X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=18dea0ab859cb176cb7f9cd9aa5f8df4eb81b1be;hp=39e1dfd7b1fd981eb34658b91251495e3ad4cecf;hb=93b75f31ad920a2aa96206c2053b70affa135a42;hpb=6397b6e78974f316d9358841120f8e8bb34007f3

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 39e1dfd7b..18dea0ab8 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -192,10 +192,6 @@ case "$1" in
 	/sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
 	/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
 
-	# Forward Firewall
-	/sbin/iptables -N FORWARDFW
-	/sbin/iptables -A FORWARD -j FORWARDFW
-
 	# Input Firewall
 	/sbin/iptables -N INPUTFW
 	/sbin/iptables -A INPUT -m state --state NEW -j INPUTFW
@@ -225,6 +221,10 @@ case "$1" in
 	/sbin/iptables -N WIRELESSFORWARD
 	/sbin/iptables -A FORWARD -m state --state NEW -j WIRELESSFORWARD
 	
+	# Forward Firewall
+	/sbin/iptables -N FORWARDFW
+	/sbin/iptables -A FORWARD -j FORWARDFW
+		
 	# PORTFWACCESS chain, used for portforwarding
 	/sbin/iptables -N PORTFWACCESS
 	/sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
@@ -284,12 +284,7 @@ case "$1" in
 	if [ "$DROPINPUT" == "on" ]; then
 		/sbin/iptables -A INPUT -m limit --limit 10/minute -j LOG --log-prefix "DROP_INPUT "
 	fi
-	/sbin/iptables -A INPUT -j DROP -m comment --comment "DROP_INPUT"
-	#if [ "$DROPFORWARD" == "on" ]; then
-	#	/sbin/iptables -A FORWARD -m limit --limit 10/minute -j LOG --log-prefix "DROP_FORWARD "
-	#fi
-	#/sbin/iptables -A FORWARD -j DROP -m comment --comment "DROP_FORWARD"
-	
+		
 	#POLICY CHAIN
 	/sbin/iptables -N POLICYIN
 	/sbin/iptables -A INPUT -j POLICYIN