Much cleaner implementation of save_dynamic_chains()

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Compiler.pm

@@ -309,44 +309,40 @@ sub generate_script_2() {
 
 sub save_dynamic_chains() {
 
+    my $tool = $family == F_IPV4 ? '${IPTABLES}-save' : '${IP6TABLES}-save';
+
     emit ( 'if [ "$COMMAND" = restart -o "$COMMAND" = restore ]; then' );
     push_indent;
 
-    if ( $family == F_IPV4 ) {
+emit <<"EOF";
-	emit( 'local iptables_save' ,
+if chain_exists 'UPnP -t nat'; then
-	      'iptables_save=${IPTABLES}-save' );
+    $tool -t nat | grep '^-A UPnP ' > \${VARDIR}/.UPnP
-    } else {
+else
-	emit( 'local iptables_save' ,
+    rm -f \${VARDIR}/.UPnP
-	      'iptables_save=${IP6TABLES}-save' );
+fi
-    }
 
-    emit ( q(if chain_exists "UPnP -t nat"; then) ,
+if chain_exists forwardUPnP; then
-	   q(    $iptables_save -t nat | grep '^-A UPnP ' > ${VARDIR}/.UPnP) ,
+    $tool -t filter | grep '^-A forwardUPnP ' > \${VARDIR}/.forwardUPnP
-	   q(else) ,
+else
-	   q(    rm -f ${VARDIR}/UPnP) ,
+    rm -f \${VARDIR}/.forwardUPnP
-	   q(fi) ,
+fi
-	   '' ,
+
-	   q(if chain_exists forwardUPnP; then) ,
+if chain_exists dynamic; then
-	   q(    $iptables_save -t filter | grep '^-A forwardUPnP ' > ${VARDIR}/.forwardUPnP) ,
+    $tool -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic
-	   q(else) ,
+else
-	   q(    rm -f ${VARDIR}/forwardUPnP) ,
+    rm -f \${VARDIR}/.dynamic
-	   q(fi) ,
+fi
-	   '' ,
+EOF
-	   q(if chain_exists dynamic; then) ,
-	   q(    $iptables_save -t filter | grep '^-A dynamic ' > ${VARDIR}/.dynamic) ,
-	   q(else) ,
-	   q(    rm -f ${VARDIR}/dynamic) ,
-	   q(fi)
-	 );
 
     pop_indent;
     emit ( 'else' );
     push_indent;
 
-    emit (  'rm -f ${VARDIR}/UPnP' );
+emit <<'EOF';
-    emit (  'rm -f ${VARDIR}/forwardUPnP' );
+rm -f ${VARDIR}/.UPnP
-    emit (  'rm -f ${VARDIR}/dynamic' );
+rm -f ${VARDIR}/.forwardUPnP
-
+rm -f ${VARDIR}/.dynamic
+EOF
     pop_indent;
 
     emit ( 'fi' ,