diff options
-rw-r--r-- | package/network/config/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/network/config/firewall/files/firewall.config | 29 |
2 files changed, 16 insertions, 15 deletions
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile index 6fb82c49da..0f52ab98da 100644 --- a/package/network/config/firewall/Makefile +++ b/package/network/config/firewall/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=firewall -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config index 749dbecb97..8874e9882c 100644 --- a/package/network/config/firewall/files/firewall.config +++ b/package/network/config/firewall/files/firewall.config @@ -114,6 +114,21 @@ config rule option family ipv6 option target ACCEPT +config rule + option name Allow-IPSec-ESP + option src wan + option dest lan + option proto esp + option target ACCEPT + +config rule + option name Allow-ISAKMP + option src wan + option dest lan + option dest_port 500 + option proto udp + option target ACCEPT + # include a file with users custom iptables rules config include option path /etc/firewall.user @@ -157,20 +172,6 @@ config include # option dest_port 22 # option proto tcp -# allow IPsec/ESP and ISAKMP passthrough -config rule - option src wan - option dest lan - option proto esp - option target ACCEPT - -config rule - option src wan - option dest lan - option dest_port 500 - option proto udp - option target ACCEPT - ### FULL CONFIG SECTIONS #config rule # option src lan |