From 7d7740a46769d6a45668182cebb86275960f212a Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 14 Feb 2014 12:48:11 +0100
Subject: [PATCH 1/1] firewall: Initialize basic ruleset before entering
 runlevel 3.

---
 config/rootfiles/common/armv5tel/initscripts | 1 +
 config/rootfiles/common/i586/initscripts     | 1 +
 lfs/initscripts                              | 1 +
 src/initscripts/init.d/firewall              | 6 ++++++
 src/initscripts/init.d/network               | 3 ---
 5 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 0933ca893..ba32ec83d 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -224,6 +224,7 @@ etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90sysctl
 etc/rc.d/rcsysinit.d/S91network-vlans
 etc/rc.d/rcsysinit.d/S92rngd
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 727cc7a46..c95f4966b 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -231,6 +231,7 @@ etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90sysctl
 etc/rc.d/rcsysinit.d/S91network-vlans
 etc/rc.d/rcsysinit.d/S92rngd
diff --git a/lfs/initscripts b/lfs/initscripts
index 6968edef4..0b5d8f4ba 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -171,6 +171,7 @@ $(TARGET) :
 	ln -sf ../init.d/console     /etc/rc.d/rcsysinit.d/S70console
 	ln -sf ../init.d/firstsetup  /etc/rc.d/rcsysinit.d/S75firstsetup
 	ln -sf ../init.d/localnet    /etc/rc.d/rcsysinit.d/S80localnet
+	ln -sf ../init.d/firewall    /etc/rc.d/rcsysinit.d/S85firewall
 	ln -sf ../init.d/sysctl      /etc/rc.d/rcsysinit.d/S90sysctl
 	ln -sf ../init.d/network-vlans /etc/rc.d/rcsysinit.d/S91network-vlans
 	ln -sf ../init.d/rngd        /etc/rc.d/rcsysinit.d/S92rngd
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 77da23242..2bb8ba156 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -292,14 +292,20 @@ iptables_red() {
 # See how we were called.
 case "$1" in
   start)
+	boot_mesg "Setting up firewall"
 	iptables_init
+	evaluate_retval
+
 	# run local firewall configuration, if present
 	if [ -x /etc/sysconfig/firewall.local ]; then
 		/etc/sysconfig/firewall.local start
 	fi
 	;;
   reload)
+	boot_mesg "Reloading firewall"
 	iptables_red
+	evaluate_retval
+
 	# run local firewall configuration, if present
 	if [ -x /etc/sysconfig/firewall.local ]; then
 		/etc/sysconfig/firewall.local reload
diff --git a/src/initscripts/init.d/network b/src/initscripts/init.d/network
index 27686d1f3..88ac086e1 100644
--- a/src/initscripts/init.d/network
+++ b/src/initscripts/init.d/network
@@ -38,9 +38,6 @@ init_networking() {
 		rmmod nf_conntrack_h323
 	fi
 
-	boot_mesg "Setting up firewall"
-	/etc/rc.d/init.d/firewall start; evaluate_retval
-
 	/etc/rc.d/init.d/dnsmasq start
 	/etc/rc.d/init.d/static-routes start
 }
-- 
2.39.2