add firewall protection for wan_device in addition to wan_ifname (fixes #852)

author Felix Fietkau <nbd@openwrt.org>

Sun, 15 Oct 2006 23:04:23 +0000 (23:04 +0000)

committer Felix Fietkau <nbd@openwrt.org>

Sun, 15 Oct 2006 23:04:23 +0000 (23:04 +0000)
author Felix Fietkau <nbd@openwrt.org>
Sun, 15 Oct 2006 23:04:23 +0000 (23:04 +0000)
committer Felix Fietkau <nbd@openwrt.org>
Sun, 15 Oct 2006 23:04:23 +0000 (23:04 +0000)
diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init

index 1b2573331d6c70894ac157d9f7f12c8aacca563a..5274a5250df921995de0001a437a2dc2ca8c3298 100755 (executable)
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -3,8 +3,9 @@
  ## Please make changes in /etc/firewall.user
  
  . /etc/functions.sh
-WAN=$(nvram get wan_ifname)
-LAN=$(nvram get lan_ifname)
+WAN="$(nvram get wan_ifname)"
+WANDEV="$(nvram get wan_device)"
+LAN="$(nvram get lan_ifname)"
  
  ## CLEAR TABLES
  for T in filter nat; do
@@ -21,6 +22,7 @@ iptables -t nat -N postrouting_rule
  
  iptables -N LAN_ACCEPT
  [ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+[ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A LAN_ACCEPT -i "$WANDEV" -j RETURN
  iptables -A LAN_ACCEPT -j ACCEPT
  
  ### INPUT
author	Felix Fietkau <nbd@openwrt.org>
	Sun, 15 Oct 2006 23:04:23 +0000 (23:04 +0000)
committer	Felix Fietkau <nbd@openwrt.org>
	Sun, 15 Oct 2006 23:04:23 +0000 (23:04 +0000)