firewall: Collect all networks that should not be NATed in an array

No functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 139d94aa0cad43e00747a694cfffd1b0f5b3c9ac..6d9c00282e9eb9e089f207c0c99f228137cb609f 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -481,22 +481,22 @@ iptables_red_up() {
                        iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN
                fi
 
-               local NO_MASQ_NETWORKS
+               local NO_MASQ_NETWORKS=()
 
                if [ "${MASQUERADE_GREEN}" = "off" ]; then
-                       NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
+                       NO_MASQ_NETWORKS+=( "${GREEN_NETADDRESS}/${GREEN_NETMASK}" )
                fi
 
                if [ "${MASQUERADE_BLUE}" = "off" ]; then
-                       NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+                       NO_MASQ_NETWORKS+=( "${BLUE_NETADDRESS}/${BLUE_NETMASK}" )
                fi
 
                if [ "${MASQUERADE_ORANGE}" = "off" ]; then
-                       NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+                       NO_MASQ_NETWORKS+=( "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" )
                fi
 
                local network
-               for network in ${NO_MASQ_NETWORKS}; do
+               for network in ${NO_MASQ_NETWORKS[@]}; do
                        iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
                done