don't recreate the resolv.conf file from the dhcp script if no dhcp server is supplie...

[openwrt.git] / package / iptables / files / firewall.init

diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index 3804d04..ceaa68a 100755 (executable)
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -1,10 +1,14 @@
 #!/bin/sh
+# Copyright (C) 2006 OpenWrt.org
 
 ## Please make changes in /etc/firewall.user
 
-. /etc/config/network
-WAN="$wan_ifname"
-LAN="$lan_ifname"
+. /etc/functions.sh
+include network
+
+scan_interfaces
+config_get WAN wan ifname
+config_get LAN lan ifname
 
 ## CLEAR TABLES
 for T in filter nat; do
@@ -19,6 +23,10 @@ iptables -N forwarding_rule
 iptables -t nat -N prerouting_rule
 iptables -t nat -N postrouting_rule
 
+iptables -N LAN_ACCEPT
+[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+iptables -A LAN_ACCEPT -j ACCEPT
+
 ### INPUT
 ###  (connections with the router as destination)
 
@@ -34,7 +42,7 @@ iptables -t nat -N postrouting_rule
   iptables -A INPUT -j input_rule
 
   # allow
-  [ -z "$WAN" ] || iptables -A INPUT -i \! $WAN        -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT -j LAN_ACCEPT      # allow from lan/wifi interfaces 
   iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
   iptables -A INPUT -p gre     -j ACCEPT       # allow GRE