projects
/
openwrt
/
openwrt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
firewall: document rules for IPSec ESP/ISAKMP with 'name' option
[openwrt/openwrt.git]
/
package
/
network
/
config
/
firewall
/
files
/
firewall.config
diff --git
a/package/network/config/firewall/files/firewall.config
b/package/network/config/firewall/files/firewall.config
index 749dbecb974d9f8055d900f4790da72a96cb7f1e..8874e9882c3083932fc90e061739dc265992eb61 100644
(file)
--- a/
package/network/config/firewall/files/firewall.config
+++ b/
package/network/config/firewall/files/firewall.config
@@
-114,6
+114,21
@@
config rule
option family ipv6
option target ACCEPT
option family ipv6
option target ACCEPT
+config rule
+ option name Allow-IPSec-ESP
+ option src wan
+ option dest lan
+ option proto esp
+ option target ACCEPT
+
+config rule
+ option name Allow-ISAKMP
+ option src wan
+ option dest lan
+ option dest_port 500
+ option proto udp
+ option target ACCEPT
+
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
@@
-157,20
+172,6
@@
config include
# option dest_port 22
# option proto tcp
# option dest_port 22
# option proto tcp
-# allow IPsec/ESP and ISAKMP passthrough
-config rule
- option src wan
- option dest lan
- option proto esp
- option target ACCEPT
-
-config rule
- option src wan
- option dest lan
- option dest_port 500
- option proto udp
- option target ACCEPT
-
### FULL CONFIG SECTIONS
#config rule
# option src lan
### FULL CONFIG SECTIONS
#config rule
# option src lan