Improve LAN management

firewall

@@ -182,21 +182,11 @@ start()
 
     if [ $LAN == 1 ]; then
         log_action_msg "Allow WAN outgoing traffic from lan"
-        $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
-        $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
-
+        $IPTABLES -A FORWARD -i $WAN_INT -o $LAN_INT -p all -d $LAN_NETWORK -m state --state RELATED,ESTABLISHED -j ACCEPT
+        $IPTABLES -A FORWARD -i $LAN_INT -o $WAN_INT -p all -s $LAN_NETWORK -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
         log_action_msg "Allow local network"
-        $IPTABLES -A OUTPUT -o $LAN_INT -p all -j ACCEPT
-        $IPTABLES -A INPUT  -i $LAN_INT -p all -j ACCEPT
-        for ALLOW_INT in $ALLOW_INTS; do
-                log_action_msg "Allow WAN outgoing traffic for interface $ALLOW_INT"
-                $IPTABLES -A FORWARD -i $ALLOW_INT -o $WAN_INT -p all -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
-                $IPTABLES -A FORWARD -i $WAN_INT -o $ALLOW_INT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-                log_action_msg "Allow local network"
-                $IPTABLES -A OUTPUT -o $ALLOW_INT -p all -j ACCEPT
-                $IPTABLES -A INPUT  -i $ALLOW_INT -p all -j ACCEPT
-        done
+        $IPTABLES -A OUTPUT -o $LAN_INT -s $LAN_NETWORK -p all -j ACCEPT
+        $IPTABLES -A INPUT  -i $LAN_INT -d $LAN_NETWORK -p all -j ACCEPT
    fi
 
     ## block spoofing