From ab0ce6734baf6b05f59cf9e83f5be38ff920f9d1 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Fri, 11 Mar 2011 11:53:18 +0000
Subject: [PATCH] * firewall.nix: Only flush/delete the chains created by us.

svn path=/nixos/trunk/; revision=26271
---
 modules/services/networking/firewall.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/services/networking/firewall.nix b/modules/services/networking/firewall.nix
index f719e6777a7..15e937b6736 100644
--- a/modules/services/networking/firewall.nix
+++ b/modules/services/networking/firewall.nix
@@ -116,7 +116,8 @@ in
               ip6tables "$@"
             }
 
-            ip46tables -F
+            ip46tables -F INPUT
+            ip46tables -F FW_REFUSE || true
             ip46tables -X # flush unused chains
             ip46tables -P INPUT DROP
 
@@ -179,9 +180,9 @@ in
 
         postStop =
           ''
-            iptables -F
+            iptables -F INPUT
             iptables -P INPUT ACCEPT
-            ip6tables -F
+            ip6tables -F INPUT
             ip6tables -P INPUT ACCEPT
           '';
       };