From: Felix Fietkau <nbd@openwrt.org>
Date: Thu, 24 Sep 2009 21:59:16 +0000 (+0000)
Subject: firewall: add sanity checks to zone default rules (patch from #5459)
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;h=1c6f4631530881e8ce4665d679a716e65bde044f

firewall: add sanity checks to zone default rules (patch from #5459)

SVN-Revision: 17713
---

diff --git a/package/firewall/files/uci_firewall.sh b/package/firewall/files/uci_firewall.sh
index 44dd48b4e4..3c13631a3b 100755
--- a/package/firewall/files/uci_firewall.sh
+++ b/package/firewall/files/uci_firewall.sh
@@ -56,9 +56,9 @@ create_zone() {
 	$IPTABLES -N zone_$1_DROP
 	$IPTABLES -N zone_$1_REJECT
 	$IPTABLES -N zone_$1_forward
-	$IPTABLES -A zone_$1_forward -j zone_$1_$5
-	$IPTABLES -A zone_$1 -j zone_$1_$3
-	$IPTABLES -A output -j zone_$1_$4
+	[ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
+	[ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
+	[ "$4" ] && $IPTABLES -A output -j zone_$1_$4
 	$IPTABLES -N zone_$1_nat -t nat
 	$IPTABLES -N zone_$1_prerouting -t nat
 	$IPTABLES -t raw -N zone_$1_notrack