From: Christian Schmidt <christian.schmidt@ipfire.org>
Date: Sun, 5 Sep 2010 07:48:37 +0000 (+0200)
Subject: Remove from Input chain, changed order of the filters since
X-Git-Tag: v2.9-beta1~99^2~6
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=4262c16b36f8d13a80cddff9b4c49a6bf0ab153f;ds=sidebyside

Remove from Input chain, changed order of the filters since
the normal table contaings a drop rule and so the mac table would
never be reached. Still need to check if input is necessary.
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index b9f3908303..366ae071c8 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -183,9 +183,8 @@ case "$1" in
 	/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
 
 	# Outgoing Firewall
-	/sbin/iptables -A FORWARD -j OUTGOINGFW
 	/sbin/iptables -A FORWARD -j OUTGOINGFWMAC
-	/sbin/iptables -A INPUT -j OUTGOINGFWMAC
+	/sbin/iptables -A FORWARD -j OUTGOINGFW
 
 	# localhost and ethernet.
 	/sbin/iptables -A INPUT   -i lo          -m state --state NEW -j ACCEPT