]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commitdiff
projects / people / pmueller / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d3f1f99)
Remove from Input chain, changed order of the filters since
authorChristian Schmidt <christian.schmidt@ipfire.org>
Sun, 5 Sep 2010 07:48:37 +0000 (09:48 +0200)
committerChristian Schmidt <christian.schmidt@ipfire.org>
Sun, 5 Sep 2010 07:48:37 +0000 (09:48 +0200)
the normal table contaings a drop rule and so the mac table would
never be reached. Still need to check if input is necessary.

src/initscripts/init.d/firewall patch | blob | blame | history

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index b9f3908303cdd9a142860de7b655516ac38ac877..366ae071c83f52e20598991997f0799c413b7e6a 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -183,9 +183,8 @@ case "$1" in
        /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
 
        # Outgoing Firewall
-       /sbin/iptables -A FORWARD -j OUTGOINGFW
        /sbin/iptables -A FORWARD -j OUTGOINGFWMAC
-       /sbin/iptables -A INPUT -j OUTGOINGFWMAC
+       /sbin/iptables -A FORWARD -j OUTGOINGFW
 
        # localhost and ethernet.
        /sbin/iptables -A INPUT   -i lo          -m state --state NEW -j ACCEPT
Peter's tree of IPFire 2.x