From 1adbd1f0c8928a64c1590819f05bc0467eab3a9a Mon Sep 17 00:00:00 2001
From: dongjuanyong <38952488+dongjuanyong@users.noreply.github.com>
Date: Sat, 15 Sep 2018 20:18:26 +0800
Subject: [PATCH] Fix too much ppp policies in forwarding_rule chain

Every time restart firewall, pptpd.include will be executed. Thus two ppp policy will be added to forwarding_rule chain.
Modified to delete old policies before add new ones.
P.S. according to https://wiki.openwrt.org/doc/howto/vpn.server.pptpd , ppp+ policies will also allow data from other ppp interfaces, including pppoe. Thus if you are using ppp (PPPoE or similar) in wan(that's what in my case), this configuration is insecure. However someone made it like this: https://datahunter.org/openwrt_pptp
---
 package/lean/luci-app-pptp-server/root/etc/pptpd.include | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/lean/luci-app-pptp-server/root/etc/pptpd.include b/package/lean/luci-app-pptp-server/root/etc/pptpd.include
index 617eebf85..3d06066d4 100755
--- a/package/lean/luci-app-pptp-server/root/etc/pptpd.include
+++ b/package/lean/luci-app-pptp-server/root/etc/pptpd.include
@@ -1,3 +1,6 @@
+iptables -D forwarding_rule -i ppp+ -j ACCEPT
+iptables -D forwarding_rule -o ppp+ -j ACCEPT
+
 iptables -A forwarding_rule -i ppp+ -j ACCEPT
 iptables -A forwarding_rule -o ppp+ -j ACCEPT
 echo 1 > /proc/sys/net/ipv4/conf/br-lan/proxy_arp