/etc/config/networkconfig interface 'loopback' option ifname 'lo' option p

1. /etc/config/network
2. config interface 'loopback'
3. option ifname 'lo'
4. option proto 'static'
5. option ipaddr '127.0.0.1'
6. option netmask '255.0.0.0'
7.  
8. config interface 'lan'
9. option ifname 'eth0'
10. option type 'bridge'
11. option proto 'static'
12. option ipaddr '192.168.1.11'
13. option netmask '255.255.255.0'
14. option macaddr 'c4:93:00:00:13:dc'
15.  
16. config interface 'wan'
17. option ifname 'eth0.2'
18. option proto 'dhcp'
19.  
20.  
21. /etc/config/wireless
22.  
23. config wifi-device radio0
24. option type mac80211
25. option channel 11
26. option macaddr c4:93:00:00:13:de
27. option hwmode 11ng
28. option txpower 20
29. option htmode HT20
30. list ht_capab GF
31. list ht_capab SHORT-GI-20
32. list ht_capab SHORT-GI-40
33. list ht_capab RX-STBC1
34. # REMOVE THIS LINE TO ENABLE WIFI:
35. # option disabled 1
36.  
37. config wifi-iface
38. option device radio0
39. option network lan
40. option mode ap
41. option ssid OpenWrt
42. option encryption none
43.  
44.  
45. /etc/config/firwall
46.  
47.  
48. config defaults
49. option syn_flood '1'
50. option input 'ACCEPT'
51. option output 'ACCEPT'
52. option forward 'REJECT'
53.  
54. config zone
55. option name 'lan'
56. option network 'lan'
57. option input 'ACCEPT'
58. option output 'ACCEPT'
59. option forward 'REJECT'
60.  
61. config zone
62. option name 'wan'
63. option network 'wan'
64. option input 'ACCEPT'
65. option output 'ACCEPT'
66. option forward 'REJECT'
67. option masq '1'
68. option mtu_fix '1'
69.  
70. config forwarding
71. option src 'lan'
72. option dest 'wan'
73.  
74. config rule
75. option name 'Allow-DHCP-Renew'
76. option src 'wan'
77. option proto 'udp'
78. option dest_port '68'
79. option target 'ACCEPT'
80. option family 'ipv4'
81.  
82. config rule
83. option name 'Allow-Ping'
84. option src 'wan'
85. option proto 'icmp'
86. option icmp_type 'echo-request'
87. option family 'ipv4'
88. option target 'ACCEPT'
89.  
90. config rule
91. option name 'Allow-DHCPv6'
92. option src 'wan'
93. option proto 'udp'
94. option src_ip 'fe80::/10'
95. option src_port '547'
96. option dest_ip 'fe80::/10'
97. option dest_port '546'
98. option family 'ipv6'
99. option target 'ACCEPT'
100.  
101. config rule
102. option name 'Allow-ICMPv6-Input'
103. option src 'wan'
104. option proto 'icmp'
105. list icmp_type 'echo-request'
106. list icmp_type 'echo-reply'
107. list icmp_type 'destination-unreachable'
108. list icmp_type 'packet-too-big'
109. list icmp_type 'time-exceeded'
110. list icmp_type 'bad-header'
111. list icmp_type 'unknown-header-type'
112. list icmp_type 'router-solicitation'
113. list icmp_type 'neighbour-solicitation'
114. list icmp_type 'router-advertisement'
115. list icmp_type 'neighbour-advertisement'
116. option limit '1000/sec'
117. option family 'ipv6'
118. option target 'ACCEPT'
119.  
120. config rule
121. option name 'Allow-ICMPv6-Forward'
122. option src 'wan'
123. option dest '*'
124. option proto 'icmp'
125. list icmp_type 'echo-request'
126. list icmp_type 'echo-reply'
127. list icmp_type 'destination-unreachable'
128. list icmp_type 'packet-too-big'
129. list icmp_type 'time-exceeded'
130. list icmp_type 'bad-header'
131. list icmp_type 'unknown-header-type'
132. option limit '1000/sec'
133. option family 'ipv6'
134. option target 'ACCEPT'
135.  
136. config include
137. option path '/etc/firewall.user'
138.  
139. config include
140. option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
141.  
142. config include 'openvpn_include_file'
143. option path '/etc/openvpn.firewall'
144.  
145. config include 'tor_include_file'
146. option path '/etc/tor.firewall'
147.  
148. config restriction_rule 'rule_1'
149. option is_ingress '0'
150. option description 'google_block'
151. option local_addr '192.168.1.10'
152. option proto 'both'
153. option url_domain_contains '"google"'
154. option enabled '1'
155.  
156.  
157. /etc/firewall.user
158.  
159. # This file is interpreted as shell script.
160. # Put your custom iptables rules here, they will
161. # be executed with each firewall (re-)start.
162.  
163. /etc/dnsmasq.conf
164. # Change the following lines if you want dnsmasq to serve SRV
165. # records.
166. # You may add multiple srv-host lines.
167. # The fields are <name>,<target>,<port>,<priority>,<weight>
168.  
169. # A SRV record sending LDAP for the example.com domain to
170. # ldapserver.example.com port 289
171. #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
172.  
173. # Two SRV records for LDAP, each with different priorities
174. #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
175. #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
176.  
177. # A SRV record indicating that there is no LDAP server for the domain
178. # example.com
179. #srv-host=_ldap._tcp.example.com
180.  
181. # The following line shows how to make dnsmasq serve an arbitrary PTR
182. # record. This is useful for DNS-SD.
183. # The fields are <name>,<target>
184. #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
185.  
186. # Change the following lines to enable dnsmasq to serve TXT records.
187. # These are used for things like SPF and zeroconf.
188. # The fields are <name>,<text>,<text>...
189.  
190. #Example SPF.
191. #txt-record=example.com,"v=spf1 a -all"
192.  
193. #Example zeroconf
194. #txt-record=_http._tcp.example.com,name=value,paper=A4
195.  
196. # Provide an alias for a "local" DNS name. Note that this _only_ works
197. # for targets which are names from DHCP or /etc/hosts. Give host
198. # "bert" another name, bertrand
199. # The fields are <cname>,<target>
200. #cname=bertand,bert