From 9bb1caa4bceb8602f39dad549228c8a7b658fdc1 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 21 Mar 2010 07:24:29 -0700
Subject: [PATCH] Add a comment explaining why avoiding creation of the
 blacklst chain and branching to it is a bad idea.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index f64cff300..9314c3589 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -223,7 +223,10 @@ sub setup_blacklist() {
     my $chainref;
     my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
     my $target = $disposition eq 'REJECT' ? 'reject' : $disposition;
-
+    #
+    # We go ahead and generate the blacklist chain and jump to it, even if it turns out to be empty. That is necessary
+    # for 'refresh' to work properly.
+    #
     if ( @$hosts ) {
 	$chainref = new_standard_chain 'blacklst';