diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 858dda3c5..5d4170a26 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -1122,7 +1122,7 @@ sub merge_rules( $$$ ) { } } - for my $option ( grep ! $opttype{$_}, keys %$fromref ) { + for my $option ( grep ! $opttype{$_} || $_ eq 'nfacct', keys %$fromref ) { set_rule_option( $toref, $option, $fromref->{$option} ); } @@ -1138,6 +1138,10 @@ sub merge_rules( $$$ ) { set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy}; + for my $option ( grep( ( $opttype{$_} || 0 ) == EXPENSIVE, keys %$fromref ) ) { + set_rule_option( $toref, $option, $fromref->{$option} ); + } + unless ( $toref->{comment} ) { $toref->{comment} = $fromref->{comment} if exists $fromref->{comment}; }