adschm/firmware
1
0
Fork 0
forked from freifunk-franken/firmware
Code Issues Pull Requests Projects Releases Wiki Activity
6f132f858e
firmware/src/packages/fff/fff-gateway/files/usr/lib/firewall.d/10-no-forward-wan
Adrian Schmutzler 6f132f858e firewall.d: Check for unset IF_WAN 
In some cases (mostly for one-port devices) IF_WAN was used
although not set, resulting in not obviously iptables error
messages like

- Bad argument `conntrack'

- Bad argument `REJECT'

Thus, check whether IF_WAN is set to something before using it.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
2019-11-17 15:46:34 +01:00

6 lines
221 B
Plaintext
Raw Blame History

# Ensure nothing is forwarded onto WAN interface
if [ -n "$IF_WAN" ]; then
iptables -A FORWARD -o $IF_WAN -j REJECT --reject-with icmp-net-unreachable
ip6tables -A FORWARD -o $IF_WAN -j REJECT --reject-with no-route
fi
Reference in New Issue View Git Blame Copy Permalink