From e03b255302eb0c0aab5b1b5995d65bf0075669a3 Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Fri, 8 Oct 2010 13:50:30 +0000
Subject: [PATCH] [backfire] backport r23318

git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@23324 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/Makefile              |  2 +-
 package/firewall/files/uci_firewall.sh | 10 +++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 11dac8f41..dc61f7c75 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=1
-PKG_RELEASE:=19
+PKG_RELEASE:=20
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index e0cb42e6d..be6620d19 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -388,10 +388,11 @@ fw_rule() {
 		[ -n "$dest" ] && TARGET="zone_${dest}_${TARGET}"
 	fi
 
-	eval 'RULE_COUNT=$((++RULE_COUNT_'$ZONE'))'
+	local pos
+	eval 'pos=$((++FW__RULE_COUNT_'$ZONE'))'
 
 	add_rule() {
-		$IPTABLES -t $TABLE -I $ZONE $RULE_COUNT \
+		$IPTABLES -t $TABLE -I $ZONE $pos \
 			$srcaddr $destaddr \
 			${proto:+-p $proto} \
 			${icmp_type:+--icmp-type $icmp_type} \
@@ -501,7 +502,10 @@ fw_redirect() {
 	get_portrange destports "${dest_port-$src_dport}" ":"
 
 	add_rule() {
-		$IPTABLES -I $natchain 1 -t nat \
+		local pos
+		eval 'pos=$((++FW__REDIR_COUNT_'$natchain'))'
+
+		$IPTABLES -I $natchain $pos -t nat \
 			$srcaddr $srcdaddr \
 			${proto:+-p $proto} \
 			${srcports:+--sport $srcports} \