firewall: replace echo initial optionsfw settings

use echo initial optionsfw settings seems creating duplicated optionsfw settings. Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2025-04-12 07:14:54 -07:00
parent 6eef7f8535
commit 04f60a6291
2 changed files with 24 additions and 23 deletions
--- a/config/cfgroot/optionsfw-settings
+++ b/config/cfgroot/optionsfw-settings
@@ -0,0 +1,23 @@
+FWBRIDGEMODE=off
+BRIDGENETFILTER=off
+DROPNEWNOTSYN=on
+DROPINPUT=on
+DROPFORWARD=on
+FWPOLICY=DROP
+FWPOLICY1=DROP
+FWPOLICY2=DROP
+DROPPORTSCAN=on
+DROPOUTGOING=on
+DROPSAMBA=off
+DROPPROXY=off
+SHOWREMARK=on
+SHOWCOLORS=on
+SHOWTABLES=off
+SHOWDROPDOWN=off
+DROPWIRELESSINPUT=on
+DROPWIRELESSFORWARD=on
+DROPSPOOFEDMARTIAN=on
+DROPHOSTILE=on
+LOGDROPHOSTILEIN=on
+LOGDROPHOSTILEOUT=on
+LOGDROPCTINVALID=on
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -119,29 +119,7 @@ $(TARGET) :
 	echo  "ENABLED=off"		> $(CONFIG_ROOT)/vpn/settings
 	echo  "01"			> $(CONFIG_ROOT)/certs/serial
 	echo  "nameserver    1.2.3.4"	> $(CONFIG_ROOT)/ppp/fake-resolv.conf
-	echo  "FWBRIDGEMODE=off"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "BRIDGENETFILTER=off"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPNEWNOTSYN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPINPUT=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPFORWARD=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "FWPOLICY=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "FWPOLICY1=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "FWPOLICY2=DROP"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPPORTSCAN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPOUTGOING=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPSAMBA=off"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPPROXY=off"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "SHOWREMARK=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "SHOWCOLORS=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "SHOWTABLES=off"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "SHOWDROPDOWN=off"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPWIRELESSINPUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPWIRELESSFORWARD=on"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPSPOOFEDMARTIAN=on"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "DROPHOSTILE=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "LOGDROPHOSTILEIN=on"		>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "LOGDROPHOSTILEOUT=on"	>> $(CONFIG_ROOT)/optionsfw/settings
-	echo  "LOGDROPCTINVALID=on"	>> $(CONFIG_ROOT)/optionsfw/settings
+	cp $(DIR_SRC)/config/cfgroot/optionsfw-settings		$(CONFIG_ROOT)/optionsfw/settings
 	echo  "POLICY=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 	echo  "USE_ISP_NAMESERVERS=on"  >> $(CONFIG_ROOT)/dns/settings