From c39fcc4db76faf22fd6a688f80cf354076e1850f Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 10 Apr 2009 20:36:22 +0000
Subject: [PATCH] Optimization of log rule code

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9843 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/Perl/Shorewall/Chains.pm | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 3628ed03b..dcde4af8d 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2681,7 +2681,7 @@ sub expand_rule( $$$$$$$$$$ )
 	# No exclusions -- save original chain
 	#
 	my $savechainref = $chainref;
-	
+
 	for my $onet ( mysplit $onets ) {
 	    $onet = match_orig_dest $onet;
 	    for my $inet ( mysplit $inets ) {
@@ -2709,9 +2709,9 @@ sub expand_rule( $$$$$$$$$$ )
 			    # Jump to the log chain if all of the rule's conditions are met
 			    #
 			    add_jump( $chainref, $logchainref, $builtin_target{$disposition},  $predicates, 1 );
-
-			    $predicates = '';
-
+			    #
+			    # Now add the log rule and target rule without predicates to the log chain.
+			    #
 			    log_rule_limit( 
 					   $loglevel ,
 					   $chainref = $logchainref ,
@@ -2721,7 +2721,12 @@ sub expand_rule( $$$$$$$$$$ )
 					   $logtag,
 					   'add',
 					   '' );
+
+			    add_rule( $chainref, $target, 1 );
 			} else {
+			    #
+			    # The log rule must be added with predicates to the rule chain
+			    #
 			    log_rule_limit(
 					   $loglevel ,
 					   $chainref ,
@@ -2733,9 +2738,10 @@ sub expand_rule( $$$$$$$$$$ )
 					   $predicates
 					  );
 			}
-		    }
-
-		    unless ( $disposition eq 'LOG' ) {
+		    } else {
+			#
+			# No logging -- add the target rule with predicates to the rule chain
+			#
 			add_rule( $chainref, $predicates . $target , 1 );
 		    }
 		}