From: Felix Fietkau <nbd@openwrt.org>
Date: Sun, 15 Oct 2006 23:04:23 +0000 (+0000)
Subject: add firewall protection for wan_device in addition to wan_ifname (fixes #852)
X-Git-Tag: whiterussian_rc6~81
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=9f3a97a0b37bad19e85c1f73c4c1e4908ce1f9bc;p=openwrt%2Fsvn-archive%2Fopenwrt.git

add firewall protection for wan_device in addition to wan_ifname (fixes #852)

SVN-Revision: 5136
---

diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init
index 1b2573331d..5274a5250d 100755
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -3,8 +3,9 @@
 ## Please make changes in /etc/firewall.user
 
 . /etc/functions.sh
-WAN=$(nvram get wan_ifname)
-LAN=$(nvram get lan_ifname)
+WAN="$(nvram get wan_ifname)"
+WANDEV="$(nvram get wan_device)"
+LAN="$(nvram get lan_ifname)"
 
 ## CLEAR TABLES
 for T in filter nat; do
@@ -21,6 +22,7 @@ iptables -t nat -N postrouting_rule
 
 iptables -N LAN_ACCEPT
 [ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+[ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A LAN_ACCEPT -i "$WANDEV" -j RETURN
 iptables -A LAN_ACCEPT -j ACCEPT
 
 ### INPUT