diff options
author | Steven Barth <cyrus@openwrt.org> | 2015-07-24 10:00:45 +0000 |
---|---|---|
committer | Steven Barth <cyrus@openwrt.org> | 2015-07-24 10:00:45 +0000 |
commit | f6abd042c29f5a69d56151f884fbf4f4e834e674 (patch) | |
tree | 47097a5dc240ee067e62a29b76f242b6ca8a382e /package/network | |
parent | 1b6a6abf0439177cba1fdea3ae91a7354fe74841 (diff) | |
download | upstream-f6abd042c29f5a69d56151f884fbf4f4e834e674.tar.gz upstream-f6abd042c29f5a69d56151f884fbf4f4e834e674.tar.bz2 upstream-f6abd042c29f5a69d56151f884fbf4f4e834e674.zip |
firewall: comply with REC-22, REC-24 of RFC 6092
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46478
Diffstat (limited to 'package/network')
-rw-r--r-- | package/network/config/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/network/config/firewall/files/firewall.config | 23 |
2 files changed, 12 insertions, 13 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index b4294f2e93..9a077241a3 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall -PKG_VERSION:=2015-05-26 +PKG_VERSION:=2015-07-22 PKG_RELEASE:=$(PKG_SOURCE_VERSION) PKG_SOURCE_PROTO:=git diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config index 1a20e39ca5..5d0e3cbc66 100644 --- a/package/network/config/firewall/files/firewall.config +++ b/package/network/config/firewall/files/firewall.config @@ -159,19 +159,18 @@ config include # option proto tcp # allow IPsec/ESP and ISAKMP passthrough -#config rule -# option src wan -# option dest lan -# option protocol esp -# option target ACCEPT +config rule + option src wan + option dest lan + option protocol esp + option target ACCEPT -#config rule -# option src wan -# option dest lan -# option src_port 500 -# option dest_port 500 -# option proto udp -# option target ACCEPT +config rule + option src wan + option dest lan + option dest_port 500 + option proto udp + option target ACCEPT ### FULL CONFIG SECTIONS #config rule |