From a360344ee35b1a2fe56a703f5e192c928f7108bd Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Sat, 15 Jul 2023 15:50:22 +0200
Subject: [PATCH 19/43] firewall3/4: enable ssh on wan during early boot stage

Signed-off-by: John Crispin <john@phrozen.org>
---
 .../network/config/firewall/files/firewall.config   |  2 +-
 .../firewall4/patches/100-allow-input-wan.patch     | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 package/network/config/firewall4/patches/100-allow-input-wan.patch

diff --git a/package/network/config/firewall/files/firewall.config b/package/network/config/firewall/files/firewall.config
index b90ac7af0a..e332bcc7ca 100644
--- a/package/network/config/firewall/files/firewall.config
+++ b/package/network/config/firewall/files/firewall.config
@@ -17,7 +17,7 @@ config zone
 	option name		wan
 	list   network		'wan'
 	list   network		'wan6'
-	option input		REJECT
+	option input		ACCEPT
 	option output		ACCEPT
 	option forward		REJECT
 	option masq		1
diff --git a/package/network/config/firewall4/patches/100-allow-input-wan.patch b/package/network/config/firewall4/patches/100-allow-input-wan.patch
new file mode 100644
index 0000000000..f44a2987cf
--- /dev/null
+++ b/package/network/config/firewall4/patches/100-allow-input-wan.patch
@@ -0,0 +1,13 @@
+Index: firewall4-2023-03-23-04a06bd7/root/etc/config/firewall
+===================================================================
+--- firewall4-2023-03-23-04a06bd7.orig/root/etc/config/firewall
++++ firewall4-2023-03-23-04a06bd7/root/etc/config/firewall
+@@ -17,7 +17,7 @@ config zone
+ 	option name		wan
+ 	list   network		'wan'
+ 	list   network		'wan6'
+-	option input		REJECT
++	option input		ACCEPT
+ 	option output		ACCEPT
+ 	option forward		REJECT
+ 	option masq		1
-- 
2.34.1