forked from extern/shorewall_code
Don't optimize chains with '-m ipsec'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
da4f7ee524
commit
f59612671b
@ -2890,7 +2890,7 @@ sub optimize_level4( $$ ) {
|
||||
#
|
||||
# Not so easy -- the rule contains matches
|
||||
#
|
||||
if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} ) {
|
||||
if ( $chainref->{builtin} || ! $globals{KLUDGEFREE} || $firstrule->{policy} ) {
|
||||
#
|
||||
# This case requires a new rule merging algorithm. Ignore this chain for
|
||||
# now on.
|
||||
|
Loading…
Reference in New Issue
Block a user