From 3150b0f03fad835bb7b73e4a2ff8d297bacbc672 Mon Sep 17 00:00:00 2001
From: bbruns <bbruns@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Sat, 21 Aug 2010 17:50:39 +0000
Subject: [PATCH] More small fixes

---
 rc.firewall | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/rc.firewall b/rc.firewall
index 32549f2..e043002 100755
--- a/rc.firewall
+++ b/rc.firewall
@@ -322,18 +322,20 @@ if [ $NAT ]; then
 			esac
 		done
 		reset_color
-	fi			
+	fi
 	#=================
     # This section is going away in 1.0
-	for i in $NATRANGE; do
-		$IPTABLES -A POSTROUTING -t nat -s $i -o $NATEXTIF -j SNAT --to-source $NATEXTIP
-	done
-	 #This is necessary to make sure that PMTU works
-	$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o $NATEXTIF \
-			-j ACCEPT
-	$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed \
-			-o $NATEXTIF -j ACCEPT
+	if [ "$NATRANGE" ]; then
+		for i in $NATRANGE; do
+			$IPTABLES -A POSTROUTING -t nat -s $i -o $NATEXTIF -j SNAT --to-source $NATEXTIP
+		done
+	 	#This is necessary to make sure that PMTU works
+		$IPTABLES -A OUTPUT -p icmp --icmp-type time-exceeded -o $NATEXTIF \
+				-j ACCEPT
+		$IPTABLES -A OUTPUT -p icmp --icmp-type fragmentation-needed \
+				-o $NATEXTIF -j ACCEPT
 	#=================
+	fi
 fi
 
 $IPTABLES --policy INPUT ACCEPT