diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2006-09-26 14:00:22 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2006-09-26 14:00:22 +0000 |
| commit | 014e097b1a1da4ba4fd8b69f7c9c3aef041859c9 (patch) | |
| tree | 571d68b61cd5b4dad3412f8e4433b4892d17da47 | |
| parent | bd784a4782e124fc995878ec824d4315e71a9f33 (diff) | |
| download | upstream-014e097b1a1da4ba4fd8b69f7c9c3aef041859c9.tar.gz upstream-014e097b1a1da4ba4fd8b69f7c9c3aef041859c9.tar.bz2 upstream-014e097b1a1da4ba4fd8b69f7c9c3aef041859c9.zip | |
sync firewall script with whiterussian changes
SVN-Revision: 4858
| -rwxr-xr-x | openwrt/package/iptables/files/firewall.init | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init index a0bd99ef9a..ceaa68ac26 100755 --- a/openwrt/package/iptables/files/firewall.init +++ b/openwrt/package/iptables/files/firewall.init @@ -23,6 +23,10 @@ iptables -N forwarding_rule iptables -t nat -N prerouting_rule iptables -t nat -N postrouting_rule +iptables -N LAN_ACCEPT +[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN +iptables -A LAN_ACCEPT -j ACCEPT + ### INPUT ### (connections with the router as destination) @@ -38,7 +42,7 @@ iptables -t nat -N postrouting_rule iptables -A INPUT -j input_rule # allow - iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT # allow from lan/wifi interfaces + iptables -A INPUT -j LAN_ACCEPT # allow from lan/wifi interfaces iptables -A INPUT -p icmp -j ACCEPT # allow ICMP iptables -A INPUT -p gre -j ACCEPT # allow GRE |