From: Adrian <adrian.crespo@protonmail.com>
Date: Sun, 7 Nov 2021 17:40:00 +0000 (+0100)
Subject: Fix error in example firewall.sh script
X-Git-Tag: v2.5.5~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b2c423aa42a11b41f90aad8f53db71703cee2e2;p=thirdparty%2Fopenvpn.git

Fix error in example firewall.sh script

The man page says:
[!] -s, --source address[/mask][,...]

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20211107174000.16210-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23128.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit d720c5fd45d5c61b9c797172f8d6a7eaa35b959c)
---

diff --git a/sample/sample-config-files/firewall.sh b/sample/sample-config-files/firewall.sh
index 19d75ee92..456700ca5 100755
--- a/sample/sample-config-files/firewall.sh
+++ b/sample/sample-config-files/firewall.sh
@@ -50,7 +50,7 @@ iptables -A OUTPUT -p tcp --sport 137:139 -o eth0 -j DROP
 iptables -A OUTPUT -p udp --sport 137:139 -o eth0 -j DROP
 
 # Check source address validity on packets going out to internet
-iptables -A FORWARD -s ! $PRIVATE -i eth1 -j DROP
+iptables -A FORWARD ! -s $PRIVATE -i eth1 -j DROP
 
 # Allow local loopback
 iptables -A INPUT -s $LOOP -j ACCEPT