Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /etc/config/network
- config interface 'loopback'
- option ifname 'lo'
- option proto 'static'
- option ipaddr '127.0.0.1'
- option netmask '255.0.0.0'
- config interface 'lan'
- option ifname 'eth0'
- option type 'bridge'
- option proto 'static'
- option ipaddr '192.168.1.11'
- option netmask '255.255.255.0'
- option macaddr 'c4:93:00:00:13:dc'
- config interface 'wan'
- option ifname 'eth0.2'
- option proto 'dhcp'
- /etc/config/wireless
- config wifi-device radio0
- option type mac80211
- option channel 11
- option macaddr c4:93:00:00:13:de
- option hwmode 11ng
- option txpower 20
- option htmode HT20
- list ht_capab GF
- list ht_capab SHORT-GI-20
- list ht_capab SHORT-GI-40
- list ht_capab RX-STBC1
- # REMOVE THIS LINE TO ENABLE WIFI:
- # option disabled 1
- config wifi-iface
- option device radio0
- option network lan
- option mode ap
- option ssid OpenWrt
- option encryption none
- /etc/config/firwall
- config defaults
- option syn_flood '1'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
- config zone
- option name 'lan'
- option network 'lan'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
- config zone
- option name 'wan'
- option network 'wan'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
- option masq '1'
- option mtu_fix '1'
- config forwarding
- option src 'lan'
- option dest 'wan'
- config rule
- option name 'Allow-DHCP-Renew'
- option src 'wan'
- option proto 'udp'
- option dest_port '68'
- option target 'ACCEPT'
- option family 'ipv4'
- config rule
- option name 'Allow-Ping'
- option src 'wan'
- option proto 'icmp'
- option icmp_type 'echo-request'
- option family 'ipv4'
- option target 'ACCEPT'
- config rule
- option name 'Allow-DHCPv6'
- option src 'wan'
- option proto 'udp'
- option src_ip 'fe80::/10'
- option src_port '547'
- option dest_ip 'fe80::/10'
- option dest_port '546'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option name 'Allow-ICMPv6-Input'
- option src 'wan'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- list icmp_type 'router-solicitation'
- list icmp_type 'neighbour-solicitation'
- list icmp_type 'router-advertisement'
- list icmp_type 'neighbour-advertisement'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option name 'Allow-ICMPv6-Forward'
- option src 'wan'
- option dest '*'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
- config include
- option path '/etc/firewall.user'
- config include
- option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
- config include 'openvpn_include_file'
- option path '/etc/openvpn.firewall'
- config include 'tor_include_file'
- option path '/etc/tor.firewall'
- config restriction_rule 'rule_1'
- option is_ingress '0'
- option description 'google_block'
- option local_addr '192.168.1.10'
- option proto 'both'
- option url_domain_contains '"google"'
- option enabled '1'
- /etc/firewall.user
- # This file is interpreted as shell script.
- # Put your custom iptables rules here, they will
- # be executed with each firewall (re-)start.
- /etc/dnsmasq.conf
- # Change the following lines if you want dnsmasq to serve SRV
- # records.
- # You may add multiple srv-host lines.
- # The fields are <name>,<target>,<port>,<priority>,<weight>
- # A SRV record sending LDAP for the example.com domain to
- # ldapserver.example.com port 289
- #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
- # Two SRV records for LDAP, each with different priorities
- #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
- #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
- # A SRV record indicating that there is no LDAP server for the domain
- # example.com
- #srv-host=_ldap._tcp.example.com
- # The following line shows how to make dnsmasq serve an arbitrary PTR
- # record. This is useful for DNS-SD.
- # The fields are <name>,<target>
- #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
- # Change the following lines to enable dnsmasq to serve TXT records.
- # These are used for things like SPF and zeroconf.
- # The fields are <name>,<text>,<text>...
- #Example SPF.
- #txt-record=example.com,"v=spf1 a -all"
- #Example zeroconf
- #txt-record=_http._tcp.example.com,name=value,paper=A4
- # Provide an alias for a "local" DNS name. Note that this _only_ works
- # for targets which are names from DHCP or /etc/hosts. Give host
- # "bert" another name, bertrand
- # The fields are <cname>,<target>
- #cname=bertand,bert
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement