diff --git a/Shorewall/firewall b/Shorewall/firewall
index d4d84d572..fef7419bd 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -7712,17 +7712,30 @@ initialize_netfilter () {
 
     deletechain shorewall
 
-    [ -n "$NAT_ENABLED" ] && delete_nat
+    if [ -n "$NAT_ENABLED" ]; then
+	delete_nat
+	for chain in PREROUTING POSTROUTING OUTPUT; do
+	    run_iptables -t nat -P $chain ACCEPT
+	done
+    fi
 
     delete_proxy_arp
 
-    [ -n "$MANGLE_ENABLED" ] && \
-	run_iptables -t mangle -F && \
+    if [ -n "$MANGLE_ENABLED" ]; then
+	run_iptables -t mangle -F
 	run_iptables -t mangle -X
+	for chain in PREROUTING INPUT FORWARD POSTROUTING; do
+	    run_iptables -t mangle -P $chain ACCEPT
+	done
+    fi
 
-    [ -n "$RAW_TABLE" ] && \
-	run_iptables -t raw -F && \
+    if [ -n "$RAW_TABLE" ]; then
+	run_iptables -t raw -F
 	run_iptables -t raw -X
+	for chain in PREROUTING OUTPUT; do
+	    run_iptables -t raw -P $chain ACCEPT
+	done
+    fi
 
     [ -n "$CLEAR_TC" ] && delete_tc
 
@@ -7734,26 +7747,6 @@ initialize_netfilter () {
 
     process_criticalhosts
 
-    [ -n "$RAW_TABLE" ] && rawtable=raw || rawtable=
-
-    for table in mangle nat $rawtable ; do
-	case $table in
-	    mangle)
-		chains="PREROUTING INPUT FORWARD POSTROUTING"
-		;;
-	    nat)
-		chains="PREROUTING POSTROUTING OUTPUT"
-		;;
-	    *)
-		chains="PREROUTING OUTPUT"
-		;;
-	esac
-
-	for chain in $chains; do
-	    iptables -t $table -P $chain ACCEPT
-	done
-    done
-
     if [ -n "$CRITICALHOSTS" ]; then
 
 	setpolicy INPUT ACCEPT