firewall: process custom rules after forwardings and redirects, this actually allows...

[openwrt/staging/dedeckeh.git] / package / firewall / files / uci_firewall.sh

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index f38bd6b9ae19c3e1d114c964c651804c347985a7..c197003595372804093f10d4ad0c92c42c8b94b4 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -154,9 +154,7 @@ fw_defaults() {
        $IPTABLES -P FORWARD DROP
 
        $IPTABLES -F
-       $IPTABLES -t mangle -F
        $IPTABLES -t nat -F
-       $IPTABLES -t mangle -X
        $IPTABLES -t nat -X
        $IPTABLES -X
 
@@ -403,12 +401,12 @@ fw_init() {
        config_foreach fw_defaults defaults
        echo "Loading zones"
        config_foreach fw_zone zone
-       echo "Loading rules"
-       config_foreach fw_rule rule
        echo "Loading forwarding"
        config_foreach fw_forwarding forwarding
        echo "Loading redirects"
        config_foreach fw_redirect redirect
+       echo "Loading rules"
+       config_foreach fw_rule rule
        echo "Loading includes"
        config_foreach fw_include include
        uci_set_state firewall core loaded 1
@@ -419,9 +417,7 @@ fw_init() {
 
 fw_stop() {
        $IPTABLES -F
-       $IPTABLES -t mangle -F
        $IPTABLES -t nat -F
-       $IPTABLES -t mangle -X
        $IPTABLES -t nat -X
        $IPTABLES -X
        $IPTABLES -P INPUT ACCEPT