firewall: add sanity checks to zone default rules (patch from #5459)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17713 3c298f89-4303-0410-b956-a3cf2f4a3e73

package/firewall/files/uci_firewall.sh

@@ -56,9 +56,9 @@ create_zone() {
 	$IPTABLES -N zone_$1_DROP
 	$IPTABLES -N zone_$1_REJECT
 	$IPTABLES -N zone_$1_forward
-	$IPTABLES -A zone_$1_forward -j zone_$1_$5
-	$IPTABLES -A zone_$1 -j zone_$1_$3
-	$IPTABLES -A output -j zone_$1_$4
+	[ "$5" ] && $IPTABLES -A zone_$1_forward -j zone_$1_$5
+	[ "$3" ] && $IPTABLES -A zone_$1 -j zone_$1_$3
+	[ "$4" ] && $IPTABLES -A output -j zone_$1_$4
 	$IPTABLES -N zone_$1_nat -t nat
 	$IPTABLES -N zone_$1_prerouting -t nat
 	$IPTABLES -t raw -N zone_$1_notrack