From b9d5d51d428525d9334bac317268a938c12d1a47 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 7 Aug 2022 20:10:15 +0200
Subject: [PATCH] Fix https://github.com/Ysurac/openmptcprouter/issues/2453 and
 add a limit on ICMP

---
 openmptcprouter/files/etc/uci-defaults/1980-omr-firewall | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 3719a41b0..b4493bb18 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -77,6 +77,7 @@ if [ "$(uci -q show firewall | grep Allow-All-Ping)" = "" ]; then
 		set firewall.@rule[-1].dest='*'
 		set firewall.@rule[-1].src='*'
 		set firewall.@rule[-1].icmp_type='echo-request'
+		set firewall.@rule[-1].limit='1000/sec'
 		commit firewall
 	EOF
 fi
@@ -195,6 +196,7 @@ if [ "$(uci -q get firewall.allowicmpipv6)" = "" ]; then
 		set firewall.allowicmpipv6.src='wan'
 		set firewall.allowicmpipv6.name='Allow IPv6 ICMP'
 		set firewall.allowicmpipv6.family='ipv6'
+		set firewall.@rule[-1].limit='1000/sec'
 		set firewall.allowicmpipv6.icmp_type='neighbour-advertisement neighbour-solicitation router-advertisement router-solicitation'
 		commit firewall
 	EOF
@@ -244,6 +246,7 @@ if [ "$(uci -q get openmptcprouter.settings.sipalg)" != "1" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.zone_lan.auto_helper='0'
 		set firewall.zone_wan.auto_helper='0'
+		set firewall.zone_vpn.auto_helper='0'
 		commit firewall
 	EOF
 	rmmod nf_nat_sip 2>&1 >/dev/null