X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=38e67e0856916730c49251a3fb209de45f20c13e;hp=f1330f06707c3fa6a3180c4b181d0df58fc592d0;hb=c6048d2eef43f7235996accb89d239860dabf645;hpb=d8158ca68c4d48eb7fafe1b3a1fab2468381979a

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index f1330f067..38e67e085 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -54,7 +54,7 @@ iptables_init() {
 	/sbin/iptables -N BADTCP
 
 	#Don't check loopback
-	/sbin/iptables -A INPUT   -i lo -j RETURN
+	/sbin/iptables -A BADTCP -i lo -j RETURN
 
 	# Disallow packets frequently used by port-scanners
 	# nmap xmas
@@ -188,7 +188,6 @@ case "$1" in
 
 	# Outgoing Firewall
 	/sbin/iptables -A FORWARD -j OUTGOINGFWMAC
-	/sbin/iptables -A FORWARD -j OUTGOINGFW
 
 	# localhost and ethernet.
 	/sbin/iptables -A INPUT   -i lo -m state --state NEW -j ACCEPT
@@ -253,6 +252,7 @@ case "$1" in
 	# upnp chain for our upnp daemon
 	/sbin/iptables -t nat -N UPNPFW
 	/sbin/iptables -t nat -A PREROUTING -j UPNPFW
+	/sbin/iptables -A FORWARD -m state --state NEW -j UPNPFW
 	# This chain only contains dummy rules.
 	/sbin/iptables -N UPNPFW