From 60fcb2410e4db68625ef080bdf3d99d79e7b5abb Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun, 1 Nov 2015 11:20:56 +0100
Subject: [PATCH] firewall: fix disable MASQERADE in green only mode.

using MASQERADE_GREEN="off" will not work because "NETWORK_GREEN" is
not correctly defined in green only mode.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 src/initscripts/init.d/firewall | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 2d462d786d..6622071530 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -352,8 +352,8 @@ iptables_red_up() {
 		# Outgoing masquerading (don't masqerade IPSEC (mark 50))
 		iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
 
-		if [ "$IFACE" = "$GREEN_DEV" ]; then
-			MASQUERADE_GREEN="off"
+		if [ "${IFACE}" = "${GREEN_DEV}" ]; then
+			iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN
 		fi
 
 		local NO_MASQ_NETWORKS
-- 
2.39.5