From a550dd3eed94efc48d65d034775d5684f699bb44 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 29 May 2013 21:01:07 -0700
Subject: [PATCH] Issue a warning when a rule is dropped do to terminated
 chain.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 0684751b6..76293568b 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -7062,7 +7062,10 @@ sub expand_rule( $$$$$$$$$$$;$ )
 	$logname,      # Name of chain to name in log messages
        ) = @_;
 
-    return '' if $chainref->{complete};
+    if ( $chainref->{complete} ) {
+	warning_message "Chain $chainref->{name} is complete - unreachable netfilter rule(s) discarded";
+	return '';
+    }
 
     my ( $iiface, $diface, $inets, $dnets, $iexcl, $dexcl, $onets , $oexcl, $trivialiexcl, $trivialdexcl ) = 
        ( '',      '',      '',     '',     '',     '',     '',      '',     '',            '' );