Don't optimize chains with '-m ipsec'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 07:33:01 -07:00 · 2012-08-16 07:33:01 -07:00 · f59612671b
commit f59612671b
parent da4f7ee524
1 changed files with 1 additions and 1 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -2890,7 +2890,7 @@ sub optimize_level4( $$ ) {
 			#
 			# Not so easy -- the rule contains matches
 			#
-			if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} ) {
+			if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
 			    #
 			    # This case requires a new rule merging algorithm. Ignore this chain for
 			    # now on.