Added an option for IP forwarding

etc/lfirewall.conf

@@ -4,6 +4,12 @@
 #The network interface to use (uncomment and change value if needed)
 #NETWORK_IF=eth0
 
+# Set ALLOW_IP_FORWARDING to 1
+#     if IP forwarding is needed
+# Set ALLOW_IP_FORWARDING to 0
+#     will write 0 into /proc/sys/net/ipv4/ip_forward
+ALLOW_IP_FORWARDING=0
+
 #################################
 # Services that the system will #
 # offer to the network          #

scripts/lfirewall

@@ -47,7 +47,14 @@ fi
 IP_TABLES="/sbin/iptables"
 
 if ! [ -x $IP_TABLES ]; then
-	exit 0
+	echo "$IP_TABLES is not executable or not present" >&2
+	exit 1
+fi
+
+if ! /usr/sbin/ifup --no-act $NETWORK_IF
+then
+	echo "Network interface '$NETWORK_IF' is not present or configured" >&2
+	exit 2
 fi
 
 ##########################
@@ -143,7 +150,12 @@ fw_start () {
 	# (some will only work with some kernel versions)
 	#**************************************************************************#
 	echo 1 > /proc/sys/net/ipv4/tcp_syncookies
-	echo 0 > /proc/sys/net/ipv4/ip_forward
+	if [[ "${ALLOW_IP_FORWARDING}" = 0 ]]
+	then
+		echo 0 > /proc/sys/net/ipv4/ip_forward
+	else
+		echo 1 > /proc/sys/net/ipv4/ip_forward
+	fi
 	echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
 	echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
 	echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
@@ -174,6 +186,7 @@ fw_stop () {
 
 fw_clear () {
 	$IP_TABLES -F
+	$IP_TABLES -X
 	$IP_TABLES -t nat -F
 	$IP_TABLES -t mangle -F
 	$IP_TABLES -P INPUT ACCEPT