From: nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 26 Sep 2006 14:00:22 +0000 (+0000)
Subject: sync firewall script with whiterussian changes
X-Git-Url: https://git.rohieb.name/openwrt.git/commitdiff_plain/b664928394cae9b3a5c0c024c9abf6344aea874c?hp=582b0b691c88a47fd3b45449465db4ab233c2754

sync firewall script with whiterussian changes

git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4858 3c298f89-4303-0410-b956-a3cf2f4a3e73
---

diff --git a/package/iptables/files/firewall.init b/package/iptables/files/firewall.init
index a0bd99ef9..ceaa68ac2 100755
--- a/package/iptables/files/firewall.init
+++ b/package/iptables/files/firewall.init
@@ -23,6 +23,10 @@ iptables -N forwarding_rule
 iptables -t nat -N prerouting_rule
 iptables -t nat -N postrouting_rule
 
+iptables -N LAN_ACCEPT
+[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+iptables -A LAN_ACCEPT -j ACCEPT
+
 ### INPUT
 ###  (connections with the router as destination)
 
@@ -38,7 +42,7 @@ iptables -t nat -N postrouting_rule
   iptables -A INPUT -j input_rule
 
   # allow
-  iptables -A INPUT ${WAN:+-i \! $WAN}	-j ACCEPT	# allow from lan/wifi interfaces 
+  iptables -A INPUT -j LAN_ACCEPT	# allow from lan/wifi interfaces 
   iptables -A INPUT -p icmp	-j ACCEPT	# allow ICMP
   iptables -A INPUT -p gre	-j ACCEPT	# allow GRE