From 9b30f48ba08998610c3045b0a1840568113b61b1 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 2 Feb 2013 10:57:08 -0800
Subject: [PATCH] Correct handling of actions when @chain is altered.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 87e1379a7..1b7128547 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1762,10 +1762,11 @@ sub process_action($$) {
     pop_open;
 
     #
-    # Pop the action parameters and delete record of this chain if the action parameters
-    # were modified
+    # Pop the action parameters
+    # Caller should delete record of this chain if the action parameters
+    # were modified (and this function returns true
     #
-    delete $usedactions{$wholeaction} if pop_action_params( $oldparms );
+    pop_action_params( $oldparms );
 }
 
 #
@@ -2417,6 +2418,8 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
     #
     # Handle actions
     #
+    my $delete_action;
+
     if ( $actiontype & ACTION ) {
 	#
 	# Create the action:level:tag:param tuple.
@@ -2431,7 +2434,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	    #
 	    $actionresult = 0;
 
-	    process_action( $ref, $chain );
+	    $delete_action = process_action( $ref, $chain );
 	    #
 	    # Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
 	    #
@@ -2659,6 +2662,8 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 		     '' );
     }
 
+    delete $usedactions{$normalized_target} if $delete_action;
+
     return 1;
 }