firewall: do not process rules in reverse

author Felix Fietkau <nbd@openwrt.org>

Sat, 10 Oct 2009 18:08:26 +0000 (18:08 +0000)

committer Felix Fietkau <nbd@openwrt.org>

Sat, 10 Oct 2009 18:08:26 +0000 (18:08 +0000)
author Felix Fietkau <nbd@openwrt.org>
Sat, 10 Oct 2009 18:08:26 +0000 (18:08 +0000)
committer Felix Fietkau <nbd@openwrt.org>
Sat, 10 Oct 2009 18:08:26 +0000 (18:08 +0000)
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh

index 3aa1f69c46f958f37da846d14fcac8454984f440..64e052fcb2e553ced338de127ac892d5a95ce4ef 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -280,7 +280,7 @@ fw_rule() {
         [ -n "$src" -a -n "$dest" ] && ZONE=zone_${src}_forward
         [ -n "$dest" ] && TARGET=zone_${dest}_$target
         add_rule() {
-               $IPTABLES -I $ZONE 1 \
+               $IPTABLES -A $ZONE \
                         ${proto:+-p $proto} \
                         ${icmp_type:+--icmp-type $icmp_type} \
                         ${src_ip:+-s $src_ip} \
author	Felix Fietkau <nbd@openwrt.org>
	Sat, 10 Oct 2009 18:08:26 +0000 (18:08 +0000)
committer	Felix Fietkau <nbd@openwrt.org>
	Sat, 10 Oct 2009 18:08:26 +0000 (18:08 +0000)