From fac3861429d1b4c57c18ff13236d363d87fd31c0 Mon Sep 17 00:00:00 2001
From: Alexander Marx <amarx@ipfire.org>
Date: Thu, 12 Dec 2013 15:44:45 +0100
Subject: [PATCH] Firewall: Bugfix: in /etc/init.d/firewall the REDNAT chain
 was affected BEFORE NAT_SOURCE. Outgoing SNAT rules where not working though

---
 src/initscripts/init.d/firewall | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 37ef351ed..f23f7f4eb 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -177,6 +177,10 @@ iptables_init() {
 	/sbin/iptables -N FORWARDFW
 	/sbin/iptables -A FORWARD -j FORWARDFW
 
+	# SNAT rules
+	/sbin/iptables -t nat -N NAT_SOURCE
+	/sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
+
 	# RED chain, used for the red interface
 	/sbin/iptables -N REDINPUT
 	/sbin/iptables -A INPUT -j REDINPUT
@@ -195,10 +199,6 @@ iptables_init() {
 	/sbin/iptables -t nat -N NAT_DESTINATION
 	/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
 
-	# SNAT rules
-	/sbin/iptables -t nat -N NAT_SOURCE
-	/sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
-
 	# upnp chain for our upnp daemon
 	/sbin/iptables -t nat -N UPNPFW
 	/sbin/iptables -t nat -A PREROUTING -j UPNPFW
-- 
2.39.2