S08ipchains starts before S10network. if you change S08 to S11ipchains so that it starts after network, it reverts back to S08ipchains after a reboot.
ipchains are supposed to start before the network - so you have NO time of a potential break-in occuring (ie: the time b/t the network coming up and ipchains being setup) this is normal on ALL Systems - if you're putting domain names in your ipchains then you've made a mistake and need to re-think configuring them.
Seth is correct; setting up firewall rules after network interfaces come up (or more importantly, after network services begin to be started) creates a small window of opportunity which shouldn't exist.