From 1399a8ffde8abdaa3b1f6afdc5c2cecf2f1560fc Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 9 Jun 2011 13:35:49 -0700
Subject: [PATCH] Don't move rules from a chain with references

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index e83a41415..e1893b98f 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1026,6 +1026,10 @@ sub use_forward_chain($$) {
 
     return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & 4096 );
     #
+    # Use it if we already have jumps to it
+    #
+    return 1 if keys %{$chainref->{references}};
+    #
     # We must use the interfaces's chain if the interface is associated with multiple zones
     #
     return 1 if ( keys %{interface_zones $interface} ) > 1;