From d5f1422d81ea54a1b56e57dcb4aadde95611111d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 8 Jul 2013 15:47:57 +0200
Subject: [PATCH] iptables: Jump into the firewall rulesets after everything
 else has been done.

---
 src/initscripts/init.d/firewall | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index cc6bebb1db..5423f1390c 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -87,8 +87,6 @@ iptables_init() {
 	/sbin/iptables -A FORWARD -j CUSTOMFORWARD
 	/sbin/iptables -N CUSTOMOUTPUT
 	/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
-	/sbin/iptables -N OUTGOINGFW
-	/sbin/iptables -A OUTPUT -j OUTGOINGFW
 	/sbin/iptables -t nat -N CUSTOMPREROUTING
 	/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
 	/sbin/iptables -t nat -N CUSTOMPOSTROUTING
@@ -151,10 +149,6 @@ iptables_init() {
 	/sbin/iptables -t nat -N IPSECNAT
 	/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
 
-	# Input Firewall
-	/sbin/iptables -N INPUTFW
-	/sbin/iptables -A INPUT -m conntrack --ctstate NEW -j INPUTFW
-
 	# localhost and ethernet.
 	/sbin/iptables -A INPUT   -i $GREEN_DEV  -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
 	
@@ -168,10 +162,16 @@ iptables_init() {
 	/sbin/iptables -N WIRELESSFORWARD
 	/sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
 	
-	# Forward Firewall
+	# Jump into the actual firewall ruleset.
+	/sbin/iptables -N INPUTFW
+	/sbin/iptables -A INPUT -j INPUTFW
+
+	/sbin/iptables -N OUTGOINGFW
+	/sbin/iptables -A OUTPUT -j OUTGOINGFW
+
 	/sbin/iptables -N FORWARDFW
 	/sbin/iptables -A FORWARD -j FORWARDFW
-		
+
 	# OPenSSL
 	/sbin/iptables -N OPENSSLPHYSICAL
 	/sbin/iptables -A INPUT -j OPENSSLPHYSICAL
-- 
2.39.5