From 01336f70ecc7ad1c0b4a3260a8b64ad8002540a6 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 17 Jan 2018 09:40:03 +0100
Subject: [PATCH] gluon-core: firewall: make the default input policy REJECT

Fixes #1311
---
 .../gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules b/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
index 3cfac9c8a..5345c1a74 100755
--- a/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/140-firewall-rules
@@ -3,6 +3,10 @@
 local uci = require('simple-uci').cursor()
 
 
+local defaults = uci:get_first('firewall', 'defaults')
+uci:set('firewall', defaults, 'input', 'REJECT')
+
+
 local function reject_input_on_wan(zone)
 	if zone.name == 'wan' then
 		uci:set('firewall', zone['.name'], 'input', 'REJECT')
-- 
GitLab