From d650bc1df9eaa9c0394d67e6f25faa74eb37bfe1 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 20 Mar 2007 23:44:12 +0000
Subject: [PATCH] Order rules in iptables-restore input differently

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5603 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/Shorewall/Chains.pm | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm
index b2fcee83b..96739b39e 100644
--- a/New/Shorewall/Chains.pm
+++ b/New/Shorewall/Chains.pm
@@ -1235,6 +1235,8 @@ sub insertnatjump( $$$$ ) {
     }
 }
 
+my @builtins = qw(PREROUTING INPUT FORWARD OUTPUT POSTROUTING);
+
 sub create_netfilter_load() {
     emit 'setup_netfilter()';
     emit '{';
@@ -1242,16 +1244,23 @@ sub create_netfilter_load() {
 
     for my $table qw/raw nat mangle filter/ {
 	emit "*$table";
+		
 	my @chains;
+	
+	for my $chain ( @builtins ) {
+	    my $chainref = $chain_table{$table}{$chain};
+	    if ( $chainref ) {
+		emit ":$chain $chainref->{policy} [0:0]";
+		push @chains, $chainref;
+	    }
+	}
+
 	for my $chain ( grep $chain_table{$table}{$_}->{referenced} , ( sort keys %{$chain_table{$table}} ) ) {
 	    my $chainref =  $chain_table{$table}{$chain};
-	    if ( $chainref->{builtin} ) {
-		emit ":$chainref->{name} $chainref->{policy} [0:0]";
-	    } else {
+	    unless ( $chainref->{builtin} ) {
 		emit ":$chainref->{name} - [0:0]";
+		push @chains, $chainref;
 	    }
-
-	    push @chains, $chainref;
 	}
 
 	for my $chainref ( @chains ) {