From 1f2691b0528915001c3fced67084550fc3803b71 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 14 Sep 2010 06:47:29 -0700
Subject: [PATCH] Another fix for blacklisting; correct composition of $hosts1

---
 Shorewall/Perl/Shorewall/Chains.pm | 1 +
 Shorewall/Perl/Shorewall/Rules.pm  | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 47773c897..baa10ee9e 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -4055,6 +4055,7 @@ sub create_chainlist_reload($) {
 
     unless ( @chains ) {
 	@chains = qw( blacklst ) if $filter_table->{blacklst};
+	push @chains, 'blackout' if $filter_table->{blackout};
 	push @chains, 'mangle:' if have_capability( 'MANGLE_ENABLED' ) && $config{MANGLE_ENABLED};
 	$chains = join( ',', @chains ) if @chains;
     }
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 5b138059b..56790f15d 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -214,18 +214,18 @@ sub add_rule_pair( $$$$ ) {
 sub setup_blacklist() {
 
     my $hosts  = find_hosts_by_option1 'blacklist', BL_IN;
-    my $hosts1 = find_hosts_by_option1 'blacklist', BL_IN | BL_OUT;
+    my $hosts1 = find_hosts_by_option1 'blacklist', BL_OUT;
     my $chainref;
     my $chainref1;
     my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
     my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
     #
-    # We go ahead and generate the blacklist chain and jump to it, even if it turns out to be empty. That is necessary
+    # We go ahead and generate the blacklist chains and jump to them, even if they turn out to be empty. That is necessary
     # for 'refresh' to work properly.
     #
     if ( @$hosts || @$hosts1 ) {
 	$chainref  = dont_delete new_standard_chain 'blacklst' if @$hosts;
-	$chainref1 = new_chain( 'filter', 'blackout' ) if @$hosts1;
+	$chainref1 = dont_delete new_standard_chain 'blackout' if @$hosts || @$hosts1;
 
 	if ( defined $level && $level ne '' ) {
 	    my $logchainref = new_standard_chain 'blacklog';