From 4a05e56d6d171e5384ed9b88228065a9ca6db864 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 1 Jun 2013 13:01:55 -0700
Subject: [PATCH 1/4] Disable warning on unreachable rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 86699cdcb..ddd904283 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -7063,7 +7063,7 @@ sub expand_rule( $$$$$$$$$$$;$ )
        ) = @_;
 
     if ( $chainref->{complete} ) {
-	warning_message "The rule(s) generated by this entry are unreachable and have been discarded";
+#	warning_message "The rule(s) generated by this entry are unreachable and have been discarded";
 	return '';
     }
 

From 4340bcffb1133427b2ea55744fecb15075a385c7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 1 Jun 2013 13:02:39 -0700
Subject: [PATCH 2/4] Don't optimize away a rule that includes nfacct matches.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index ddd904283..76bc83e62 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3247,7 +3247,7 @@ sub optimize_level4( $$ ) {
 			    while ( @$rulesref ) {
 				my $rule1ref = $rulesref->[-1];
 
-				last unless ( $rule1ref->{target} || '' ) eq $target && ! $rule1ref->{targetopts};
+				last unless ( $rule1ref->{target} || '' ) eq $target && ! ( $rule1ref->{targetopts} || $rule1ref->{nfacct} );
 
 				trace ( $chainref, 'D', $rule, $rule1ref ) if $debug;
 

From 7dbd50708b7d215618666dc5423a0874e048d977 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 1 Jun 2013 13:03:10 -0700
Subject: [PATCH 3/4] Clear the current filename after last file is processed.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Compiler.pm |  4 ++++
 Shorewall/Perl/Shorewall/Config.pm   | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 112bfd92d..9c98a9196 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -829,6 +829,10 @@ sub compiler {
     #
     setup_tunnels;
     #
+    # Clear the current filename
+    #
+    clear_currentfilename;
+    #
     # MACLIST Filtration again
     #
     setup_mac_lists 2;
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index b5593a28d..64a84671c 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -48,6 +48,7 @@ our @EXPORT = qw(
 		 fatal_error
 		 assert
 		 currentlineinfo
+		 clear_currentfilename
 
 		 progress_message
 		 progress_message_nocompress
@@ -658,7 +659,7 @@ sub initialize( $;$$) {
 		    EXPORT                  => 0,
 		    KLUDGEFREE              => '',
 		    STATEMATCH              => '-m state --state',
-		    VERSION                 => "4.5.13-Beta3",
+		    VERSION                 => "4.5.18-Beta1",
 		    CAPVERSION              => 40515 ,
 		  );
     #
@@ -2167,6 +2168,13 @@ sub close_file() {
     }
 }
 
+#
+# Clear the current filename
+#
+sub clear_currentfilename() {
+    $currentfilename = '';
+}
+
 #
 # Process an ?IF, ?ELSIF, ?ELSE or ?END directive
 #

From 481811d29f924a1ea7b74b56086978ed903523e0 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 2 Jun 2013 13:29:13 -0700
Subject: [PATCH 4/4] Merge NFACCT and EXPENSIVE matches during optimization

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 76bc83e62..1f31332c9 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1121,7 +1121,7 @@ sub merge_rules( $$$ ) {
 	}
     }
 
-    for my $option ( grep ! $opttype{$_}, keys %$fromref ) {
+    for my $option ( grep ! $opttype{$_} || $_ eq 'nfacct', keys %$fromref ) {
 	set_rule_option( $toref, $option, $fromref->{$option} );
     }
 
@@ -1137,6 +1137,10 @@ sub merge_rules( $$$ ) {
 
     set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy};
 
+    for my $option ( grep( ( $opttype{$_} || 0 ) == EXPENSIVE, keys %$fromref ) ) {
+	set_rule_option( $toref, $option, $fromref->{$option} );
+    }
+
     unless ( $toref->{comment} ) {
 	$toref->{comment} = $fromref->{comment} if exists $fromref->{comment};
     }