Saves lots of messing with $forward.
esac
setopt ip_forward $forward
setdevopt forwarding $forward
+case $forward in
+ 0) inchains="INPUT" ;;
+ 1) inchains="INPUT FORWARD" ;;
+esac
## Set dynamic port allocation.
setopt ip_local_port_range $open_port_min $open_port_max
run iptables -A check-icmp -j ACCEPT
## Done.
-for i in INPUT FORWARD; do
- run iptables -A $i -p icmp -j check-icmp
-done
+for i in $inchains; do run ip46tables -A $i -p icmp -j check-icmp; done
m4_divert(-1)
###----- That's all, folks --------------------------------------------------
run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
## Otherwise process as indicated by the mark.
-run ip46tables -A INPUT -m mark ! --mark 0/$MASK_MASK -j ACCEPT
-case $forward in
- 1)
- run ip46tables -A FORWARD -m mark ! --mark 0/$MASK_MASK -j ACCEPT
- ;;
-esac
+for i in $inchains; do
+ run ip46tables -A $i -m mark ! --mark 0/$MASK_MASK -j ACCEPT
+done
m4_divert(-1)
###----- That's all, folks --------------------------------------------------