API tools faq
paste
Advertisement
HUNataniel

/etc/config/firewall

HUNataniel
Mar 28th, 2014
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.61 KB | None | 0 0
raw download clone embed print report
  1. config defaults
  2. option syn_flood '1'
  3. option input 'ACCEPT'
  4. option output 'ACCEPT'
  5. option forward 'REJECT'
  6.  
  7. config zone
  8. option name 'lan'
  9. option network 'lan'
  10. option input 'ACCEPT'
  11. option output 'ACCEPT'
  12. option forward 'REJECT'
  13.  
  14. config zone
  15. option name 'wan'
  16. option network 'wan'
  17. option input 'REJECT'
  18. option output 'ACCEPT'
  19. option forward 'REJECT'
  20. option masq '1'
  21. option mtu_fix '1'
  22.  
  23. config forwarding
  24. option src 'lan'
  25. option dest 'wan'
  26.  
  27. config rule
  28. option name 'Allow-DHCP-Renew'
  29. option src 'wan'
  30. option proto 'udp'
  31. option dest_port '68'
  32. option target 'ACCEPT'
  33. option family 'ipv4'
  34.  
  35. config rule
  36. option name 'Allow-Ping'
  37. option src 'wan'
  38. option proto 'icmp'
  39. option icmp_type 'echo-request'
  40. option family 'ipv4'
  41. option target 'ACCEPT'
  42.  
  43. config rule
  44. option name 'Allow-DHCPv6'
  45. option src 'wan'
  46. option proto 'udp'
  47. option src_ip 'fe80::/10'
  48. option src_port '547'
  49. option dest_ip 'fe80::/10'
  50. option dest_port '546'
  51. option family 'ipv6'
  52. option target 'ACCEPT'
  53.  
  54. config rule
  55. option name 'Allow-ICMPv6-Input'
  56. option src 'wan'
  57. option proto 'icmp'
  58. list icmp_type 'echo-request'
  59. list icmp_type 'echo-reply'
  60. list icmp_type 'destination-unreachable'
  61. list icmp_type 'packet-too-big'
  62. list icmp_type 'time-exceeded'
  63. list icmp_type 'bad-header'
  64. list icmp_type 'unknown-header-type'
  65. list icmp_type 'router-solicitation'
  66. list icmp_type 'neighbour-solicitation'
  67. list icmp_type 'router-advertisement'
  68. list icmp_type 'neighbour-advertisement'
  69. option limit '1000/sec'
  70. option family 'ipv6'
  71. option target 'ACCEPT'
  72.  
  73. config rule
  74. option name 'Allow-ICMPv6-Forward'
  75. option src 'wan'
  76. option dest '*'
  77. option proto 'icmp'
  78. list icmp_type 'echo-request'
  79. list icmp_type 'echo-reply'
  80. list icmp_type 'destination-unreachable'
  81. list icmp_type 'packet-too-big'
  82. list icmp_type 'time-exceeded'
  83. list icmp_type 'bad-header'
  84. list icmp_type 'unknown-header-type'
  85. option limit '1000/sec'
  86. option family 'ipv6'
  87. option target 'ACCEPT'
  88.  
  89. config include
  90. option path '/etc/firewall.user'
  91.  
  92. config zone
  93. option forward 'REJECT'
  94. option output 'ACCEPT'
  95. option name 'guest'
  96. option network 'guest'
  97. option input 'REJECT'
  98.  
  99. config forwarding
  100. option dest 'wan'
  101. option src 'guest'
  102.  
  103. config rule
  104. option target 'ACCEPT'
  105. option proto 'tcp udp'
  106. option dest_port '53'
  107. option name 'Guest DNS'
  108. option src 'guest'
  109.  
  110. config rule
  111. option src 'guest'
  112. option name 'gatewayDENY'
  113. option dest_ip '192.168.1.1'
  114. option target 'REJECT'
  115.  
  116. config rule
  117. option src 'guest'
  118. option name 'gatewayDENY3'
  119. option dest_ip '192.168.3.1'
  120. option target 'REJECT'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!