From: Peter Müller <peter.mueller@ipfire.org>
Date: Sat, 18 Dec 2021 13:50:27 +0000 (+0100)
Subject: configroot: Drop traffic from and to hostile networks by default
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=55f6e62cf70132e31e32ec7a666cf0068878287b;p=people%2Fstevee%2Fipfire-2.x.git

configroot: Drop traffic from and to hostile networks by default

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/lfs/configroot b/lfs/configroot
index a568161433..9f3188aab9 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -131,6 +131,7 @@ $(TARGET) :
 	echo  "DROPWIRELESSINPUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPWIRELESSFORWARD=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPSPOOFEDMARTIAN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPHOSTILE=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "POLICY=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings