From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 31 Mar 2025 14:31:43 +0000 (+0200)
Subject: firewall: Collect all networks that should not be NATed in an array
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8fa1831bff7e1d76eb83b145976211aa703062e1;p=people%2Fmfischer%2Fipfire-2.x.git

firewall: Collect all networks that should not be NATed in an array

No functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 139d94aa0..6d9c00282 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -481,22 +481,22 @@ iptables_red_up() {
 			iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN
 		fi
 
-		local NO_MASQ_NETWORKS
+		local NO_MASQ_NETWORKS=()
 
 		if [ "${MASQUERADE_GREEN}" = "off" ]; then
-			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
+			NO_MASQ_NETWORKS+=( "${GREEN_NETADDRESS}/${GREEN_NETMASK}" )
 		fi
 
 		if [ "${MASQUERADE_BLUE}" = "off" ]; then
-			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+			NO_MASQ_NETWORKS+=( "${BLUE_NETADDRESS}/${BLUE_NETMASK}" )
 		fi
 
 		if [ "${MASQUERADE_ORANGE}" = "off" ]; then
-			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+			NO_MASQ_NETWORKS+=( "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" )
 		fi
 
 		local network
-		for network in ${NO_MASQ_NETWORKS}; do
+		for network in ${NO_MASQ_NETWORKS[@]}; do
 			iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
 		done