aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2006-09-26 14:00:22 +0000
committerFelix Fietkau <nbd@openwrt.org>2006-09-26 14:00:22 +0000
commitcbfcdded837a893f7eb20d139a2858ba327701bb (patch)
treeee69a534b9efc43b0ce2ed70647967021af8b8a0
parent84c1720e956730b15f4355168053d8b2af3d8b91 (diff)
downloadupstream-cbfcdded837a893f7eb20d139a2858ba327701bb.tar.gz
upstream-cbfcdded837a893f7eb20d139a2858ba327701bb.tar.bz2
upstream-cbfcdded837a893f7eb20d139a2858ba327701bb.zip
sync firewall script with whiterussian changes
git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4858 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rwxr-xr-xpackage/iptables/files/firewall.init6
1 files changed, 5 insertions, 1 deletions
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index a0bd99ef9a..ceaa68ac26 100755
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -23,6 +23,10 @@ iptables -N forwarding_rule
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
+iptables -N LAN_ACCEPT
+[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+iptables -A LAN_ACCEPT -j ACCEPT
+
### INPUT
### (connections with the router as destination)
@@ -38,7 +42,7 @@ iptables -t nat -N postrouting_rule
iptables -A INPUT -j input_rule
# allow
- iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT # allow from lan/wifi interfaces
+ iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces
iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
iptables -A INPUT -p gre -j ACCEPT # allow GRE