From 223e1e434a7d088d94ed7ba1d6721ec12963a6fe Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 25 Feb 2010 07:50:17 -0800
Subject: [PATCH] Correct handling of NFQUEUE(queue-num) as a policy.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 978cebc40..77f437ce7 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -635,7 +635,11 @@ sub add_jump( $$$;$$$ ) {
 	#
 	# Ensure that we have the chain unless it is a builtin like 'ACCEPT'
 	#
-	$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{ $to };
+	my $target = $to;
+
+	$target =~ s/\s.*//; # $to might hold something like 'NFQUEUE --queue-num 0'
+	
+	$toref = ensure_chain( $fromref->{table} , $to ) unless $builtin_target{ $target };
     }
 
     #