Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@Router-wawa:~# cat /etc/config/firewall
- config defaults
- option syn_flood '1'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
- option force_router_dns '1'
- config zone
- option name 'lan'
- list network 'lan'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
- config zone
- option name 'wan'
- list network 'wan'
- list network 'wan6'
- option input 'REJECT'
- option output 'ACCEPT'
- option forward 'REJECT'
- option masq '1'
- option mtu_fix '1'
- config forwarding
- option src 'lan'
- option dest 'wan'
- config rule
- option name 'Allow-DHCP-Renew'
- option src 'wan'
- option proto 'udp'
- option dest_port '68'
- option target 'ACCEPT'
- option family 'ipv4'
- config rule
- option name 'Allow-Ping'
- option src 'wan'
- option proto 'icmp'
- option icmp_type 'echo-request'
- option family 'ipv4'
- option target 'ACCEPT'
- config rule
- option name 'Allow-DHCPv6'
- option src 'wan'
- option proto 'udp'
- option src_ip 'fe80::/10'
- option src_port '547'
- option dest_ip 'fe80::/10'
- option dest_port '546'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option name 'Allow-ICMPv6-Input'
- option src 'wan'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- list icmp_type 'router-solicitation'
- list icmp_type 'neighbour-solicitation'
- list icmp_type 'router-advertisement'
- list icmp_type 'neighbour-advertisement'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option name 'Allow-ICMPv6-Forward'
- option src 'wan'
- option dest '*'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
- config include
- option path '/etc/firewall.user'
- option reload '1'
- config include
- option type 'script'
- option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
- option family 'IPv4'
- option reload '1'
- config include 'miniupnpd'
- option type 'script'
- option path '/usr/share/miniupnpd/firewall.include'
- option family 'IPv4'
- option reload '1'
- config include 'openvpn_include_file'
- option path '/etc/openvpn.firewall'
- option reload '1'
- config remote_accept 'ra_443_444'
- option local_port '443'
- option remote_port '444'
- option proto 'tcp'
- option zone 'wan'
- config remote_accept 'ra_22_44'
- option local_port '22'
- option remote_port '44'
- option proto 'tcp'
- option zone 'wan'
- config remote_accept 'ra_openvpn'
- option zone 'wan'
- option local_port '1194'
- option remote_port '1194'
- option proto 'udp'
- config rule
- option src 'wan'
- option dest 'lan'
- option proto 'gre'
- option target 'ACCEPT'
- config rule
- option src 'wan'
- option dest 'lan'
- option proto 'udptcp'
- option dest_port '1723'
- option target 'ACCEPT'
- config rule
- option src 'wan'
- option dest 'lan'
- option proto 'ah'
- option target 'ACCEPT'
- config rule
- option src 'wan'
- option dest 'lan'
- option proto 'esp'
- option target 'ACCEPT'
- config rule
- option src 'wan'
- option dest 'lan'
- option proto 'udp'
- option src_port '500'
- option dest_port '500'
- option target 'ACCEPT'
- config rule
- option target 'ACCEPT'
- option _name 'IPsec NAT-T'
- option src 'wan'
- option proto 'udp'
- option dest_port '4500'
- config rule
- option target 'ACCEPT'
- option _name 'IPsec IKE'
- option src 'wan'
- option proto 'udp'
- option dest_port '500'
- config rule
- option target 'ACCEPT'
- option _name 'IPsec ESP'
- option src 'wan'
- option proto 'udp'
- config rule
- option target 'ACCEPT'
- option _name 'L2TP ESP'
- option src 'wan'
- option proto 'udp'
- option dest_port '1701'
- option extra '-m policy --strict --dir in --pol ipsec --proto esp'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement