From: Felix Fietkau <nbd@openwrt.org>
Date: Sat, 19 Aug 2006 22:27:23 +0000 (+0000)
Subject: add extra chain for non-wan traffic
X-Git-Tag: whiterussian_rc6~173
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=fa9a53fe171c18eae238fa846d146019e991de59;p=openwrt%2Fsvn-archive%2Fopenwrt.git

add extra chain for non-wan traffic

SVN-Revision: 4611
---

diff --git a/openwrt/package/iptables/Makefile b/openwrt/package/iptables/Makefile
index ac7a0a41fa..fa12f5953a 100644
--- a/openwrt/package/iptables/Makefile
+++ b/openwrt/package/iptables/Makefile
@@ -75,7 +75,7 @@ $(IPKG_IPTABLES):
 	install -d -m0755 $(IDIR_IPTABLES)/etc/config
 	install -m0644 ./files/firewall.config $(IDIR_IPTABLES)/etc/config/firewall
 	install -d -m0755 $(IDIR_IPTABLES)/etc/init.d
-	install -m0755 ./files/firewall.init $(IDIR_IPTABLES)/etc/init.d/S45firewall
+	install -m0755 ./files/firewall.init $(IDIR_IPTABLES)/etc/init.d/S35firewall
 	install -m0755 ./files/firewall.user $(IDIR_IPTABLES)/etc/
 	install -d -m0755 $(IDIR_IPTABLES)/usr/lib
 	install -m0644 ./files/firewall.awk $(IDIR_IPTABLES)/usr/lib
diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init
index 0a7daab319..1b2573331d 100755
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -19,6 +19,10 @@ iptables -N forwarding_rule
 iptables -t nat -N prerouting_rule
 iptables -t nat -N postrouting_rule
 
+iptables -N LAN_ACCEPT
+[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+iptables -A LAN_ACCEPT -j ACCEPT
+
 ### INPUT
 ###  (connections with the router as destination)
 
@@ -34,7 +38,7 @@ iptables -t nat -N postrouting_rule
   iptables -A INPUT -j input_rule
 
   # allow
-  iptables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT	# allow from lan/wifi interfaces 
+  iptables -A INPUT -j LAN_ACCEPT	# allow from lan/wifi interfaces 
   iptables -A INPUT -p icmp	-j ACCEPT	# allow ICMP
   iptables -A INPUT -p gre	-j ACCEPT	# allow GRE