Correct handling of NFQUEUE(queue-num) in a policy

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Chains.pm

@@ -635,7 +635,7 @@ sub add_jump( $$$;$$$ ) {
 	#
 	# Ensure that we have the chain unless it is a builtin like 'ACCEPT'
 	#
-	$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{ $to };
+	$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{$to} || $to =~ / /; #If the target has options, it must be a builtin. 
     }
 
     #

Shorewall/changelog.txt

@@ -2,6 +2,8 @@ Changes in Shorewall 4.4.7.6
 
 1)  Fix Debian init script exit status
 
+2)  Fix NFQUEUE(queue-num) in policy
+
 Changes in Shorewall 4.4.7.5
 
 1)  Don't create a logging chain for rules with '-j RETURN'.

Shorewall/known_problems.txt

@@ -64,3 +64,9 @@
     are 1/2 of the values given in the rule.
 
     Corrected in 4.4.7.5.
+
+9)  If a queue-number is specified in an NFQUEUE policy (e.g.,
+    NFQUEUE(0)), invalid iptables-restore input is generated.
+
+10) The Debian init scripts return exit status 0, even when the command
+    fails.

Shorewall/releasenotes.txt

@@ -191,6 +191,10 @@ Shorewall 4.4.7 Patch Release 6.
     init script would still return a success (zero) exit status. It now
     returns a failure status (1) when the command fails.
 
+2)  Previously, if a queue number was specified in an NFQUEUE policy
+    (e.g., NFQUEUE(0)), invalid iptables-restore input would be
+    generated.
+
 ----------------------------------------------------------------------------
        P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 7 . 5
 ----------------------------------------------------------------------------