From 14c4bd99aac56f848954ef10886badb5cd9f826c Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 9 Jan 2011 10:10:27 -0800
Subject: [PATCH] Don't lookup standard target if target is an action, macro,
 or chain

---
 Shorewall/Perl/Shorewall/Rules.pm | 54 ++++++++++++++++---------------
 1 file changed, 28 insertions(+), 26 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 48dd75915..adf1de873 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -44,7 +44,7 @@ our @EXPORT = qw(
 	       );
 
 our @EXPORT_OK = qw( initialize );
-our $VERSION = '4.4_16';
+our $VERSION = '4.4_17';
 
 our %macros;
 
@@ -1020,32 +1020,34 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$ ) {
     #
     my $log_action = $action;
 
-    if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) {
-	if ( $shorewall_target == TGT_REDIRECT ) {
-	    my $z = $actiontype & NATONLY ? '' : firewall_zone;
-	    if ( $dest eq '-' ) {
-		$dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
-	    } elsif ( $inaction ) {
-		$dest = ":$dest";
-	    } else {
-		$dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
+    unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) {
+	if ( my $shorewall_target = lookup_shorewall_action( $basictarget ) ) {
+	    if ( $shorewall_target == TGT_REDIRECT ) {
+		my $z = $actiontype & NATONLY ? '' : firewall_zone;
+		if ( $dest eq '-' ) {
+		    $dest = $inaction ? '' : join( '', $z, '::' , $ports =~ /[:,]/ ? '' : $ports );
+		} elsif ( $inaction ) {
+		    $dest = ":$dest";
+		} else {
+		    $dest = join( '', $z, '::', $dest ) unless $dest =~ /^[^\d].*:/;
+		}
+	    } elsif ( $shorewall_target == TGT_REJECT ) {
+		$action = 'reject';
+	    } elsif ( $shorewall_target == TGT_CONTINUE ) {
+		$action = 'RETURN';
+	    } elsif ( $shorewall_target == TGT_COUNT ) {
+		$action = '';
+	    } elsif ( $shorewall_target == TGT_LOG ) {
+		fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne '';
+	    } elsif ( $actiontype & SET ) {
+		my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
+		
+		my ( $setname, $flags, $rest ) = split ':', $param, 3;
+		fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
+		fatal_error "Expected ipset name ($setname)" unless $setname =~ s/^\+// && $setname =~ /^[a-zA-Z]\w*$/;
+		fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
+		$action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
 	    }
-	} elsif ( $shorewall_target == TGT_REJECT ) {
-	    $action = 'reject';
-	} elsif ( $shorewall_target == TGT_CONTINUE ) {
-	    $action = 'RETURN';
-	} elsif ( $shorewall_target == TGT_COUNT ) {
-	    $action = '';
-	} elsif ( $shorewall_target == TGT_LOG ) {
-	    fatal_error 'LOG requires a log level' unless defined $loglevel and $loglevel ne '';
-	} elsif ( $actiontype & SET ) {
-	    my %xlate = ( ADD => 'add-set' , DEL => 'del-set' );
-
-	    my ( $setname, $flags, $rest ) = split ':', $param, 3;
-	    fatal_error "Invalid ADD/DEL parameter ($param)" if $rest;
-	    fatal_error "Expected ipset name ($setname)" unless $setname =~ s/^\+// && $setname =~ /^[a-zA-Z]\w*$/;
-	    fatal_error "Invalid flags ($flags)" unless defined $flags && $flags =~ /^(dst|src)(,(dst|src)){0,5}$/;
-	    $action = join( ' ', 'SET --' . $xlate{$basictarget} , $setname , $flags );
 	}
     }
     #