Don't optimize chains with '-m ipsec'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-08-16 07:33:01 -07:00
parent da4f7ee524
commit f59612671b

View File

@ -2890,7 +2890,7 @@ sub optimize_level4( $$ ) {
#
# Not so easy -- the rule contains matches
#
if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} ) {
if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
#
# This case requires a new rule merging algorithm. Ignore this chain for
# now on.