Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

contrib/freifunk-firewall: use extrapositioned negation

Browse source
This commit is contained in:
Manuel Munz 2011-02-12 17:07:56 +00:00
parent 1f9e2e6e77
commit e3a39de81a
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
View file

@ -18,8 +18,8 @@ clear_restricted_gw()
config_get gateway "$state" gateway config_get gateway "$state" gateway
logger -t firewall.freifunk "removing local restriction to $iface($gateway)" logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
iptables -D "zone_${INTERFACE}_ACCEPT" -i ! $ifname -o $ifname -d $ipaddr/$netmask -j REJECT iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT
iptables -D "zone_${INTERFACE}_ACCEPT" -i ! $ifname -o $ifname -d $gateway -j ACCEPT iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $gateway -j ACCEPT
uci_revert_state firewall "$state" uci_revert_state firewall "$state"
fi fi
@ -56,8 +56,8 @@ if [ "$ACTION" = add ]; then
if [ "$local_restrict" = 1 ]; then if [ "$local_restrict" = 1 ]; then
logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)" logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
iptables -I "zone_${INTERFACE}_ACCEPT" -i ! $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT
iptables -I "zone_${INTERFACE}_ACCEPT" -i ! $DEVICE -o $DEVICE -d $gateway -j ACCEPT iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $gateway -j ACCEPT
local state="restricted_gw_${INTERFACE}" local state="restricted_gw_${INTERFACE}"
uci_set_state firewall "$state" "" restricted_gw_state uci_set_state firewall "$state" "" restricted_gw_state