don't drop all incoming connections if wan_ifname is not set

[openwrt/svn-archive/archive.git] / openwrt / package / iptables / files / firewall.init

diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init
index 3804d044f89fc90b62df60894bf056c091d4f483..a7cde95b5fd37862a799a2b8217b5568bb97226f 100755 (executable)
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -34,7 +34,7 @@ iptables -t nat -N postrouting_rule
   iptables -A INPUT -j input_rule
 
   # allow
-  [ -z "$WAN" ] || iptables -A INPUT -i \! $WAN        -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT ${WAN:+-i \! $WAN} -j ACCEPT       # allow from all interfaces except for wan
   iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
   iptables -A INPUT -p gre     -j ACCEPT       # allow GRE