firewall: do not process rules in reverse

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18015 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 3aa1f69c46f958f37da846d14fcac8454984f440..64e052fcb2e553ced338de127ac892d5a95ce4ef 100755 (executable)
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -280,7 +280,7 @@ fw_rule() {
        [ -n "$src" -a -n "$dest" ] && ZONE=zone_${src}_forward
        [ -n "$dest" ] && TARGET=zone_${dest}_$target
        add_rule() {
-               $IPTABLES -I $ZONE 1 \
+               $IPTABLES -A $ZONE \
                        ${proto:+-p $proto} \
                        ${icmp_type:+--icmp-type $icmp_type} \
                        ${src_ip:+-s $src_ip} \