iptables: Cleanup creating the OVPNBLOCK chain.

This should happen after the CUSTOM* chains.

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 59dbfecf1ec5cd8847556303a498783521b3e2f8..33afbef7f7df631171eca3da771ec9d5ba7a46fb 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -85,13 +85,10 @@ iptables_init() {
        /sbin/iptables -A INPUT -j CUSTOMINPUT
        /sbin/iptables -N GUARDIAN
        /sbin/iptables -A INPUT -j GUARDIAN
-       /sbin/iptables -N OVPNBLOCK
-       /sbin/iptables -A FORWARD -j OVPNBLOCK
        /sbin/iptables -A FORWARD -j GUARDIAN
        /sbin/iptables -N CUSTOMFORWARD
        /sbin/iptables -A FORWARD -j CUSTOMFORWARD
        /sbin/iptables -N CUSTOMOUTPUT
-       /sbin/iptables -A OUTPUT -j OVPNBLOCK
        /sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
        /sbin/iptables -N OUTGOINGFW
        /sbin/iptables -A OUTPUT -j OUTGOINGFW
@@ -102,15 +99,18 @@ iptables_init() {
        /sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
        /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
 
+       # Block OpenVPN transfer networks
+       /sbin/iptables -N OVPNBLOCK
+       for i in INPUT FORWARD OUTPUT; do
+               /sbin/iptables -A ${i} -j OVPNBLOCK
+       done
+
        # IPTV chains for IGMPPROXY
        /sbin/iptables -N IPTVINPUT
        /sbin/iptables -A INPUT -j IPTVINPUT
        /sbin/iptables -N IPTVFORWARD
        /sbin/iptables -A FORWARD -j IPTVFORWARD
 
-       # Filtering ovpn networks INPUT
-       /sbin/iptables -A INPUT -j OVPNBLOCK
-
        # filtering from GUI
        /sbin/iptables -N GUIINPUT
        /sbin/iptables -A INPUT -j GUIINPUT