diff options
author | Felix Fietkau <nbd@openwrt.org> | 2009-09-24 21:59:16 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2009-09-24 21:59:16 +0000 |
commit | e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69 (patch) | |
tree | 658f3d119b0fd486697be0c78243e8d39cd59eee /package | |
parent | 615a4d1e45ff7f17006b302e80773a7d351c3c78 (diff) | |
download | upstream-e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69.tar.gz upstream-e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69.tar.bz2 upstream-e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69.zip |
firewall: add sanity checks to zone default rules (patch from #5459)
SVN-Revision: 17713
Diffstat (limited to 'package')
-rwxr-xr-x | package/firewall/files/uci_firewall.sh | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh index 44dd48b4e4..3c13631a3b 100755 --- a/package/firewall/files/uci_firewall.sh +++ b/package/firewall/files/uci_firewall.sh @@ -56,9 +56,9 @@ create_zone() { $IPTABLES -N zone_$1_DROP $IPTABLES -N zone_$1_REJECT $IPTABLES -N zone_$1_forward - $IPTABLES -A zone_$1_forward -j zone_$1_$5 - $IPTABLES -A zone_$1 -j zone_$1_$3 - $IPTABLES -A output -j zone_$1_$4 + [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5 + [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3 + [ "$4" ] && $IPTABLES -A output -j zone_$1_$4 $IPTABLES -N zone_$1_nat -t nat $IPTABLES -N zone_$1_prerouting -t nat $IPTABLES -t raw -N zone_$1_notrack |