From bb3834231ec78a2d7b0bc4201906467c47ea7aa4 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 1 Mar 2014 15:02:42 +0100
Subject: [PATCH] firewall: Sort order in which chains are initialized.

This has been some real trouble because multiple rules could
not be properly inserted into the rule chains in the kernel
because the chains did not exist, yet.
---
 src/initscripts/init.d/firewall | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 06a714a32..de2a04b7d 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -196,8 +196,6 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT
 
-	iptables_red
-
 	# Custom prerouting chains (for transparent proxy)
 	iptables -t nat -N SQUID
 	iptables -t nat -A PREROUTING -j SQUID
@@ -226,10 +224,11 @@ iptables_init() {
 	iptables -N POLICYOUT
 	iptables -A OUTPUT -j POLICYOUT
 
+	# Initialize firewall policies.
 	/usr/sbin/firewall-policy
 
-	# read new firewall
-	/usr/local/bin/firewallctrl
+	# Install firewall rules for the red interface.
+	iptables_red
 }
 
 iptables_red() {
-- 
2.39.2