firewall: Allow starting without a green interface

author Michael Tremer <michael.tremer@ipfire.org>

Sun, 1 Jul 2018 09:32:31 +0000 (10:32 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Sun, 1 Jul 2018 09:32:31 +0000 (10:32 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Sun, 1 Jul 2018 09:32:31 +0000 (10:32 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Sun, 1 Jul 2018 09:32:31 +0000 (10:32 +0100)
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall

index cab791c1f7a599059483bfe3257179df49f01658..707209987e46fee56fcaca2c111a6a2c00f61235 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -280,7 +280,9 @@ iptables_init() {
         # Always allow accessing the web GUI from GREEN.
         iptables -N GUIINPUT
         iptables -A INPUT -j GUIINPUT
-       iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+       if [ -n "${GREEN_DEV}" ]; then
+               iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+       fi
  
         # WIRELESS chains
         iptables -N WIRELESSINPUT
@@ -329,8 +331,10 @@ iptables_init() {
         iptables -t nat -N NAT_DESTINATION_FIX
         iptables -t nat -A POSTROUTING -j NAT_DESTINATION_FIX
  
-       iptables -t nat -A NAT_DESTINATION_FIX \
-               -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+       if [ -n "${GREEN_ADDRESS}" ]; then
+               iptables -t nat -A NAT_DESTINATION_FIX \
+                       -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+       fi
  
         if [ -n "${BLUE_ADDRESS}" ]; then
                 iptables -t nat -A NAT_DESTINATION_FIX \
author	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 1 Jul 2018 09:32:31 +0000 (10:32 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sun, 1 Jul 2018 09:32:31 +0000 (10:32 +0100)