Don't remove a lone ACCEPT rule from the OUTPUT chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-22 11:35:14 -07:00
parent 0d1f5bf261
commit 4c6df657da

View File

@ -1334,7 +1334,7 @@ sub optimize_chain( $ ) {
pop @$rules, $count++ while @$rules && $rules->[-1] =~ /-j ACCEPT\b/; pop @$rules, $count++ while @$rules && $rules->[-1] =~ /-j ACCEPT\b/;
if ( @${rules} ) { if ( @${rules} || $chainref->{dont_delete} ) {
add_rule $chainref, '-j ACCEPT'; add_rule $chainref, '-j ACCEPT';
progress_message " $count ACCEPT rules deleted from policy chain $chainref->{name}" if $count; progress_message " $count ACCEPT rules deleted from policy chain $chainref->{name}" if $count;
} else { } else {