[][kernel][common][firewall][Add PPTP helper rule to fix PPTP VPN feature by default]
[Description]
Add PPTP helper rule to fix PPTP VPN feature by default.
In patch as below, linux kernel disable automatic helper
assignment by default for security reasons. (nf_conntrack_helper=0)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
/commit/?h=linux-4.9.y&id=8f9872be6db939a75a075cd893a47ce5742cee00
Instead of turning on nf_conntrack_helper,it suggests to use the
iptables CT target to attach helpers.
[Release-log]
N/A
Change-Id: I7e3260024bad00486b0e16406e813c372910fc38
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/6712515
diff --git a/feed/mtkhnat_util/files/99-firewall b/feed/mtkhnat_util/files/99-firewall
index 9c72762..8c59b3f 100755
--- a/feed/mtkhnat_util/files/99-firewall
+++ b/feed/mtkhnat_util/files/99-firewall
@@ -1,3 +1,4 @@
+echo "iptables -I OUTPUT -t raw -p tcp --dport 1723 -j CT --helper pptp" >> /etc/firewall.user
echo "iptables -t mangle -A FORWARD -m dscp --dscp-class BE -j MARK --set-mark 0" >> /etc/firewall.user
echo "iptables -t mangle -A FORWARD -m dscp --dscp-class CS2 -j MARK --set-mark 2" >> /etc/firewall.user
echo "iptables -t mangle -A FORWARD -m dscp --dscp-class CS4 -j MARK --set-mark 4" >> /etc/firewall.user