From e996b1807709f625675513ff75aabffc3c4a3c87 Mon Sep 17 00:00:00 2001
From: Olivier Blin <blino@mageia.org>
Date: Sun, 24 Mar 2013 14:49:30 +0000
Subject: drakfirewall: list loc zone before net zone in /etc/shorewall/zones

This is useful to apply local rules before net rules for a
"one-armed" router, e.g. one interface with both a public IP
address and a local private address, with such an entry in
/etc/shorewall/hosts: "loc eth0:192.168.0.0/24"
---
 lib/network/shorewall.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/network/shorewall.pm')

diff --git a/lib/network/shorewall.pm b/lib/network/shorewall.pm
index ee71d1d..5ee8d38 100644
--- a/lib/network/shorewall.pm
+++ b/lib/network/shorewall.pm
@@ -184,8 +184,8 @@ What do you want to do?"),
     };
 
     set_config_file("zones",
-                    [ 'net', 'ipv4' ],
                     if_($has_loc_zone, [ 'loc', 'ipv4' ]),
+                    [ 'net', 'ipv4' ],
                     [ 'fw', 'firewall' ],
                 );
     set_config_file('interfaces',
-- 
cgit v1.2.1