Remove from Input chain, changed order of the filters since

the normal table contaings a drop rule and so the mac table would never be reached. Still need to check if input is necessary.
2026-04-10 19:15:54 +02:00 · 2010-09-05 09:48:37 +02:00
parent d3f1f99927
commit 3f8fbea51d
1 changed files with 1 additions and 2 deletions
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -183,9 +183,8 @@ case "$1" in
 	/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT

 	# Outgoing Firewall
-	/sbin/iptables -A FORWARD -j OUTGOINGFW
 	/sbin/iptables -A FORWARD -j OUTGOINGFWMAC
-	/sbin/iptables -A INPUT -j OUTGOINGFWMAC
+	/sbin/iptables -A FORWARD -j OUTGOINGFW

 	# localhost and ethernet.
 	/sbin/iptables -A INPUT   -i lo          -m state --state NEW -j ACCEPT