From c6e9de65f14225880229e990d651f38f097c7c69 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 27 May 2011 06:43:47 -0700
Subject: [PATCH] Prevent duplicate 'filter' rules when combining two interface
 chains into the same zone forwarding chain.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 9c96d2288..05296e859 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -899,7 +899,19 @@ sub move_rules( $$ ) {
 	    
 	}
     
-	splice @{$rules}, 0, 0, @filtered2;
+	#
+	# Restore the filters originally in chain2 but drop duplicates of those from $chain1
+	#
+      FILTER:
+	while ( @filtered2 ) {
+	    $filtered = pop @filtered2;
+	    
+	    for ( $rule = 0; $rule < $filtered1; $rule++ ) {
+		$filtered2--, next FILTER if ${$rules}[$rule] eq $filtered;
+	    }
+	    
+	    unshift @{$rules}, $filtered;
+	}
 	   
 	$chain2->{filtered} = $filtered1 + $filtered2;