* Fixed firewall scripts

[project/luci.git] / contrib / init.d / luci_fw

diff --git a/contrib/init.d/luci_fw b/contrib/init.d/luci_fw
index f393719..4cb9c47 100644 (file)
--- a/contrib/init.d/luci_fw
+++ b/contrib/init.d/luci_fw
@@ -15,12 +15,14 @@ apply_portfw() {
        
        if ([ "$proto" == "tcpudp" ] || [ "$proto" == "tcp" ]); then
                iptables -t nat -A luci_prerouting -i "$iface" -p tcp --dport "$dport" -j DNAT --to "$to"
-               iptables -A luci_forward -i "$iface" -p tcp -d "$ip" "$ports" -j ACCEPT
+               iptables -t nat -A luci_postrouting -p tcp -d "$ip" $ports -j MASQUERADE
+               iptables -A luci_forward -i "$iface" -p tcp -d "$ip" $ports -j ACCEPT
        fi
 
        if ([ "$proto" == "tcpudp" ] || [ "$proto" == "udp" ]); then
                iptables -t nat -A luci_prerouting -i "$iface" -p udp --dport "$dport" -j DNAT --to "$to"
-               iptables -A luci_forward -i "$iface" -p udp -d "$ip" "$ports" -j ACCEPT
+               iptables -t nat -A luci_postrouting -p udp -d "$ip" $ports -j MASQUERADE
+               iptables -A luci_forward -i "$iface" -p udp -d "$ip" $ports -j ACCEPT
        fi
 }
 
@@ -66,9 +68,6 @@ apply_rule() {
        config_get jump "$cfg" jump
        [ -n "$jump" ] && cmd="$cmd -j $jump"   
 
-       config_get state "$cfg" state
-       [ -n "$state" ] && cmd="$cmd -m state --state $state"   
-
        config_get command "$cfg" command
        [ -n "$command" ] && cmd="$cmd $command"