From 7c1a9658fc92c82144339ea1e544b3a23da34355 Mon Sep 17 00:00:00 2001
From: kishan <kishan@cloud.com>
Date: Mon, 13 Aug 2012 20:57:02 +0530
Subject: [PATCH] bug CS-15972: Insert iptable rules to set vpn mark before vpn
 usage chain status CS-15972: resolved fixed

---
 patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
index 196221295dc..0b8c992dd11 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
@@ -54,9 +54,9 @@ start_ipsec() {
 enable_iptables_subnets() {
   for net in $rightnets
   do
-    sudo iptables -A FORWARD -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
+    sudo iptables -I FORWARD -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
     sudo iptables -A OUTPUT -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
-    sudo iptables -A FORWARD -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
+    sudo iptables -I FORWARD -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
     sudo iptables -A INPUT -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
   done
   return 0