API tools faq
paste
Advertisement
Guest User

firewall

a guest
Nov 24th, 2016
177
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.00 KB | None | 0 0
raw download clone embed print report
  1. config defaults
  2. option syn_flood '1'
  3. option input 'ACCEPT'
  4. option output 'ACCEPT'
  5. option forward 'REJECT'
  6.  
  7. config zone
  8. option name 'lan'
  9. option input 'ACCEPT'
  10. option output 'ACCEPT'
  11. option forward 'ACCEPT'
  12. option network 'lan'
  13.  
  14. config zone
  15. option name 'wan'
  16. option input 'REJECT'
  17. option output 'ACCEPT'
  18. option forward 'REJECT'
  19. option masq '1'
  20. option mtu_fix '1'
  21. option network 'wan wan6'
  22.  
  23. config rule
  24. option name 'Allow-DHCP-Renew'
  25. option src 'wan'
  26. option proto 'udp'
  27. option dest_port '68'
  28. option target 'ACCEPT'
  29. option family 'ipv4'
  30.  
  31. config rule
  32. option name 'Allow-Ping'
  33. option src 'wan'
  34. option proto 'icmp'
  35. option icmp_type 'echo-request'
  36. option family 'ipv4'
  37. option target 'ACCEPT'
  38.  
  39. config rule
  40. option name 'Allow-IGMP'
  41. option src 'wan'
  42. option proto 'igmp'
  43. option family 'ipv4'
  44. option target 'ACCEPT'
  45.  
  46. config rule
  47. option name 'Allow-DHCPv6'
  48. option src 'wan'
  49. option proto 'udp'
  50. option src_ip 'fe80::/10'
  51. option src_port '547'
  52. option dest_ip 'fe80::/10'
  53. option dest_port '546'
  54. option family 'ipv6'
  55. option target 'ACCEPT'
  56.  
  57. config rule
  58. option name 'Allow-MLD'
  59. option src 'wan'
  60. option proto 'icmp'
  61. option src_ip 'fe80::/10'
  62. list icmp_type '130/0'
  63. list icmp_type '131/0'
  64. list icmp_type '132/0'
  65. list icmp_type '143/0'
  66. option family 'ipv6'
  67. option target 'ACCEPT'
  68.  
  69. config rule
  70. option name 'Allow-ICMPv6-Input'
  71. option src 'wan'
  72. option proto 'icmp'
  73. list icmp_type 'echo-request'
  74. list icmp_type 'echo-reply'
  75. list icmp_type 'destination-unreachable'
  76. list icmp_type 'packet-too-big'
  77. list icmp_type 'time-exceeded'
  78. list icmp_type 'bad-header'
  79. list icmp_type 'unknown-header-type'
  80. list icmp_type 'router-solicitation'
  81. list icmp_type 'neighbour-solicitation'
  82. list icmp_type 'router-advertisement'
  83. list icmp_type 'neighbour-advertisement'
  84. option limit '1000/sec'
  85. option family 'ipv6'
  86. option target 'ACCEPT'
  87.  
  88. config rule
  89. option name 'Allow-ICMPv6-Forward'
  90. option src 'wan'
  91. option dest '*'
  92. option proto 'icmp'
  93. list icmp_type 'echo-request'
  94. list icmp_type 'echo-reply'
  95. list icmp_type 'destination-unreachable'
  96. list icmp_type 'packet-too-big'
  97. list icmp_type 'time-exceeded'
  98. list icmp_type 'bad-header'
  99. list icmp_type 'unknown-header-type'
  100. option limit '1000/sec'
  101. option family 'ipv6'
  102. option target 'ACCEPT'
  103.  
  104. config include
  105. option path '/etc/firewall.user'
  106.  
  107. config include
  108. option path '/usr/share/firewall/turris'
  109. option reload '1'
  110.  
  111. config include
  112. option path '/etc/firewall.d/with_reload/firewall.include.sh'
  113. option reload '1'
  114.  
  115. config include
  116. option path '/etc/firewall.d/without_reload/firewall.include.sh'
  117. option reload '0'
  118.  
  119. config rule
  120. option src 'wan'
  121. option dest 'lan'
  122. option proto 'esp'
  123. option target 'ACCEPT'
  124.  
  125. config rule
  126. option src 'wan'
  127. option dest 'lan'
  128. option dest_port '500'
  129. option proto 'udp'
  130. option target 'ACCEPT'
  131.  
  132. config include 'miniupnpd'
  133. option type 'script'
  134. option path '/usr/share/miniupnpd/firewall.include'
  135. option family 'any'
  136. option reload '1'
  137.  
  138. config zone
  139. option output 'ACCEPT'
  140. option name 'IPTV'
  141. option masq '1'
  142. option network 'IPTV'
  143. option input 'ACCEPT'
  144. option forward 'ACCEPT'
  145.  
  146. config rule
  147. option name 'Allow-DHCP-Renew-IPTV'
  148. option src 'IPTV'
  149. option proto 'udp'
  150. option dest_port '68'
  151. option target 'ACCEPT'
  152. option family 'ipv4'
  153.  
  154. config rule
  155. option name 'Allow-DHCPv6-IPTV'
  156. option src 'IPTV'
  157. option proto 'udp'
  158. option src_ip 'fe80::/10'
  159. option src_port '547'
  160. option dest_ip 'fe80::/10'
  161. option dest_port '546'
  162. option family 'ipv6'
  163. option target 'ACCEPT'
  164.  
  165. config rule
  166. option name 'Allow-Ping-IPTV'
  167. option src 'IPTV'
  168. option proto 'icmp'
  169. option icmp_type 'echo-request'
  170. option family 'ipv4'
  171. option target 'ACCEPT'
  172.  
  173. config rule
  174. option src 'IPTV'
  175. option proto 'igmp'
  176. option target 'ACCEPT'
  177.  
  178. config rule
  179. option src 'IPTV'
  180. option proto 'udp'
  181. option dest_ip '224.0.0.0/4'
  182. option target 'ACCEPT'
  183.  
  184. config forwarding
  185. option dest 'wan'
  186. option src 'IPTV'
  187.  
  188. config forwarding
  189. option dest 'wan'
  190. option src 'lan'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!