aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config/firewall/files/firewall.config
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/config/firewall/files/firewall.config')
-rw-r--r--package/network/config/firewall/files/firewall.config29
1 files changed, 15 insertions, 14 deletions
diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 749dbecb97..8874e9882c 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -114,6 +114,21 @@ config rule
option family ipv6
option target ACCEPT
+config rule
+ option name Allow-IPSec-ESP
+ option src wan
+ option dest lan
+ option proto esp
+ option target ACCEPT
+
+config rule
+ option name Allow-ISAKMP
+ option src wan
+ option dest lan
+ option dest_port 500
+ option proto udp
+ option target ACCEPT
+
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
@@ -157,20 +172,6 @@ config include
# option dest_port 22
# option proto tcp
-# allow IPsec/ESP and ISAKMP passthrough
-config rule
- option src wan
- option dest lan
- option proto esp
- option target ACCEPT
-
-config rule
- option src wan
- option dest lan
- option dest_port 500
- option proto udp
- option target ACCEPT
-
### FULL CONFIG SECTIONS
#config rule
# option src lan
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 19:49:26 +0000