luci-app-ipsec-vpnd: rules security optimization

2025-04-16 04:13:31 +00:00 · 2021-07-20 14:08:13 +08:00 · 2021-07-20 14:08:13 +08:00 · facd06ed14
commit facd06ed14
parent 5d2b458012
2 changed files with 8 additions and 4 deletions
--- a/package/lean/luci-app-ipsec-vpnd/Makefile
+++ b/package/lean/luci-app-ipsec-vpnd/Makefile
@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for IPSec VPN Server (IKEv1 with PSK and Xauth)
 LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-xauth-generic +strongswan-mod-kernel-libipsec
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=10
+PKG_RELEASE:=11

 include $(TOPDIR)/feeds/luci/luci.mk

--- a/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
@ -18,9 +18,7 @@ uci -q batch <<-EOF >/dev/null
 	set network.VPN.netmask="255.255.255.0"
 	
 	commit network
-	
-	set firewall.@defaults[0].forward="ACCEPT"
-	
+		
  delete firewall.ike
  add firewall rule
  rename firewall.@rule[-1]="ike"
@ -62,6 +60,12 @@ uci -q batch <<-EOF >/dev/null
 	set firewall.VPN.forward="ACCEPT"
 	set firewall.VPN.output="ACCEPT"
 	set firewall.VPN.network="VPN"
+	
+  delete firewall.vpn
+	set firewall.vpn=forwarding
+	set firewall.vpn.name="vpn"
+	set firewall.vpn.dest="wan"
+	set firewall.vpn.src="VPN"
  
  commit firewall
 EOF