don't drop all incoming connections if wan_ifname is not set

author Felix Fietkau <nbd@openwrt.org>

Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)

committer Felix Fietkau <nbd@openwrt.org>

Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
author Felix Fietkau <nbd@openwrt.org>
Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
committer Felix Fietkau <nbd@openwrt.org>
Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init

index 3804d044f89fc90b62df60894bf056c091d4f483..a7cde95b5fd37862a799a2b8217b5568bb97226f 100755 (executable)
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -34,7 +34,7 @@ iptables -t nat -N postrouting_rule
    iptables -A INPUT -j input_rule
  
    # allow
-  [ -z "$WAN" ] || iptables -A INPUT -i \! $WAN        -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT       # allow from all interfaces except for wan
    iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
    iptables -A INPUT -p gre     -j ACCEPT       # allow GRE
author	Felix Fietkau <nbd@openwrt.org>
	Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
committer	Felix Fietkau <nbd@openwrt.org>
	Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)