From 475942deb9e9d5ffb950de50bfdccd852e1dc6e9 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 3 Feb 2013 18:14:14 -0800
Subject: [PATCH] Normalize rules prior to combine_state tests.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index a82d6d510..2b7fd10b8 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3557,9 +3557,14 @@ sub delete_duplicates {
 # Get the 'conntrack' state for the passed rule reference
 #
 sub get_conntrack( $ ) {
-    if ( my $states = $_[0]->{conntrack} ) {
+    my $ruleref = $_[0];
+    if ( my $states = $ruleref->{conntrack} ) {
 	unless ( reftype $states ) {
-	    return $states if $states =~ s/--ctstate //;
+	    if ( $states =~ s/--ctstate // ) {
+		delete $ruleref->{targetopts} unless $ruleref->{targetopts};
+		$ruleref->{simple} = '' unless $ruleref->{simple};
+		return $states 
+	    }
 	}
     }
 
@@ -3632,12 +3637,6 @@ sub combine_states {
 			    last RULE unless compare_values( $baseref->{$key}, $ruleref->{$key} );
 			}
 			
-			#
-			# The rules connection tracking states must be different; otherwise,
-			# the rules are identical
-			#
-			assert( $conntrack1 ne $conntrack2 );
-
 			if ( $comment2 ) {
 			    if ( $comment ) {
 				$comment .= ", $comment2" unless $comment2 eq $lastcomment;