Fix configuration execution order
External configuration must be applied before macros are executed. Otherwise, a specific rule in a configuration car be overwritten by IP/PORTS rules from macros.
This commit is contained in:
parent
0f682c346e
commit
b778613d4f
|
@ -298,6 +298,11 @@ start() {
|
||||||
${IPT6} -A LOG_ACCEPT -j ACCEPT
|
${IPT6} -A LOG_ACCEPT -j ACCEPT
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Source additional rules and commands
|
||||||
|
# * from legacy configuration file (/etc/default/minifirewall)
|
||||||
|
# * from configuration directory (/etc/minifirewall.d/*)
|
||||||
|
source_includes
|
||||||
|
|
||||||
# Trusted ip addresses
|
# Trusted ip addresses
|
||||||
${IPT} -N ONLYTRUSTED
|
${IPT} -N ONLYTRUSTED
|
||||||
${IPT} -A ONLYTRUSTED -j LOG_DROP
|
${IPT} -A ONLYTRUSTED -j LOG_DROP
|
||||||
|
@ -713,9 +718,6 @@ start() {
|
||||||
source_file_or_error "${config_file}"
|
source_file_or_error "${config_file}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Source files present in optional directory
|
|
||||||
source_includes
|
|
||||||
|
|
||||||
trap - INT TERM EXIT
|
trap - INT TERM EXIT
|
||||||
|
|
||||||
echo "...starting IPTables rules is now finish : OK"
|
echo "...starting IPTables rules is now finish : OK"
|
||||||
|
|
Loading…
Reference in a new issue