Allow override of OPTIMIZE=1 wrt to rules that duplicate the policy

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4739 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/compiler

@@ -2249,6 +2249,9 @@ process_rule() # $1 = target
     process_userspec
 
     case $target in
+	*!)
+	    target=${target%!}
+	    ;;
 	ACCEPT+|NONAT)
 	    [ $SECTION = NEW ] || fatal_error "$target rules are not allowed in the $SECTION SECTION"
 	    nonat=Yes
@@ -2565,7 +2568,7 @@ process_macro() # $1 = target
 	esac
 
 	case ${mtarget%%:*} in
-	    ACCEPT|ACCEPT+|NONAT|DROP|REJECT|DNAT|DNAT-|REDIRECT|REDIRECT-|LOG|CONTINUE|QUEUE|SAME|SAME-)
+	    ACCEPT|ACCEPT!|ACCEPT+|NONAT|DROP|DROP!|REJECT|REJECT!|DNAT|DNAT-|REDIRECT|REDIRECT-|LOG|CONTINUE|QUEUE|SAME|SAME-)
 		;;
 	    *)
 		if list_search ${mtarget%%:*} $ACTIONS; then
@@ -2743,7 +2746,7 @@ process_rules()
 	fi
 
 	case "${xtarget%%:*}" in
-	    ACCEPT|ACCEPT+|NONAT|DROP|REJECT|DNAT|DNAT-|REDIRECT|REDIRECT-|LOG|CONTINUE|QUEUE|SAME|SAME-)
+	    ACCEPT|ACCEPT+|ACCEPT!|NONAT|DROP|DROP!|REJECT|REJECT!|DNAT|DNAT-|REDIRECT|REDIRECT-|LOG|CONTINUE|QUEUE|SAME|SAME-)
 		do_it No
 		;;
 	    COMMENT)

Shorewall/releasenotes.txt

@@ -134,6 +134,14 @@ Other Changes in 3.3.4.
 
     gateway:~
 
+    If you really want a rule that duplicates the policy, follow the
+    action with "!":
+
+	#ACTION		SOURCE		DEST	PROTO	DEST
+	#						PORT(S)
+	...
+	ACCEPT!		all		all	icmp	8
+
 Migration Considerations:
 
 1)  Shorewall supports the notion of "default actions". A default