From 0d6c4309da055b1db641a9e2564f6fb60bf505c8 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 14 Dec 2008 23:22:05 +0000
Subject: [PATCH] Don't let move_rules() duplicate rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9057 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Chains.pm | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm
index d8ad01b2a..3f11b9872 100644
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@@ -541,16 +541,24 @@ sub move_rules( $$ ) {
 
     if ( $chain1->{referenced} ) {
 	my @rules = @{$chain1->{rules}};
+	my @newrules;
 
-	for ( @rules ) {
-	    fatal_error "Internal Error in move_rules()" unless /^-A/;
+      RULE:
+	for my $rule ( @rules ) {
+	    fatal_error "Internal Error in move_rules()" unless $rule =~ /^-A/;
+	    for ( @{$chain2->{rules}} ) {
+		next RULE if $rule eq $_;
+	    }
+	    push @newrules, $rule;
 	}
 
-	splice @{$chain2->{rules}}, 0, 0, @rules;
+	if ( @newrules ) {
+	    splice @{$chain2->{rules}}, 0, 0, @newrules;
 
-	$chain2->{referenced} = 1;
-	$chain1->{referenced} = 0;
-	$chain1->{rules}      = [];
+	    $chain2->{referenced} = 1;
+	    $chain1->{referenced} = 0;
+	    $chain1->{rules}      = [];
+	}
     }
 }