firewall: Sort order in which chains are initialized.

This has been some real trouble because multiple rules could
not be properly inserted into the rule chains in the kernel
because the chains did not exist, yet.

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 06a714a329046879d5eeb6c0fcd08418790692ed..de2a04b7d15589ad741c2e36de2ae849db9c48d6 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -196,8 +196,6 @@ iptables_init() {
        iptables -t nat -N REDNAT
        iptables -t nat -A POSTROUTING -j REDNAT
 
        iptables -t nat -N REDNAT
        iptables -t nat -A POSTROUTING -j REDNAT
 

-       iptables_red
-

        # Custom prerouting chains (for transparent proxy)
        iptables -t nat -N SQUID
        iptables -t nat -A PREROUTING -j SQUID
        # Custom prerouting chains (for transparent proxy)
        iptables -t nat -N SQUID
        iptables -t nat -A PREROUTING -j SQUID


@@ -226,10 +224,11 @@ iptables_init() {
        iptables -N POLICYOUT
        iptables -A OUTPUT -j POLICYOUT
 
        iptables -N POLICYOUT
        iptables -A OUTPUT -j POLICYOUT
 

+       # Initialize firewall policies.

        /usr/sbin/firewall-policy
 
        /usr/sbin/firewall-policy
 

-       # read new firewall
-       /usr/local/bin/firewallctrl
+       # Install firewall rules for the red interface.
+       iptables_red

 }
 
 iptables_red() {
 }
 
 iptables_red() {