freifunk-firewall: Fix local_restrict lan protection, it didn't work on rc4 nor on...

diff --git a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
index ed40ff48d62931c4639e0be48e2174d8a4841083..d6f94ea901e99567e0c8f46b8149e0f67ee1522f 100644 (file)
--- a/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
+++ b/contrib/package/freifunk-firewall/files/etc/hotplug.d/firewall/23-restricted-wan
@@ -18,9 +18,7 @@ clear_restricted_gw()
                config_get gateway "$state" gateway
 
                logger -t firewall.freifunk "removing local restriction to $iface($gateway)"
-               iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT
-               iptables -D "zone_${INTERFACE}_ACCEPT" ! -i $ifname -o $ifname -d $gateway -j ACCEPT
-
+               iptables -D forwarding_rule ! -i $ifname -o $ifname -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
                uci_revert_state firewall "$state"
        fi
 }
@@ -56,9 +54,7 @@ if [ "$ACTION" = add ]; then
 
                if [ "$local_restrict" = 1 ]; then
                        logger -t firewall.freifunk "restricting local access to $DEVICE($gateway)"
-                       iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT
-                       iptables -I "zone_${INTERFACE}_ACCEPT" ! -i $DEVICE -o $DEVICE -d $gateway -j ACCEPT
-
+                       iptables -I forwarding_rule ! -i $DEVICE -o $DEVICE -d $ipaddr/$netmask -j REJECT --reject-with icmp-host-prohibited
                        local state="restricted_gw_${INTERFACE}"
                        uci_set_state firewall "$state" "" restricted_gw_state
                        uci_set_state firewall "$state" iface "$INTERFACE"