From a7a8b413ef452f7a593dcbf211d1a3816a891295 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 9 Apr 2008 06:00:08 +0000
Subject: [PATCH] Avoid creating extra policy chains with EXPAND_POLICIES=Yes

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Policy.pm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm
index 6aa27ed49..36961fe9b 100644
--- a/Shorewall-perl/Shorewall/Policy.pm
+++ b/Shorewall-perl/Shorewall/Policy.pm
@@ -172,6 +172,7 @@ sub validate_policy()
 	        NFQUEUE_DEFAULT => 'NFQUEUE' );
 
     my $zone;
+    my @zonelist = $config{EXPAND_POLICIES} ? all_zones : ( all_zones, 'all' );
 
     for my $option qw/DROP_DEFAULT REJECT_DEFAULT ACCEPT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT/ {
 	my $action = $config{$option};
@@ -308,8 +309,8 @@ sub validate_policy()
 
 	if ( $clientwild ) {
 	    if ( $serverwild ) {
-		for my $zone ( all_zones , 'all' ) {
-		    for my $zone1 ( all_zones , 'all' ) {
+		for my $zone ( @zonelist ) {
+		    for my $zone1 ( @zonelist ) {
 			set_policy_chain $client, $server, "${zone}2${zone1}", $chainref, $policy;
 			print_policy $zone, $zone1, $policy, $chain;
 		    }
@@ -321,7 +322,7 @@ sub validate_policy()
 		}
 	    }
 	} elsif ( $serverwild ) {
-	    for my $zone ( all_zones , 'all' ) {
+	    for my $zone ( @zonelist ) {
 		set_policy_chain $client, $server, "${client}2${zone}", $chainref, $policy;
 		print_policy $client, $zone, $policy, $chain;
 	    }
@@ -413,7 +414,6 @@ sub apply_policy_rules() {
 		run_user_exit $chainref;
 		policy_rules $chainref , $policy, $loglevel , $default, $config{MULTICAST};
 	    }
-
 	}
     }