From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 1 Jul 2018 10:49:57 +0000 (+0100)
Subject: firewall: Suppress more warnings when initialising without GREEN
X-Git-Tag: v2.21-core123~100
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=475ae4b3dbb29ba67a16e48910d3fa8130a8b2c3;p=people%2Fstevee%2Fipfire-2.x.git

firewall: Suppress more warnings when initialising without GREEN

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index cbba3b021a..c0a526f225 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -58,7 +58,9 @@ HAVE_OPENVPN="true"
 # INPUT
 
 # Allow access from GREEN
-iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+if [ -n "${GREEN_DEV}" ]; then
+	iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+fi
 
 # Allow access from BLUE
 if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
@@ -119,12 +121,14 @@ case "${POLICY}" in
 
 	*)
 		# Access from GREEN is granted to everywhere
-		if [ "${IFACE}" = "${GREEN_DEV}" ]; then
-			# internet via green
-			# don't check source IP/NET if IFACE is GREEN
-			iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
-		else
-			iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+		if [ -n "${GREEN_DEV}" ]; then
+			if [ "${IFACE}" = "${GREEN_DEV}" ]; then
+				# internet via green
+				# don't check source IP/NET if IFACE is GREEN
+				iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
+			else
+				iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+			fi
 		fi
 
 		# Grant access for IPsec VPN connections