From 9a61d9e513c5bfeff76bca1cd87a3f8651f4512b Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Sat, 22 Oct 2011 20:11:25 +0000
Subject: firewall: fix possible expansion of "*" when rules with "option src
 *" are processed

SVN-Revision: 28527
---
 package/firewall/files/lib/fw.sh | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'package/firewall/files/lib')

diff --git a/package/firewall/files/lib/fw.sh b/package/firewall/files/lib/fw.sh
index bf7156e8ce..a8a7911494 100644
--- a/package/firewall/files/lib/fw.sh
+++ b/package/firewall/files/lib/fw.sh
@@ -211,12 +211,17 @@ fw_get_family_mode() {
 	local _mode="$4"
 
 	local _ipv4 _ipv6
-	[ -n "$FW_ZONES4$FW_ZONES6" ] && {
-		list_contains FW_ZONES4 $_zone && _ipv4=1 || _ipv4=0
-		list_contains FW_ZONES6 $_zone && _ipv6=1 || _ipv6=0
+	[ "$_zone" != "*" ] && {
+		[ -n "$FW_ZONES4$FW_ZONES6" ] && {
+			list_contains FW_ZONES4 "$_zone" && _ipv4=1 || _ipv4=0
+			list_contains FW_ZONES6 "$_zone" && _ipv6=1 || _ipv6=0
+		} || {
+			_ipv4=$(uci_get_state firewall core "${_zone}_ipv4" 0)
+			_ipv6=$(uci_get_state firewall core "${_zone}_ipv6" 0)
+		}
 	} || {
-		_ipv4=$(uci_get_state firewall core ${_zone}_ipv4 0)
-		_ipv6=$(uci_get_state firewall core ${_zone}_ipv6 0)
+		_ipv4=1
+		_ipv6=1
 	}
 
 	case "$_hint:$_ipv4:$_ipv6" in
-- 
cgit v1.2.3