From c5ace1f1042b2ab5f966416877bcb74d8ba7b8cf Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Sun, 19 Apr 2009 20:54:54 +0000
Subject: [PATCH] Merge r15221 & r15278 to 8.09

SVN-Revision: 15282
---
 package/firewall/Makefile              | 2 +-
 package/firewall/files/firewall.config | 8 ++++----
 package/firewall/files/firewall.user   | 4 ++++
 package/firewall/files/uci_firewall.sh | 4 ++--
 4 files changed, 11 insertions(+), 7 deletions(-)
 mode change 100755 => 100644 package/firewall/files/firewall.config
 create mode 100644 package/firewall/files/firewall.user

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 9d4e5dd31a..dfbef6106d 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=1
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
old mode 100755
new mode 100644
index 46f7de5d77..464540f990
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -22,6 +22,10 @@ config forwarding
 	option dest     wan
 	option mtu_fix	1
 
+# include a file with users custom iptables rules
+config include
+	option path /etc/firewall.user
+
 
 ### EXAMPLE CONFIG SECTIONS
 # do not allow a specific ip to access wan
@@ -53,10 +57,6 @@ config forwarding
 #	option dest_port	80 
 #	option proto		tcp
 
-# include a file with users custom iptables rules
-#config include
-#	option path /etc/firewall.user
-
 
 ### FULL CONFIG SECTIONS
 #config rule
diff --git a/package/firewall/files/firewall.user b/package/firewall/files/firewall.user
new file mode 100644
index 0000000000..1ccbd01657
--- /dev/null
+++ b/package/firewall/files/firewall.user
@@ -0,0 +1,4 @@
+# This file is interpreted as shell script.
+# Put your custom iptables rules here, they will
+# be executed with each firewall (re-)start.
+
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index f6fa82b9cb..c197003595 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -401,12 +401,12 @@ fw_init() {
 	config_foreach fw_defaults defaults
 	echo "Loading zones"
 	config_foreach fw_zone zone
-	echo "Loading rules"
-	config_foreach fw_rule rule
 	echo "Loading forwarding"
 	config_foreach fw_forwarding forwarding
 	echo "Loading redirects"
 	config_foreach fw_redirect redirect
+	echo "Loading rules"
+	config_foreach fw_rule rule
 	echo "Loading includes"
 	config_foreach fw_include include
 	uci_set_state firewall core loaded 1
-- 
2.30.2