From 23ab7d24d719e32a6eff8d6537c0c4ed74c5edbb Mon Sep 17 00:00:00 2001
From: blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Sun, 28 Sep 2008 17:40:09 +0000
Subject: [PATCH] fixes firewall rule generation. forwarding rules were
 inserted in input chains, fixes #4028

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12768 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/firewall/files/uci_firewall.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 5798b7fc4..0f7e2ff05 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -216,10 +216,13 @@ fw_rule() {
 	config_get proto $1 proto
 	config_get target $1 target
 	config_get ruleset $1 ruleset
-
+	
+	ZONE=input
+	TARGET=$target
 	[ -z "$target" ] && target=DROP
-	[ -n "$src" ] && ZONE=zone_$src || ZONE=input
-	[ -n "$dest" ] && TARGET=zone_${dest}_$target || TARGET=$target
+	[ -n "$src" -a -z "$dest" ] && ZONE=zone_$src
+	[ -n "$src" -a -n "$dest" ] && ZONE=zone_${src}_forward
+	[ -n "$dest" ] && TARGET=zone_${dest}_$target
 	add_rule() {
 		$IPTABLES -I $ZONE 1 \
 			${proto:+-p $proto} \
-- 
2.20.1