drakfirewall: list loc zone before net zone in /etc/shorewall/zones

This is useful to apply local rules before net rules for a
"one-armed" router, e.g. one interface with both a public IP
address and a local private address, with such an entry in
/etc/shorewall/hosts: "loc eth0:192.168.0.0/24"

2 files changed, 6 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index a580e8f..d99f4c1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
 - improve MAC adress help
 - drakfirewall:
   o fix detecting if shorewall is enabled (mga#8699)
+  o list loc zone before net zone in /etc/shorewall/zones;
+    this is useful to apply local rules before net rules for a
+    "one-armed" router, e.g. one interface with both a public IP
+    address and a local private address, with such an entry in
+    /etc/shorewall/hosts: "loc eth0:192.168.0.0/24"
 
 1.19.2:
 - re-add broadcom-wl reference
diff --git a/lib/network/shorewall.pm b/lib/network/shorewall.pm
index ee71d1d..5ee8d38 100644
--- a/lib/network/shorewall.pm
+++ b/lib/network/shorewall.pm
@@ -184,8 +184,8 @@ What do you want to do?"),
     };
 
     set_config_file("zones",
-                    [ 'net', 'ipv4' ],
                     if_($has_loc_zone, [ 'loc', 'ipv4' ]),
+                    [ 'net', 'ipv4' ],
                     [ 'fw', 'firewall' ],
                 );
     set_config_file('interfaces',