X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=5d66c60b40b19e973fbc5040e3799d981b6868d0;hp=000d3252d87cbdbbe7663f863fd8121d1732e521;hb=afc611d448aee8eaaefa018dfb6acd4c6d6227a1;hpb=c0359d6dfbba1124c5b2da60bc56947e7f21769a

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 000d3252d..5d66c60b4 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -116,15 +116,19 @@ iptables_init() {
 	/sbin/iptables -A INPUT -j GUIINPUT
 	/sbin/iptables -A GUIINPUT -p icmp --icmp-type 8 -j ACCEPT
 
+	# Accept everything on loopback
+	/sbin/iptables -N LOOPBACK
+	/sbin/iptables -A LOOPBACK -i lo -j ACCEPT
+	/sbin/iptables -A LOOPBACK -o lo -j ACCEPT
+
+	/sbin/iptables -A INPUT  -j LOOPBACK
+	/sbin/iptables -A OUTPUT -j LOOPBACK
+
 	# Accept everything connected
 	for i in INPUT FORWARD OUTPUT; do
 		/sbin/iptables -A ${i} -j CONNTRACK
 	done
 
-	# Accept everything on lo
-	iptables -A INPUT  -i lo -m conntrack --ctstate NEW -j ACCEPT
-	iptables -A OUTPUT -o lo -m conntrack --ctstate NEW -j ACCEPT
-	
 	# trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
 	/sbin/iptables -N IPSECINPUT
 	/sbin/iptables -N IPSECFORWARD