Don't create 'reject' and AUDIT' in the 'stopped' case.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Chains.pm

@@ -1542,8 +1542,9 @@ sub ensure_manual_chain($) {
 # Add all builtin chains to the chain table -- it is separate from initialize() because it depends on capabilities and configuration.
 # The function also initializes the target table with the pre-defined targets available for the specfied address family.
 #
-sub initialize_chain_table()
-{
+sub initialize_chain_table($) {
+    my $full = shift;
+
     if ( $family == F_IPV4 ) {
 	#
 	#   As new targets (Actions, Macros and Manual Chains) are discovered, they are added to the table
@@ -1638,12 +1639,14 @@ sub initialize_chain_table()
 	}
     }
 
+    if ( $full ) {
 	#
 	# Create these chains early in case they are needed by Policy actions
 	#
 	dont_delete new_standard_chain 'AUDIT', 0 if $config{FAKE_AUDIT};
 	dont_move   new_standard_chain 'reject';
     }
+}
 
 #
 # Delete redundant ACCEPT rules from the end of a policy chain whose policy is ACCEPT

Shorewall/Perl/Shorewall/Compiler.pm

@@ -610,7 +610,7 @@ sub compiler {
     # Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
     # shorewall.conf has been processed and the capabilities have been determined.
     #
-    initialize_chain_table;
+    initialize_chain_table(1);
 
     #
     # Allow user to load Perl modules
@@ -817,7 +817,7 @@ sub compiler {
 	# for stopping the firewall
 	#
 	Shorewall::Chains::initialize( $family, 0 , $export );
-	initialize_chain_table;
+	initialize_chain_table(0);
 	#
 	#                           S T O P _ F I R E W A L L
 	#         (Writes the stop_firewall() function to the compiled script)
@@ -881,7 +881,7 @@ sub compiler {
 	# environment that it would when called by compile_stop_firewall().
 	#
 	Shorewall::Chains::initialize( $family , 0 , $export );
-	initialize_chain_table;
+	initialize_chain_table(0);
 
 	if ( $debug ) {
 	    compile_stop_firewall( $test, $export );