From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 1 Mar 2014 14:02:42 +0000 (+0100)
Subject: firewall: Sort order in which chains are initialized.
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=bb3834231ec78a2d7b0bc4201906467c47ea7aa4;ds=sidebyside

firewall: Sort order in which chains are initialized.

This has been some real trouble because multiple rules could
not be properly inserted into the rule chains in the kernel
because the chains did not exist, yet.
---

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 06a714a32..de2a04b7d 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -196,8 +196,6 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
-	iptables_red
-
 	# Custom prerouting chains (for transparent proxy)
 	iptables -t nat -N SQUID
 	iptables -t nat -A PREROUTING -j SQUID
@@ -226,10 +224,11 @@ iptables_init() {
 	iptables -N POLICYOUT
 	iptables -A OUTPUT -j POLICYOUT
 
+	# Initialize firewall policies.
 	/usr/sbin/firewall-policy
 
-	# read new firewall
-	/usr/local/bin/firewallctrl
+	# Install firewall rules for the red interface.
+	iptables_red
 }
 
 iptables_red() {