summaryrefslogtreecommitdiff
path: root/package/firewall
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2009-09-24 21:59:16 +0000
committerFelix Fietkau <nbd@openwrt.org>2009-09-24 21:59:16 +0000
commite9ec3a6e686b9769d9ee9dddfa12681e0bf85f69 (patch)
tree658f3d119b0fd486697be0c78243e8d39cd59eee /package/firewall
parent615a4d1e45ff7f17006b302e80773a7d351c3c78 (diff)
downloadmtk-20170518-e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69.zip
mtk-20170518-e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69.tar.gz
mtk-20170518-e9ec3a6e686b9769d9ee9dddfa12681e0bf85f69.tar.bz2
firewall: add sanity checks to zone default rules (patch from #5459)
SVN-Revision: 17713
Diffstat (limited to 'package/firewall')
-rwxr-xr-xpackage/firewall/files/uci_firewall.sh6
1 files changed, 3 insertions, 3 deletions
diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 44dd48b..3c13631 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -56,9 +56,9 @@ create_zone() {
$IPTABLES -N zone_$1_DROP
$IPTABLES -N zone_$1_REJECT
$IPTABLES -N zone_$1_forward
- $IPTABLES -A zone_$1_forward -j zone_$1_$5
- $IPTABLES -A zone_$1 -j zone_$1_$3
- $IPTABLES -A output -j zone_$1_$4
+ [ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
+ [ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
+ [ "$4" ] && $IPTABLES -A output -j zone_$1_$4
$IPTABLES -N zone_$1_nat -t nat
$IPTABLES -N zone_$1_prerouting -t nat
$IPTABLES -t raw -N zone_$1_notrack