custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029

author John Crispin <john@openwrt.org>

Sun, 28 Sep 2008 17:06:39 +0000 (17:06 +0000)

committer John Crispin <john@openwrt.org>

Sun, 28 Sep 2008 17:06:39 +0000 (17:06 +0000)
author John Crispin <john@openwrt.org>
Sun, 28 Sep 2008 17:06:39 +0000 (17:06 +0000)
committer John Crispin <john@openwrt.org>
Sun, 28 Sep 2008 17:06:39 +0000 (17:06 +0000)
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh

index a09e7079c20db139acaf907c3385c545852109f6..5798b7fc48bb617e07493a84858a53fd2efa2db8 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -354,9 +354,9 @@ fw_custom_chains_zone() {
         $IPTABLES -N input_${zone}
         $IPTABLES -N forwarding_${zone}
         $IPTABLES -N prerouting_${zone} -t nat
-       $IPTABLES -A zone_${zone} -j input_${zone}
-       $IPTABLES -A zone_${zone}_forward -j forwarding_${zone}
-       $IPTABLES -A zone_${zone}_prerouting -t nat -j prerouting_${zone}
+       $IPTABLES -I zone_${zone} 1 -j input_${zone}
+       $IPTABLES -I zone_${zone}_forward 1 -j forwarding_${zone}
+       $IPTABLES -I zone_${zone}_prerouting 1 -t nat -j prerouting_${zone}
  }
  
  fw_init() {
author	John Crispin <john@openwrt.org>
	Sun, 28 Sep 2008 17:06:39 +0000 (17:06 +0000)
committer	John Crispin <john@openwrt.org>
	Sun, 28 Sep 2008 17:06:39 +0000 (17:06 +0000)