X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=7a18502bfa728743bc951fef3ccbce84389a57f4;hp=853f195cf909a94bb546d7655f17067c2aa57058;hb=c0e0848f999ed8944ae551047fdea32bfee88d03;hpb=8e59a6022bf7cb225c3509be2964833cce0e630c

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 853f195cf..7a18502bf 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -179,7 +179,10 @@ iptables_init() {
 	iptables -t nat -A POSTROUTING -j IPSECNAT
 
 	# localhost and ethernet.
-	iptables -A INPUT   -i $GREEN_DEV  -m conntrack --ctstate NEW -j ACCEPT ! -p icmp
+	# Always allow accessing the web GUI from GREEN.
+	iptables -N GUIINPUT
+	iptables -A INPUT -j GUIINPUT
+	iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
 
 	# WIRELESS chains
 	iptables -N WIRELESSINPUT