Opened 12 years ago

Closed 12 years ago

Last modified 10 years ago

#264 closed defect (invalid)

S45firewall / iterate over LANs

Reported by: anonymous Owned by: developers
Priority: normal Milestone:
Component: base system Version: 2.0
Keywords: Cc:


IMHO S45 firewall section FORWARDING subsection allow should be changed from:

# allow
iptables -A FORWARD -i br0 -o br0 -j ACCEPT
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT

to sth. like

# allow
[ "$LAN" = "br0" ] && iptables -A FORWARD -i br0 -o br0 -j ACCEPT
for THIS in $LANS; do

iptables -A FORWARD -i $THIS -o $WAN -j ACCEPT


LANS=$(nvram get lan_ifnames)

is added to the head of the script.


Attachments (0)

Change History (1)

comment:1 Changed 12 years ago by mbm

  • Resolution set to invalid
  • Status changed from new to closed

The lan_ifnames variable only gets used when lan_ifname starts with br[0-9]; in other words when lan_ifname is a bridge, the lan_ifnames get added to the bridge. After the devices are added to the bridge you never actually see the devices again, you only see them as the new bridge device, so adding these devices to the firewall doesn't make any sense.

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.