# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1458216672 0
# Node ID 2ae5286f1b9a32ebb71b50631fa77dbb3fa482ff
# Parent  ce3dd93f30d90bcd45ca59e7a64b5250635806f6# Parent  0890c4860f14541d1c3902c2ab93ab5118908445
Merge

diff -r 0890c4860f14 -r 2ae5286f1b9a mod_firewall/README.markdown
--- a/mod_firewall/README.markdown	Thu Mar 17 13:05:38 2016 +0100
+++ b/mod_firewall/README.markdown	Thu Mar 17 12:11:12 2016 +0000
@@ -344,6 +344,11 @@
   `MARK_ORIGIN=mark`        Marks the originating session with the given flag.
   `UNMARK_ORIGIN=mark`      Removes the given mark from the origin session (if it is set).
 
+**Note:** Marks apply to sessions, not JIDs. E.g. if marking in a rule that matches a stanza received
+over s2s, it is the s2s session that is marked.
+
+It is possible to have multiple marks on an origin at any given time.
+
 ### Informational
 
   Action          Description
diff -r 0890c4860f14 -r 2ae5286f1b9a mod_firewall/mod_firewall.lua
--- a/mod_firewall/mod_firewall.lua	Thu Mar 17 13:05:38 2016 +0100
+++ b/mod_firewall/mod_firewall.lua	Thu Mar 17 12:11:12 2016 +0000
@@ -6,7 +6,7 @@
 local definitions = module:shared("definitions");
 local active_definitions = {};
 
-local chains = {
+local default_chains = {
 	preroute = {
 		type = "event";
 		priority = 0.1;
@@ -27,6 +27,16 @@
 	};
 };
 
+local extra_chains = module:get_option("firewall_extra_chains", {});
+
+local chains = {};
+for k,v in pairs(default_chains) do
+	chains[k] = v;
+end
+for k,v in pairs(extra_chains) do
+	chains[k] = v;
+end
+
 function idsafe(name)
 	return name:match("^%a[%w_]*$")
 end