From 23ea5bcfba0d3d68de674d7562eaed519c29e1ad Mon Sep 17 00:00:00 2001
From: djGrrr <github@linuxhosted.ca>
Date: Sat, 30 Jul 2016 02:42:43 -0230
Subject: [PATCH] custom scrub rules need to be first

The custom scrub rules on the normalization settings page effectively
cannot be reached since the standard interface scrub rules are listed
first.

This patch swaps that order around so that custom scrub rules get
evaluated first.
---
 src/etc/inc/filter.inc | 41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 2e3ce9835..0b066758e 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -570,26 +570,7 @@ function filter_generate_scrubing(&$FilterIflist)
 
     $scrubrules = '';
 
-    /* scrub per interface options */
-    if (empty($config['system']['scrub_interface_disable'])) {
-        foreach ($FilterIflist as $scrubif => $scrubcfg) {
-            if (isset($scrubcfg['virtual']) || empty($scrubcfg['descr'])) {
-                continue;
-            } else {
-                /* set up MSS clamping */
-                if (!empty($scrubcfg['mss']) && is_numeric($scrubcfg['mss']) &&
-                    !in_array($scrubcfg['if'], array('pppoe', 'pptp', 'l2tp'))) {
-                    $mssclamp = "max-mss " . (intval($scrubcfg['mss'] - 40));
-                } else {
-                    $mssclamp = '';
-                }
-                $scrubnodf = !empty($config['system']['scrubnodf']) ? "no-df" : "";
-                $scrubrnid = !empty($config['system']['scrubrnid']) ? "random-id" : "";
-                $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp}\n";
-            }
-        }
-    }
-
+    /* custom rules must be first */
     if (!empty($config['filter']['scrub']['rule'])) {
         foreach ($config['filter']['scrub']['rule'] as $scrub_rule) {
             if (!isset($scrub_rule['disabled'])) {
@@ -634,6 +615,26 @@ function filter_generate_scrubing(&$FilterIflist)
         }
     }
 
+    /* scrub per interface options */
+    if (empty($config['system']['scrub_interface_disable'])) {
+        foreach ($FilterIflist as $scrubif => $scrubcfg) {
+            if (isset($scrubcfg['virtual']) || empty($scrubcfg['descr'])) {
+                continue;
+            } else {
+                /* set up MSS clamping */
+                if (!empty($scrubcfg['mss']) && is_numeric($scrubcfg['mss']) &&
+                    !in_array($scrubcfg['if'], array('pppoe', 'pptp', 'l2tp'))) {
+                    $mssclamp = "max-mss " . (intval($scrubcfg['mss'] - 40));
+                } else {
+                    $mssclamp = '';
+                }
+                $scrubnodf = !empty($config['system']['scrubnodf']) ? "no-df" : "";
+                $scrubrnid = !empty($config['system']['scrubrnid']) ? "random-id" : "";
+                $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp}\n";
+            }
+        }
+    }
+
     return $scrubrules;
 }