From 8c42565f546f22a60c2a20b1c632ec1877e7525c Mon Sep 17 00:00:00 2001
From: Ycarus <ycarus@zugaina.org>
Date: Fri, 9 Feb 2018 10:55:46 +0100
Subject: [PATCH] Set default firewall rules for glorytun

---
 .../root/etc/uci-defaults/40_luci-glorytun          | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/luci-app-glorytun/root/etc/uci-defaults/40_luci-glorytun b/luci-app-glorytun/root/etc/uci-defaults/40_luci-glorytun
index 310d95971..4554db5e0 100644
--- a/luci-app-glorytun/root/etc/uci-defaults/40_luci-glorytun
+++ b/luci-app-glorytun/root/etc/uci-defaults/40_luci-glorytun
@@ -23,7 +23,18 @@ EOF
 uci -q batch <<-EOF >/dev/null
 	add firewall zone
 	set firewall.@zone[-1].name=vpn
-	set firewall.@zone[-1].network='vpn'
+	set firewall.@zone[-1].network='glorytun'
+	set firewall.@zone[-1].masq='1'
+	set firewall.@zone[-1].input='REJECT'
+	set firewall.@zone[-1].forward='REJECT'
+	set firewall.@zone[-1].output='ACCEPT'
+	set firewall.allow_dhcp_request_vpn=rule
+	set firewall.allow_dhcp_request_vpn.name="Allow-DHCP-Request-VPN"
+	set firewall.allow_dhcp_request_vpn.src=glorytun
+	set firewall.allow_dhcp_request_vpn.proto=udp
+	set firewall.allow_dhcp_request_vpn.dest_port=67
+	set firewall.allow_dhcp_request_vpn.target=ACCEPT
+	set firewall.allow_dhcp_request_vpn.family=ipv4
 	commit firewall
 EOF