From 0f5b06a31ae3762a5a774d2df69ec07bc5ff7396 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Oct 2020 13:09:26 +0100
Subject: [PATCH] Block QUIC by default

---
 .../files/etc/uci-defaults/1980-omr-firewall  | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 5dfb44313..aed1164e8 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -131,6 +131,26 @@ if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
 		commit firewall
 	EOF
 fi
+
+if [ "$(uci -q get firewall.blockquicproxy)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.blockquicproxy=rule
+		set firewall.blockquicproxy.name='Block QUIC Proxy'
+		set firewall.blockquicproxy.proto='udp'
+		set firewall.blockquicproxy.dest_port='443'
+		set firewall.blockquicproxy.target='DROP'
+		set firewall.blockquicproxy.src='lan'
+		set firewall.blockquicall=rule
+		set firewall.blockquicall.name='Block QUIC All'
+		set firewall.blockquicall.proto='udp'
+		set firewall.blockquicall.src='*'
+		set firewall.blockquicall.dest='*'
+		set firewall.blockquicall.dest_port='443'
+		set firewall.blockquicall.target='DROP'
+		commit firewall
+	EOF
+fi
+
 uci -q batch <<-EOF >/dev/null
 	set firewall.@zone[0].mtu_fix='1'
 	set firewall.zone_vpn.mtu_fix='1'