Move 'dynamic' jumps to the INPUT and FORWARD chains

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8117 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Compiler.pm

@@ -817,10 +817,6 @@ sub compiler {
     #
     generate_script_2 unless $command eq 'check';
     #
-    # Set up MSS rules
-    #
-    setup_mss;
-    #
     # Do all of the zone-independent stuff
     #
     add_common_rules;

Shorewall-perl/Shorewall/Rules.pm

@@ -472,6 +472,8 @@ sub process_routestopped() {
     }
 }
 
+sub setup_mss();
+
 sub add_common_rules() {
     my $interface;
     my $chainref;
@@ -481,6 +483,14 @@ sub add_common_rules() {
     my $list;
     my $chain;
 
+    new_standard_chain 'dynamic';
+
+    my $state = $config{BLACKLISTNEWONLY} ? '-m state --state NEW,INVALID ' : '';
+
+    add_rule $filter_table->{$_}, "$state -j dynamic" for qw( INPUT FORWARD );
+
+    setup_mss;
+
     if ( $config{FASTACCEPT} ) {
 	add_rule( $filter_table->{$_} , "-m state --state ESTABLISHED,RELATED -j ACCEPT" ) for qw( INPUT FORWARD OUTPUT );
     }
@@ -492,15 +502,8 @@ sub add_common_rules() {
     add_rule_pair new_standard_chain( 'logdrop' ),   ' ' , 'DROP'   , $level ;
     add_rule_pair new_standard_chain( 'logreject' ), ' ' , 'reject' , $level ;
 
-    new_standard_chain 'dynamic';
-
-    my $state = $config{BLACKLISTNEWONLY} ? '-m state --state NEW,INVALID ' : '';
-
     for $interface ( all_interfaces ) {
-	for $chain ( first_chains $interface ) {
-	    add_rule new_standard_chain( $chain ) , "$state -j dynamic";
-	}
-
+	new_standard_chain( $_ ) for first_chains( $interface );
 	new_standard_chain output_chain( $interface );
     }