From 02001624d22733f208f7d17b398c076e85c9971d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Sat, 18 Dec 2021 14:50:13 +0100 Subject: [PATCH] configroot: Enable logging of spoofed packets/martians by default MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Peter Müller --- lfs/configroot | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lfs/configroot b/lfs/configroot index 60dc55bfd2..a568161433 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -114,7 +114,7 @@ $(TARGET) : echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings echo "01" > $(CONFIG_ROOT)/certs/serial echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf - echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings @@ -130,6 +130,7 @@ $(TARGET) : echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DROPSPOOFEDMARTIAN=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings -- 2.39.5