use iptables -I instead of -A to add rules

So the rules are added at the head of the chains, taking
priority over the preloaded rules.

should fix #354

miniupnpd/netfilter/ip6tables_init.sh

@@ -6,16 +6,20 @@
 IPV6=1
 EXT=1
 . $(dirname "$0")/miniupnpd_functions.sh
+# -I inserts the rule at the head of the chain,
+# -A appends the rule at the end of the chain
+ADDCMD=-I
+#ADDCMD=-A
 
 if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
 	echo "Filter table dirty; Cleaning..."
 elif [ "$FDIRTY" = "Chain" ]; then
 	echo "Dirty filter chain but no reference..? Fixing..."
-	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+	$IPTABLES -t filter $ADDCMD FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
 else
 	echo "Filter table clean..initalizing.."
 	$IPTABLES -t filter -N $CHAIN
-	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+	$IPTABLES -t filter $ADDCMD FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
 fi
 if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t filter -F $CHAIN

miniupnpd/netfilter/iptables_init.sh

@@ -5,19 +5,23 @@
 
 EXT=1
 . $(dirname "$0")/miniupnpd_functions.sh
+# -I inserts the rule at the head of the chain,
+# -A appends the rule at the end of the chain
+ADDCMD=-I
+#ADDCMD=-A
 
 # MINIUPNPD chain for nat
 if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
 	echo "Nat table dirty; Cleaning..."
 elif [ "$NDIRTY" = "Chain" ]; then
 	echo "Dirty NAT chain but no reference..? Fixing..."
-	#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
-	$IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN
+	#$IPTABLES -t nat $ADDCMD PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
+	$IPTABLES -t nat $ADDCMD PREROUTING -i $EXTIF -j $CHAIN
 else
 	echo "NAT table clean..initalizing.."
 	$IPTABLES -t nat -N $CHAIN
-	#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
-	$IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN
+	#$IPTABLES -t nat $ADDCMD PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
+	$IPTABLES -t nat $ADDCMD PREROUTING -i $EXTIF -j $CHAIN
 fi
 if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t nat -F $CHAIN
@@ -28,11 +32,11 @@ if [ "$MDIRTY" = "${CHAIN}Chain" ]; then
 	echo "Mangle table dirty; Cleaning..."
 elif [ "$MDIRTY" = "Chain" ]; then
 	echo "Dirty Mangle chain but no reference..? Fixing..."
-	$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j $CHAIN
+	$IPTABLES -t mangle $ADDCMD PREROUTING -i $EXTIF -j $CHAIN
 else
 	echo "Mangle table clean..initializing..."
 	$IPTABLES -t mangle -N $CHAIN
-	$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j $CHAIN
+	$IPTABLES -t mangle $ADDCMD PREROUTING -i $EXTIF -j $CHAIN
 fi
 if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t mangle -F $CHAIN
@@ -43,11 +47,11 @@ if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
 	echo "Filter table dirty; Cleaning..."
 elif [ "$FDIRTY" = "Chain" ]; then
 	echo "Dirty filter chain but no reference..? Fixing..."
-	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+	$IPTABLES -t filter $ADDCMD FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
 else
 	echo "Filter table clean..initalizing.."
 	$IPTABLES -t filter -N MINIUPNPD
-	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+	$IPTABLES -t filter $ADDCMD FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
 fi
 if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t filter -F $CHAIN
@@ -58,11 +62,11 @@ if [ "$NPDIRTY" = "${CHAIN}-POSTROUTINGChain" ]; then
 	echo "Postrouting Nat table dirty; Cleaning..."
 elif [ "$NPDIRTY" = "Chain" ]; then
 	echo "Dirty POSTROUTING NAT chain but no reference..? Fixing..."
-	$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
+	$IPTABLES -t nat $ADDCMD POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
 else
 	echo "POSTROUTING NAT table clean..initalizing.."
 	$IPTABLES -t nat -N $CHAIN-POSTROUTING
-	$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
+	$IPTABLES -t nat $ADDCMD POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
 fi
 if [ "$CLEAN" = "yes" ]; then
 	$IPTABLES -t nat -F $CHAIN-POSTROUTING