From 6bec5daf842a76a8b62410955e3ce464863094f2 Mon Sep 17 00:00:00 2001
From: coolsnowwolf <coolsnowwolf@gmail.com>
Date: Sat, 11 Nov 2017 23:26:14 +0800
Subject: [PATCH] update luci ipsec vpn firewall rules

---
 package/lean/luci-app-ipsec-vpnd/Makefile               | 2 +-
 package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/package/lean/luci-app-ipsec-vpnd/Makefile b/package/lean/luci-app-ipsec-vpnd/Makefile
index a145e3329..1bf6299b6 100644
--- a/package/lean/luci-app-ipsec-vpnd/Makefile
+++ b/package/lean/luci-app-ipsec-vpnd/Makefile
@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for IPSec VPN Server (IKEv1 with PSK and Xauth)
 LUCI_DEPENDS:=+strongswan-minimal +strongswan-mod-xauth-generic
 LUCI_PKGARCH:=all
 PKG_VERSION:=2.0
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include b/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include
index 84129f643..d887c623d 100755
--- a/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/ipsec.include
@@ -1,3 +1,8 @@
+iptables -D FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev/null
+iptables -D FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null
+iptables -D INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev/null
+iptables -D OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null
+
 iptables -I FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
 iptables -I FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT
 iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT