From f6abd042c29f5a69d56151f884fbf4f4e834e674 Mon Sep 17 00:00:00 2001
From: Steven Barth <cyrus@openwrt.org>
Date: Fri, 24 Jul 2015 10:00:45 +0000
Subject: firewall: comply with REC-22, REC-24 of RFC 6092

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46478
---
 .../network/config/firewall/files/firewall.config  | 23 +++++++++++-----------
 1 file changed, 11 insertions(+), 12 deletions(-)

(limited to 'package/network/config/firewall/files')

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index 1a20e39ca5..5d0e3cbc66 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -159,19 +159,18 @@ config include
 #	option proto		tcp
 
 # allow IPsec/ESP and ISAKMP passthrough
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option protocol		esp
-#	option target		ACCEPT
+config rule
+	option src		wan
+	option dest		lan
+	option protocol		esp
+	option target		ACCEPT
 
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option src_port		500
-#	option dest_port	500
-#	option proto		udp
-#	option target		ACCEPT
+config rule
+	option src		wan
+	option dest		lan
+	option dest_port	500
+	option proto		udp
+	option target		ACCEPT
 
 ### FULL CONFIG SECTIONS
 #config rule
-- 
cgit v1.2.3