Added mrd6 package : IPv6 multicast routing daemon

[openwrt.git] / openwrt / package / base-files / default / etc / init.d / S45firewall

diff --git a/openwrt/package/base-files/default/etc/init.d/S45firewall b/openwrt/package/base-files/default/etc/init.d/S45firewall
index cb77979..0110cfc 100755 (executable)
--- a/openwrt/package/base-files/default/etc/init.d/S45firewall
+++ b/openwrt/package/base-files/default/etc/init.d/S45firewall
@@ -4,11 +4,14 @@
 ${FAILSAFE:+exit}
 
 . /etc/functions.sh
+. /etc/network.overrides
+[ "$FAILSAFE" != "true" -a -e /etc/config/network ] && . /etc/config/network
+
 WAN=$(nvram get wan_ifname)
 LAN=$(nvram get lan_ifname)
 
 ## CLEAR TABLES
-for T in filter nat mangle; do
+for T in filter nat; do
   iptables -t $T -F
   iptables -t $T -X
 done
@@ -35,7 +38,7 @@ iptables -t nat -N postrouting_rule
   iptables -A INPUT -j input_rule
 
   # allow
-  iptables -A INPUT -i \! $WAN -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT       # allow from lan/wifi interfaces 
   iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
   iptables -A INPUT -p gre     -j ACCEPT       # allow GRE
 
@@ -78,16 +81,18 @@ iptables -t nat -N postrouting_rule
   iptables -A FORWARD -j forwarding_rule
 
   # allow
-  iptables -A FORWARD -i br0 -o br0 -j ACCEPT
-  iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
-
+  # if there is bridge splitting this workaround works too
+  for iface in $LAN; do
+       iptables -A FORWARD -i $iface -o $iface -j ACCEPT
+       [ -z "$WAN" ] || iptables -A FORWARD -i $iface -o $WAN -j ACCEPT
+  done
   # reject (what to do with anything not allowed earlier)
   # uses the default -P DROP
 
 ### MASQ
   iptables -t nat -A PREROUTING -j prerouting_rule
   iptables -t nat -A POSTROUTING -j postrouting_rule
-  iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+  [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
 
 ## USER RULES
 [ -f /etc/firewall.user ] && . /etc/firewall.user