From b907c99915b1c478318a3a3f08dcc23a9f887b9c Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 26 Jun 2020 15:02:48 +0200
Subject: [PATCH] Set REJECT as default for firewall config

---
 openmptcprouter/files/etc/uci-defaults/1980-omr-firewall | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index f8002336f..99ca4285f 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -1,5 +1,13 @@
 #!/bin/sh
 
+# Set REJECT as default rule if an interface is not in a zone
+uci -q batch <<-EOF >/dev/null
+	set firewall.@defaults[0].input='REJECT'
+	set firewall.@defaults[0].output='REJECT'
+	set firewall.@defaults[0].forward='REJECT'
+EOF
+
+
 if [ "$(uci -q get firewall.@zone[2].name)" = "vpn" ]; then
 	uci -q batch <<-EOF >/dev/null
 		del firewall.@zone[2]