don't drop all incoming connections if wan_ifname is not set

author Felix Fietkau <nbd@openwrt.org>

Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)

committer Felix Fietkau <nbd@openwrt.org>

Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
author Felix Fietkau <nbd@openwrt.org>
Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
committer Felix Fietkau <nbd@openwrt.org>
Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
diff --git a/openwrt/package/iptables/files/firewall.init b/openwrt/package/iptables/files/firewall.init

index 8095e19f098982dcaa28df2d8be86fd821fd0f0f..d1b9d79dbc10b2c91cb55bb59132e2602d18a7c6 100755 (executable)
--- a/openwrt/package/iptables/files/firewall.init
+++ b/openwrt/package/iptables/files/firewall.init
@@ -34,7 +34,7 @@ iptables -t nat -N postrouting_rule
    iptables -A INPUT -j input_rule
  
    # allow
-  iptables -A INPUT -i \! $WAN -j ACCEPT       # allow from lan/wifi interfaces 
+  iptables -A INPUT -i ${WAN:+-i \! $WAN} -j ACCEPT    # allow from lan/wifi interfaces 
    iptables -A INPUT -p icmp    -j ACCEPT       # allow ICMP
    iptables -A INPUT -p gre     -j ACCEPT       # allow GRE
author	Felix Fietkau <nbd@openwrt.org>
	Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)
committer	Felix Fietkau <nbd@openwrt.org>
	Thu, 27 Apr 2006 14:55:04 +0000 (14:55 +0000)