From 554978de37d81499f1b1aa127fdfdc367aabc606 Mon Sep 17 00:00:00 2001
From: Naredula Janardhana Reddy <jana@cloud.com>
Date: Fri, 16 Sep 2011 18:18:19 +0530
Subject: [PATCH] bug 11455: adding firewall rule chain to the main chain in
 the case when vpn chain is not present.      Reviewed-by:
 Murali.Reddy@citrix.com

---
 patches/systemvm/debian/config/root/firewall_rule.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/patches/systemvm/debian/config/root/firewall_rule.sh b/patches/systemvm/debian/config/root/firewall_rule.sh
index a9a51edbe36..71a23fe2e9f 100755
--- a/patches/systemvm/debian/config/root/firewall_rule.sh
+++ b/patches/systemvm/debian/config/root/firewall_rule.sh
@@ -61,6 +61,12 @@ fw_chain_for_ip () {
   sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT> /dev/null
   #ensure that this table is after VPN chain
   sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp
+  success=$?
+  if [ $success -gt 0 ]
+  then
+  # if VPN chain is not present for various reasons, try to add in to the first slot */
+     sudo iptables -t mangle -I PREROUTING -d $pubIp -j FIREWALL_$pubIp
+  fi
 }
 
 fw_entry_for_public_ip() {