firewall: comply with REC-22, REC-24 of RFC 6092

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46507 3c298f89-4303-0410-b956-a3cf2f4a3e73

2 files changed, 12 insertions, 13 deletions

diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile
index b4294f2e93..9a077241a3 100644
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_VERSION:=2015-05-26
+PKG_VERSION:=2015-07-22
 PKG_RELEASE:=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 1a20e39ca5..5d0e3cbc66 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -159,19 +159,18 @@ config include
 #	option proto		tcp
 
 # allow IPsec/ESP and ISAKMP passthrough
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option protocol		esp
-#	option target		ACCEPT
+config rule
+	option src		wan
+	option dest		lan
+	option protocol		esp
+	option target		ACCEPT
 
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option src_port		500
-#	option dest_port	500
-#	option proto		udp
-#	option target		ACCEPT
+config rule
+	option src		wan
+	option dest		lan
+	option dest_port	500
+	option proto		udp
+	option target		ACCEPT
 
 ### FULL CONFIG SECTIONS
 #config rule