diff options
author | Felix Fietkau <nbd@openwrt.org> | 2006-10-15 23:04:23 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2006-10-15 23:04:23 +0000 |
commit | 24591d8f63e1bb9f930b429d429e29c51dfbf492 (patch) | |
tree | 27055858d82ce4eb2e6fe506c44749f1944d747c | |
parent | a6b335b84e012767b36d4f346806370557145d00 (diff) | |
download | upstream-24591d8f63e1bb9f930b429d429e29c51dfbf492.tar.gz upstream-24591d8f63e1bb9f930b429d429e29c51dfbf492.tar.bz2 upstream-24591d8f63e1bb9f930b429d429e29c51dfbf492.zip |
add firewall protection for wan_device in addition to wan_ifname (fixes #852)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5136 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rwxr-xr-x | package/iptables/files/firewall.init | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init index 1e39d05fd9..4e8317d662 100755 --- a/package/iptables/files/firewall.init +++ b/package/iptables/files/firewall.init @@ -8,6 +8,7 @@ start() { scan_interfaces config_get WAN wan ifname + config_get WANDEV wan device config_get LAN lan ifname ## CLEAR TABLES @@ -25,6 +26,7 @@ start() { iptables -N LAN_ACCEPT [ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN + [ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A LAN_ACCEPT -i "$WANDEV" -j RETURN iptables -A LAN_ACCEPT -j ACCEPT ### INPUT |