initscripts/suricata: Move functions order and always use flush_fw_chain function

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index ecd6930541f03bfd3a8b1c9faad0392ea5e3b07a..233cded5388735e924871d487d668bcdd18c98d3 100644 (file)
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -48,12 +48,18 @@ function get_cpu_count {
        echo $CPUCOUNT
 }
 
+# Function to flush the firewall chain.
+function flush_fw_chain {
+       # Call iptables and flush the chain
+       iptables -F "$FW_CHAIN"
+}
+
 # Function to create the firewall rules to pass the traffic to suricata.
 function generate_fw_rules {
        cpu_count=$(get_cpu_count)
 
        # Flush the firewall chain.
-       iptables -F "$FW_CHAIN"
+       flush_fw_chain
 
        # Loop through the array of network zones.
        for zone in "${network_zones[@]}"; do
@@ -103,12 +109,6 @@ function generate_fw_rules {
        iptables -A "${FW_CHAIN}" -j MARK --set-xmark "0x0/${MASK}"
 }
 
-# Function to flush the firewall chain.
-function flush_fw_chain {
-       # Call iptables and flush the chain
-       iptables -F "$FW_CHAIN"
-}
-
 case "$1" in
         start)
                # Get amount of CPU cores.