Drop chain-ending rules whose target is 'RETURN'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-25 14:03:04 -08:00 · 2013-01-25 14:03:04 -08:00 · b8cc9c5a6a
commit b8cc9c5a6a
parent b7273d6999
1 changed files with 17 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -2961,6 +2961,7 @@ sub optimize_level4( $$ ) {
 				# A chain with a single 'RETURN' rule -- get rid of it
 				#
 				delete_chain_and_references( $chainref );
+				$progress = 1;
 			    } else {
 				#
 				# Replace all references to this chain with references to the target
@ -2969,10 +2970,13 @@ sub optimize_level4( $$ ) {
 				$progress = 1;
 			    }
 			} elsif ( $firstrule->{target} ) {
+			    if ( $firstrule->{target} eq 'RETURN' ) {
 				#
-			    # Not so easy -- the rule contains matches
+				# A chain with a single 'RETURN' rule -- get rid of it
 				#
-			    if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
+				delete_chain_and_references( $chainref );
+				$progress = 1;
+			    } elsif ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
 				#
 				# This case requires a new rule merging algorithm. Ignore this chain for
 				# now on.
@ -2992,6 +2996,15 @@ sub optimize_level4( $$ ) {
 			#
 			my $rulesref = $chainref->{rules};

+			if ( ( $lastref->{target} || '' ) eq 'RETURN' ) {
+			    #
+			    # The last rule is a RETURN -- get rid of it
+			    #
+			    pop @$rulesref;
+			    $lastref = $rulesref->[-1];
+			    $progress = 1;
+			}
+
 			if ( $lastref->{simple} && $lastref->{target} && ! $lastref->{targetopts} ) {
 			    my $target = $lastref->{target};
 			    my $count  = 0;