Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### NETWORK -------------------------------------------------------------
- config 'interface' 'loopback'
- option 'ifname' 'lo'
- option 'proto' 'static'
- option 'ipaddr' '127.0.0.1'
- option 'netmask' '255.0.0.0'
- config 'interface' 'lan'
- option 'ifname' 'eth0.1'
- option 'type' 'bridge'
- option 'proto' 'static'
- option 'netmask' '255.255.255.0'
- option 'ipaddr' '192.168.aaa.1'
- config 'interface' 'wan'
- option 'ifname' 'eth0.2'
- option 'proto' 'dhcp'
- option 'macaddr' '00:00:00:00:00:00'
- option 'peerdns' '0'
- option 'defaultroute' '0'
- list 'dns' '208.67.222.222'
- list 'dns' '208.67.220.220'
- list 'dns' '8.8.8.8'
- list 'dns' '8.8.4.4'
- config 'switch'
- option 'name' 'rtl8366rb'
- option 'reset' '1'
- option 'enable_vlan' '1'
- config 'switch_vlan'
- option 'device' 'rtl8366rb'
- option 'vlan' '1'
- option 'ports' '1 2 3 4 5t'
- config 'switch_vlan'
- option 'device' 'rtl8366rb'
- option 'vlan' '2'
- option 'ports' '0 5t'
- config 'interface' 'wwan'
- option 'proto' 'dhcp'
- option 'peerdns' '0'
- option 'defaultroute' '0'
- list 'dns' '208.67.222.222'
- list 'dns' '208.67.220.220'
- list 'dns' '8.8.8.8'
- list 'dns' '8.8.4.4'
- ### FIREWALL -------------------------------------------------------------
- config 'defaults'
- option 'syn_flood' '1'
- option 'input' 'ACCEPT'
- option 'output' 'ACCEPT'
- option 'forward' 'REJECT'
- option 'drop_invalid' '1'
- config 'zone'
- option 'name' 'lan'
- option 'network' 'lan'
- option 'input' 'ACCEPT'
- option 'output' 'ACCEPT'
- option 'forward' 'REJECT'
- config 'zone'
- option 'name' 'wan'
- option 'input' 'REJECT'
- option 'output' 'ACCEPT'
- option 'forward' 'REJECT'
- option 'masq' '1'
- option 'mtu_fix' '1'
- option 'network' 'wan wwan'
- config 'forwarding'
- option 'src' 'lan'
- option 'dest' 'wan'
- config 'rule'
- option 'src' 'wan'
- option 'proto' 'udp'
- option 'dest_port' '68'
- option 'target' 'ACCEPT'
- option 'family' 'ipv4'
- config 'rule'
- option 'src' 'wan'
- option 'proto' 'icmp'
- option 'icmp_type' 'echo-request'
- option 'family' 'ipv4'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'src' 'wan'
- option 'proto' 'icmp'
- list 'icmp_type' 'echo-request'
- list 'icmp_type' 'destination-unreachable'
- list 'icmp_type' 'packet-too-big'
- list 'icmp_type' 'time-exceeded'
- list 'icmp_type' 'bad-header'
- list 'icmp_type' 'unknown-header-type'
- list 'icmp_type' 'router-solicitation'
- list 'icmp_type' 'neighbour-solicitation'
- option 'limit' '1000/sec'
- option 'family' 'ipv6'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'src' 'wan'
- option 'dest' '*'
- option 'proto' 'icmp'
- list 'icmp_type' 'echo-request'
- list 'icmp_type' 'destination-unreachable'
- list 'icmp_type' 'packet-too-big'
- list 'icmp_type' 'time-exceeded'
- list 'icmp_type' 'bad-header'
- list 'icmp_type' 'unknown-header-type'
- option 'limit' '1000/sec'
- option 'family' 'ipv6'
- option 'target' 'ACCEPT'
- config 'include'
- option 'path' '/etc/firewall.user'
- config 'rule'
- option 'target' 'ACCEPT'
- option '_name' 'OPenVPN'
- option 'src' 'wan'
- option 'proto' 'tcp'
- option 'dest_port' '[vpn_port]'
- option 'src_ip' 'xx.xx.xx.xx'
- ### FIREWALL USER --------------------------------------------------------
- iptables -t nat -A prerouting_wan -p tcp --dport [vpn_port] -j ACCEPT
- iptables -A input_wan -p tcp --dport [vpn_port] -j ACCEPT
- iptables -I OUTPUT -o tun+ -j ACCEPT
- iptables -I INPUT -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -I FORWARD -o tun+ -j ACCEPT
- iptables -I FORWARD -i tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement