From f0033e0790c7f01b23f24504d3685cbaffc90f1f Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 11 Mar 2012 16:18:12 +0000
Subject: [PATCH] Introduce variable for expected input chains.

Saves lots of messing with $forward.
---
 bookends.m4 | 4 ++++
 icmp.m4     | 4 +---
 local.m4    | 9 +++------
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/bookends.m4 b/bookends.m4
index 69a721e..6faa91b 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -111,6 +111,10 @@ case $host_type_<::>FWHOST in
 esac
 setopt ip_forward $forward
 setdevopt forwarding $forward
+case $forward in
+  0) inchains="INPUT" ;;
+  1) inchains="INPUT FORWARD" ;;
+esac
 
 ## Set dynamic port allocation.
 setopt ip_local_port_range $open_port_min $open_port_max
diff --git a/icmp.m4 b/icmp.m4
index 3de0483..d3a7507 100644
--- a/icmp.m4
+++ b/icmp.m4
@@ -42,9 +42,7 @@ m4_divert(58)m4_dnl
 run iptables -A check-icmp -j ACCEPT
 
 ## Done.
-for i in INPUT FORWARD; do
-  run iptables -A $i -p icmp -j check-icmp
-done
+for i in $inchains; do run ip46tables -A $i -p icmp -j check-icmp; done
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------
diff --git a/local.m4 b/local.m4
index f139f00..d91b171 100644
--- a/local.m4
+++ b/local.m4
@@ -264,12 +264,9 @@ run ip46tables -A inbound -j forbidden
 run ip46tables -A INPUT -m mark --mark $from_untrusted/$MASK_FROM -g inbound
 
 ## Otherwise process as indicated by the mark.
-run ip46tables -A INPUT -m mark ! --mark 0/$MASK_MASK -j ACCEPT
-case $forward in
-  1)
-    run ip46tables -A FORWARD -m mark ! --mark 0/$MASK_MASK -j ACCEPT
-    ;;
-esac
+for i in $inchains; do
+  run ip46tables -A $i -m mark ! --mark 0/$MASK_MASK -j ACCEPT
+done
 
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------
-- 
2.11.0