From b778613d4fbdf23c728c08b6f947be03f7e11e15 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Mon, 21 Mar 2022 14:34:08 +0100
Subject: [PATCH] Fix configuration execution order

External configuration must be applied before macros are executed.
Otherwise, a specific rule in a configuration car be overwritten by IP/PORTS rules from macros.
---
 minifirewall | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/minifirewall b/minifirewall
index 0367968..ac3fc3b 100755
--- a/minifirewall
+++ b/minifirewall
@@ -298,6 +298,11 @@ start() {
         ${IPT6} -A LOG_ACCEPT -j ACCEPT
     fi
 
+    # Source additional rules and commands
+    # * from legacy configuration file (/etc/default/minifirewall)
+    # * from configuration directory (/etc/minifirewall.d/*)
+    source_includes
+
     # Trusted ip addresses
     ${IPT} -N ONLYTRUSTED
     ${IPT} -A ONLYTRUSTED -j LOG_DROP
@@ -713,9 +718,6 @@ start() {
         source_file_or_error "${config_file}"
     fi
 
-    # Source files present in optional directory
-    source_includes
-
     trap - INT TERM EXIT
 
     echo "...starting IPTables rules is now finish : OK"