projects / openwrt / svn-archive / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0726981)
add extra chain for non-wan traffic
authorFelix Fietkau <[email protected]>
Sat, 19 Aug 2006 22:27:23 +0000 (22:27 +0000)
committerFelix Fietkau <[email protected]>
Sat, 19 Aug 2006 22:27:23 +0000 (22:27 +0000)
SVN-Revision: 4611

openwrt/package/iptables/Makefile patch | blob | history
openwrt/package/iptables/files/firewall.init patch | blob | history

diff --git a/openwrt/package/iptables/Makefile b/openwrt/package/iptables/Makefile
index ac7a0a41fa4de4166aa3e7b538a67fa37bc7fc70..fa12f5953ad1d7d2261aa7cd086cae7de972783d 100644 (file)
--- a/openwrt/package/iptables/Makefile
+++ b/openwrt/package/iptables/Makefile
@@ -75,7 +75,7 @@ $(IPKG_IPTABLES):
        install -d -m0755 $(IDIR_IPTABLES)/etc/config
        install -m0644 ./files/firewall.config $(IDIR_IPTABLES)/etc/config/firewall
        install -d -m0755 $(IDIR_IPTABLES)/etc/init.d
-       install -m0755 ./files/firewall.init $(IDIR_IPTABLES)/etc/init.d/S45firewall
+       install -m0755 ./files/firewall.init $(IDIR_IPTABLES)/etc/init.d/S35firewall
        install -m0755 ./files/firewall.user $(IDIR_IPTABLES)/etc/
        install -d -m0755 $(IDIR_IPTABLES)/usr/lib
        install -m0644 ./files/firewall.awk $(IDIR_IPTABLES)/usr/lib
diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init
index 0a7daab31900b72f182385a480b3180bd5e4d8d3..1b2573331d6c70894ac157d9f7f12c8aacca563a 100755 (executable)
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -19,6 +19,10 @@ iptables -N forwarding_rule
 iptables -t nat -N prerouting_rule
 iptables -t nat -N postrouting_rule
 
+iptables -N LAN_ACCEPT
+[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+iptables -A LAN_ACCEPT -j ACCEPT
+
 ### INPUT
 ###  (connections with the router as destination)
 
@@ -34,7 +38,7 @@ iptables -t nat -N postrouting_rule
   iptables -A INPUT -j input_rule
 
   # allow
-  iptables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT -j LAN_ACCEPT      # allow from lan/wifi interfaces 
   iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
   iptables -A INPUT -p gre     -j ACCEPT       # allow GRE
 
OpenWrt development branches, manually converted from SVN.