From 1f5439257a430c82b3863b5836dae1483c0af5e8 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 23 Sep 2014 07:39:25 -0700
Subject: [PATCH] Revert "Implement the 'terminating' action option"

This reverts commit 6851744cb71daeb43ac70af4517b26571e6addea.
---
 Shorewall/Perl/Shorewall/Chains.pm         |  9 +--------
 Shorewall/Perl/Shorewall/Rules.pm          | 21 ++++++++-------------
 Shorewall/manpages/shorewall-actions.xml   | 11 ++---------
 Shorewall6/manpages/shorewall6-actions.xml | 14 +++-----------
 4 files changed, 14 insertions(+), 41 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 4ac273891..7ff95215e 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -73,7 +73,6 @@ our @EXPORT = ( qw(
 		    allow_optimize
 		    allow_delete
 		    allow_move
-                    make_terminating
 		    set_optflags
 		    reset_optflags
 		    has_return
@@ -105,6 +104,7 @@ our @EXPORT = ( qw(
 		    AUDIT
 		    HELPER
 		    INLINE
+		    TERMINATING
 		    STATEMATCH
 		    USERBUILTIN
 		    INLINERULE
@@ -793,13 +793,6 @@ sub decr_cmd_level( $ ) {
     assert( --$_[0]->{cmdlevel} >= 0, $_[0] );
 }
 
-#
-# Mark an action as terminating
-#
-sub make_terminating( $ ) {
-    $terminating{$_[0]} = 1;
-}
-
 #
 # Transform the passed iptables rule into an internal-form hash reference.
 # Most of the compiler has been converted to use the new form natively.
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 7ab0a77b0..f3eea2c95 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1748,15 +1748,14 @@ sub process_actions() {
 						    undef, #Columns
 						    1 );   #Allow inline matches
 
-	    my $type        = ( $action eq $config{REJECT_ACTION} ? INLINE : ACTION );
-	    my $noinline    = 0;
-	    my $nolog       = ( $type == INLINE ) || 0;
-	    my $builtin     = 0;
-	    my $raw         = 0;
-	    my $mangle      = 0;
-	    my $filter      = 0;
-	    my $nat         = 0;
-	    my $terminating = 0;
+	    my $type     = ( $action eq $config{REJECT_ACTION} ? INLINE : ACTION );
+	    my $noinline = 0;
+	    my $nolog    = ( $type == INLINE ) || 0;
+	    my $builtin  = 0;
+	    my $raw      = 0;
+	    my $mangle   = 0;
+	    my $filter   = 0;
+	    my $nat      = 0;
 
 	    if ( $action =~ /:/ ) {
 		warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
@@ -1775,8 +1774,6 @@ sub process_actions() {
 			$nolog = 1;
 		    } elsif ( $_ eq 'builtin' ) {
 			$builtin = 1;
-		    } elsif ( $_ eq 'terminating' ) {
-			$terminating = 1;
 		    } elsif ( $_ eq 'mangle' ) {
 			$mangle = 1;
 		    } elsif ( $_ eq 'raw' ) {
@@ -1825,8 +1822,6 @@ sub process_actions() {
 		}
 
 		$targets{$action} = $actiontype;
-
-		make_terminating( $action ) if $terminating;
 	    } else {
 		fatal_error "Table names are only allowed for builtin actions" if $mangle || $raw || $nat || $filter;
 		new_action $action, $type, $noinline, $nolog;
diff --git a/Shorewall/manpages/shorewall-actions.xml b/Shorewall/manpages/shorewall-actions.xml
index 29e9490d4..e01a5cde1 100644
--- a/Shorewall/manpages/shorewall-actions.xml
+++ b/Shorewall/manpages/shorewall-actions.xml
@@ -71,17 +71,10 @@
                 role="bold">raw</emphasis>. If no table name(s) are given,
                 then <emphasis role="bold">filter</emphasis> is assumed. The
                 table names follow <emphasis role="bold">builtin</emphasis>
-                and are separated by commas; for example, "FOOBAR
-                builtin,filter,mangle" would specify FOOBAR as a builtin
+                and are separated by commas; for example,
+                "FOOBAR,filter,mangle" would specify FOOBAR as a builtin
                 target that can be used in the filter and mangle
                 tables.</para>
-
-                <para>Beginning with Shorewall 4.6.4, you may specify the
-                <emphasis role="bold">terminating</emphasis> option with
-                <emphasis role="bold">builtin</emphasis> to indicate to the
-                Shorewall optimizer that the action is terminating (the
-                current packet will not be passed to the next rule in the
-                chain).</para>
               </listitem>
             </varlistentry>
 
diff --git a/Shorewall6/manpages/shorewall6-actions.xml b/Shorewall6/manpages/shorewall6-actions.xml
index b89b6b7d8..38f4a11a3 100644
--- a/Shorewall6/manpages/shorewall6-actions.xml
+++ b/Shorewall6/manpages/shorewall6-actions.xml
@@ -71,18 +71,10 @@
                 role="bold">mangle</emphasis> and <emphasis
                 role="bold">raw</emphasis>. If no table name(s) are given,
                 then <emphasis role="bold">filter</emphasis> is assumed. The
-                table names follow <emphasis role="bold">builtin</emphasis>
-                and are separated by commas; for example, "FOOBAR
-                builtin,filter,mangle" would specify FOOBAR as a builtin
-                target that can be used in the filter and mangle
+                table names follow builtin and are separated by commas; for
+                example, "FOOBAR,filter,mangle" would specify FOOBAR as a
+                builtin target that can be used in the filter and mangle
                 tables.</para>
-
-                <para>Beginning with Shorewall 4.6.4, you may specify the
-                <emphasis role="bold">terminating</emphasis> option with
-                <emphasis role="bold">builtin</emphasis> to indicate to the
-                Shorewall optimizer that the action is terminating (the
-                current packet will not be passed to the next rule in the
-                chain).</para>
               </listitem>
             </varlistentry>