+ if (!zone->conntrack && !state->defaults.drop_invalid)
+ set(zone->flags, handle->family, FW3_FLAG_NOTRACK);
+
+ for (c = zone_chains; c->format; c++)
+ {
+ /* don't touch user chains on selective stop */
+ if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS)
+ continue;
+
+ if (!fw3_is_family(c, handle->family))
+ continue;
+
+ if (c->table != handle->table)
+ continue;
+
+ if (c->flag &&
+ !hasbit(zone->flags[handle->family == FW3_FAMILY_V6], c->flag))
+ continue;
+
+ fw3_ipt_create_chain(handle, c->format, zone->name);
+ }
+
+ if (zone->custom_chains)
+ {
+ if (handle->table == FW3_TABLE_FILTER)
+ {
+ for (i = 0; i < sizeof(flt_chains)/sizeof(flt_chains[0]); i += 2)
+ {
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_comment(r, "user chain for %s", flt_chains[i+1]);
+ fw3_ipt_rule_target(r, "%s_%s_rule", flt_chains[i+1], zone->name);
+ fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, flt_chains[i]);
+ }
+ }
+ else if (handle->table == FW3_TABLE_NAT)
+ {
+ for (i = 0; i < sizeof(nat_chains)/sizeof(nat_chains[0]); i += 2)
+ {
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_comment(r, "user chain for %s", nat_chains[i+1]);
+ fw3_ipt_rule_target(r, "%s_%s_rule", nat_chains[i+1], zone->name);
+ fw3_ipt_rule_append(r, "zone_%s_%s", zone->name, nat_chains[i]);
+ }
+ }
+ }