examples/var_service/fw/run: allow extif's to be more than one iface

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

examples/var_service/fw/run

@@ -179,7 +179,9 @@ ipt="iptables -t nat -A OUTPUT"
 #       OUTGOING TRAFFIC
 ipt="iptables -t nat -A POSTROUTING"
 # Masquerade boxes on my private net
-doit $ipt -s 192.168.0.0/24 -o $extif -j MASQUERADE
+for e in $extif; do
+	doit $ipt -s 192.168.0.0/24 -o $e -j MASQUERADE
+done
 
 #       *** mangle ***
 ### DEBUG
@@ -204,7 +206,9 @@ fi
 doit $ipt -p tcp -j REJECT	# Anything else isn't ok. REJECT = irc opens faster
 				# (it probes proxy ports, DROP will incur timeout delays)
 ipt="iptables -t filter -A INPUT"
-doit $ipt -i $extif -j iext
+for e in $extif; do
+	doit $ipt -i $e -j iext
+done
 
 
 echo; echo "* Enabling forwarding"
@@ -222,12 +226,12 @@ echo; echo "* Routing:"
 ip r l
 echo; echo "* Firewall:"
 {
-echo '---FILTER--';
-iptables -v -L -x -n;
-echo '---NAT-----';
-iptables -t nat -v -L -x -n;
-echo '---MANGLE--';
-iptables -t mangle -v -L -x -n;
+echo '---FILTER--'
+iptables -v -L -x -n
+echo '---NAT-----'
+iptables -t nat -v -L -x -n
+echo '---MANGLE--'
+iptables -t mangle -v -L -x -n
 } \
 | grep -v '^$' | grep -Fv 'bytes target'
 echo