* Fixed firewall scripts

contrib/init.d/luci_fw

@@ -15,12 +15,14 @@ apply_portfw() {
 	
 	if ([ "$proto" == "tcpudp" ] || [ "$proto" == "tcp" ]); then
 		iptables -t nat -A luci_prerouting -i "$iface" -p tcp --dport "$dport" -j DNAT --to "$to"
-		iptables -A luci_forward -i "$iface" -p tcp -d "$ip" "$ports" -j ACCEPT
+		iptables -t nat -A luci_postrouting -p tcp -d "$ip" $ports -j MASQUERADE
+		iptables -A luci_forward -i "$iface" -p tcp -d "$ip" $ports -j ACCEPT
 	fi
 
 	if ([ "$proto" == "tcpudp" ] || [ "$proto" == "udp" ]); then
 		iptables -t nat -A luci_prerouting -i "$iface" -p udp --dport "$dport" -j DNAT --to "$to"
-		iptables -A luci_forward -i "$iface" -p udp -d "$ip" "$ports" -j ACCEPT
+		iptables -t nat -A luci_postrouting -p udp -d "$ip" $ports -j MASQUERADE
+		iptables -A luci_forward -i "$iface" -p udp -d "$ip" $ports -j ACCEPT
 	fi
 }
 
@@ -66,9 +68,6 @@ apply_rule() {
 	config_get jump "$cfg" jump
 	[ -n "$jump" ] && cmd="$cmd -j $jump"	
 
-	config_get state "$cfg" state
-	[ -n "$state" ] && cmd="$cmd -m state --state $state"	
-
 	config_get command "$cfg" command
 	[ -n "$command" ] && cmd="$cmd $command"	
 

contrib/uci/luci

@@ -20,3 +20,4 @@ config event uci_oncommit
         option wireless	"/etc/init.d/network restart"
         option olsrd	"/etc/init.d/olsrd restart"
         option dhcp		"/etc/init.d/dhcp restart"
+        option luci_fw  "/etc/init.d/luci_fw restart"

src/ffluci/model/cbi/admin_network/firewall.lua

@@ -41,15 +41,6 @@ tosrc = s:option(Value, "todest", "Neue Zieladresse [DNAT]")
 tosrc.optional = true
 tosrc:depends("jump", "DNAT")
 
-
-state = s:option(MultiValue, "state", "Status")
-state.optional  = true
-state.delimiter = ","
-state:value("NEW", "neu")
-state:value("ESTABLISHED", "etabliert")
-state:value("RELATED", "zugehörig")
-state:value("INVALID", "ungültig")
-
 jump = s:option(ListValue, "jump", "Aktion")
 jump.rmempty = true
 jump:value("", "")