 'blacklog';

Shorewall/changelog.txt

@@ -39,6 +39,8 @@ Changes in Shorewall 4.4.8
 
 17) Issue warnings when 'blacklist' but no blacklist file entries.
 
+18) Don't optimize 'blacklst'.
+
 Changes in Shorewall 4.4.7
 
 1)  Backport optimization changes from 4.5.

Shorewall/releasenotes.txt

@@ -303,6 +303,11 @@ V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
     	ERROR: iptables-restore Failed. Input is in
                /var/lib/shorewall/.iptables-restore-input
 
+11) Previously, with optimization 4, the 'blacklst' chain could be
+    optimized away. If the blacklist file was then changed and a
+    'shorewall refresh' executed, those new changes would not be included
+    in the active ruleset.
+
 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   I N   4 . 4 . 8
 ----------------------------------------------------------------------------