From 55f6e62cf70132e31e32ec7a666cf0068878287b Mon Sep 17 00:00:00 2001
From: =?utf8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Sat, 18 Dec 2021 14:50:27 +0100
Subject: [PATCH] configroot: Drop traffic from and to hostile networks by
 default
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/configroot | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lfs/configroot b/lfs/configroot
index a568161433..9f3188aab9 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -131,6 +131,7 @@ $(TARGET) :
 	echo  "DROPWIRELESSINPUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPWIRELESSFORWARD=on"	>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "DROPSPOOFEDMARTIAN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
+	echo  "DROPHOSTILE=on"		>> $(CONFIG_ROOT)/optionsfw/settings
 	echo  "POLICY=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings
-- 
2.39.5