Don't remove a lone ACCEPT rule from the OUTPUT chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-22 11:35:14 -07:00
parent 0dde75d345
commit fb754b3a2e

View File

@ -1416,7 +1416,7 @@ sub optimize_chain( $ ) {
pop @$rules, $count++ while @$rules && $rules->[-1] =~ /-j ACCEPT\b/;
if ( @${rules} ) {
if ( @${rules} || $chainref->{dont_delete} ) {
add_rule $chainref, '-j ACCEPT';
progress_message " $count ACCEPT rules deleted from policy chain $chainref->{name}" if $count;
} else {