edgerouter-firewall

1. default-action drop
2. description "WAN to router"
3. rule 10 {
4. action accept
5. description "Allow established/related"
6. state {
7. established enable
8. related enable
9. }
10. }
11. rule 20 {
12. action accept
13. description "Allow remote access"
14. destination {
15. port 80,443
16. }
17. log enable
18. protocol tcp
19. source {
20. address 46.182.XXX.XXX
21. }
22. }
23. rule 30 {
24. action accept
25. description "Allow local access"
26. destination {
27. port 80,443
28. }
29. log disable
30. protocol tcp
31. source {
32. address 192.168.4.1/24
33. }
34. }
35. rule 40 {
36. action accept
37. description "Allow remote access MrChillax"
38. destination {
39. port 80,443
40. }
41. log disable
42. protocol tcp
43. source {
44. address 80.56.XX.XXX
45. }
46. }
47. rule 50 {
48. action accept
49. description "Allow SSH router"
50. destination {
51. port 22
52. }
53. log disable
54. protocol tcp
55. source {
56. address 46.182.XXX.XXX
57. }
58. }
59. rule 60 {
60. action accept
61. description "Allow IKE"
62. destination {
63. port 500
64. }
65. log enable
66. protocol udp
67. }
68. rule 70 {
69. action accept
70. description "Allow L2TP"
71. destination {
72. port 1701
73. }
74. log enable
75. protocol udp
76. }
77. rule 80 {
78. action accept
79. description "Allow ESP"
80. log enable
81. protocol esp
82. }
83. rule 90 {
84. action accept
85. description "Allow NAT traversal"
86. destination {
87. port 4500
88. }
89. log enable
90. protocol udp
91. }
92. rule 100 {
93. action drop
94. description "Drop invalid state"
95. state {
96. invalid enable
97. }
98. }