From 9f3a97a0b37bad19e85c1f73c4c1e4908ce1f9bc Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Sun, 15 Oct 2006 23:04:23 +0000
Subject: [PATCH] add firewall protection for wan_device in addition to
 wan_ifname (fixes #852)

SVN-Revision: 5136
---
 openwrt/package/iptables/files/firewall.init | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init
index 1b2573331d..5274a5250d 100755
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -3,8 +3,9 @@
 ## Please make changes in /etc/firewall.user
 
 . /etc/functions.sh
-WAN=$(nvram get wan_ifname)
-LAN=$(nvram get lan_ifname)
+WAN="$(nvram get wan_ifname)"
+WANDEV="$(nvram get wan_device)"
+LAN="$(nvram get lan_ifname)"
 
 ## CLEAR TABLES
 for T in filter nat; do
@@ -21,6 +22,7 @@ iptables -t nat -N postrouting_rule
 
 iptables -N LAN_ACCEPT
 [ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
+[ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A LAN_ACCEPT -i "$WANDEV" -j RETURN
 iptables -A LAN_ACCEPT -j ACCEPT
 
 ### INPUT
-- 
2.30.2