Don't optimize the 'blacklst' chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Rules.pm

@@ -228,7 +228,7 @@ sub setup_blacklist() {
     # for 'refresh' to work properly.
     #
     if ( @$hosts ) {
-	$chainref = new_standard_chain 'blacklst';
+	$chainref = dont_delete new_standard_chain 'blacklst';
 
 	if ( defined $level && $level ne '' ) {
 	    my $logchainref = new_standard_chain 'blacklog';

Shorewall/changelog.txt

@@ -35,6 +35,8 @@ Changes in Shorewall 4.4.8
 
 17) Issue warnings when 'blacklist' but no blacklist file entries.
 
+18) Don't optimize 'blacklst'.
+
 Changes in Shorewall 4.4.7
 
 1)  Backport optimization changes from 4.5.

Shorewall/releasenotes.txt

@@ -281,6 +281,11 @@ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
     	ERROR: iptables-restore Failed. Input is in
                /var/lib/shorewall/.iptables-restore-input
 
+11) Previously, with optimization 4, the 'blacklst' chain could be
+    optimized away. If the blacklist file was then changed and a
+    'shorewall refresh' executed, those new changes would not be included
+    in the active ruleset.
+
 ----------------------------------------------------------------------------
            I V. K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------