sync firewall script with whiterussian changes

author nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>

Tue, 26 Sep 2006 14:00:22 +0000 (14:00 +0000)

committer nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>

Tue, 26 Sep 2006 14:00:22 +0000 (14:00 +0000)
author nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Tue, 26 Sep 2006 14:00:22 +0000 (14:00 +0000)
committer nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Tue, 26 Sep 2006 14:00:22 +0000 (14:00 +0000)
diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init

index a0bd99ef9a9de84a21debebc5268b2661fab6a12..ceaa68ac262575037ffff7bfe27e90fe8100e518 100755 (executable)
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -23,6 +23,10 @@ iptables -N forwarding_rule
  iptables -t nat -N prerouting_rule
  iptables -t nat -N postrouting_rule
  
+iptables -N LAN_ACCEPT
+[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+iptables -A LAN_ACCEPT -j ACCEPT
+
  ### INPUT
  ###  (connections with the router as destination)
  
@@ -38,7 +42,7 @@ iptables -t nat -N postrouting_rule
    iptables -A INPUT -j input_rule
  
    # allow
-  iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT -j LAN_ACCEPT      # allow from lan/wifi interfaces 
    iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
    iptables -A INPUT -p gre     -j ACCEPT       # allow GRE
author	nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
	Tue, 26 Sep 2006 14:00:22 +0000 (14:00 +0000)
committer	nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
	Tue, 26 Sep 2006 14:00:22 +0000 (14:00 +0000)