firewall: insert rules at the beginning of chains again while maintaining non reverse...

SVN-Revision: 19946

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 4921b91bae75bd4e204fff60afd8f58691b70fc9..8d7538201b97882d9236b02a66c4a3c0ec41651a 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -294,8 +294,11 @@ fw_rule() {
        [ -n "$src" -a -z "$dest" ] && ZONE=zone_$src
        [ -n "$src" -a -n "$dest" ] && ZONE=zone_${src}_forward
        [ -n "$dest" ] && TARGET=zone_${dest}_$target
+
+       eval 'RULE_COUNT=$((++RULE_COUNT_'$ZONE'))'
+
        add_rule() {
-               $IPTABLES -A $ZONE \
+               $IPTABLES -I $ZONE $RULE_COUNT \
                        ${proto:+-p $proto} \
                        ${icmp_type:+--icmp-type $icmp_type} \
                        ${src_ip:+-s $src_ip} \