From b6f37b5c0de45c397197d1a1e04c0cc0ed7e2b7d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 8 Jul 2013 15:53:30 +0200
Subject: [PATCH] iptables: Cleanup creating SNAT/DNAT chains.

---
 src/initscripts/init.d/firewall | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 772701eae1..3f181b1380 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -178,17 +178,19 @@ iptables_init() {
 	/sbin/iptables -t nat -A POSTROUTING -j REDNAT
 
 	iptables_red
-		
-	# Custom prerouting chains (for transparent proxy and port forwarding)
+
+	# Custom prerouting chains (for transparent proxy)
 	/sbin/iptables -t nat -N SQUID
 	/sbin/iptables -t nat -A PREROUTING -j SQUID
+
+	# DNAT rules
 	/sbin/iptables -t nat -N NAT_DESTINATION
-	/sbin/iptables -t nat -N NAT_SOURCE
 	/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
-	/sbin/iptables -t nat -I POSTROUTING 3 -j NAT_SOURCE
-	
-	
-	
+
+	# SNAT rules
+	/sbin/iptables -t nat -N NAT_SOURCE
+	/sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
+
 	# upnp chain for our upnp daemon
 	/sbin/iptables -t nat -N UPNPFW
 	/sbin/iptables -t nat -A PREROUTING -j UPNPFW
-- 
2.39.5