API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 3rd, 2013
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.86 KB | None | 0 0
raw download clone embed print report
  1. /etc/config/network
  2. config interface 'loopback'
  3. option ifname 'lo'
  4. option proto 'static'
  5. option ipaddr '127.0.0.1'
  6. option netmask '255.0.0.0'
  7.  
  8. config interface 'lan'
  9. option ifname 'eth0.1'
  10. option type 'bridge'
  11. option proto 'static'
  12. option ipaddr '192.168.1.11'
  13. option netmask '255.255.255.0'
  14. option macaddr 'c4:93:00:00:13:dc'
  15. option gateway '192.168.1.1'
  16.  
  17. config interface wifi
  18. option 'proto' 'static'
  19. option 'ipaddr' '192.168.2.1'
  20. option 'netmask' '255.255.255.0'
  21.  
  22. /etc/config/wireless
  23. config 'wifi-device' 'radio0'
  24. option 'type' 'mac80211'
  25. option 'macaddr' 'c4:93:00:00:13:de'
  26. option 'hwmode' '11ng'
  27. option 'htmode' 'HT20'
  28. list 'ht_capab' 'GF'
  29. list 'ht_capab' 'SHORT-GI-20'
  30. list 'ht_capab' 'SHORT-GI-40'
  31. list 'ht_capab' 'RX-STBC1'
  32. option 'txpower' '10'
  33. option 'channel' '11'
  34.  
  35. config 'wifi-iface'
  36. option 'device' 'radio0'
  37. option 'network' 'wifi'
  38. option 'mode' 'ap'
  39. option 'ssid' 'OpenWrt'
  40. option 'encryption' 'none'
  41.  
  42. /etc/config/dhcp
  43. config dnsmasq
  44. option domainneeded 1
  45. option boguspriv 1
  46. option filterwin2k 0 # enable for dial on demand
  47. option localise_queries 1
  48. option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
  49. option rebind_localhost 1 # enable for RBL checking and similar services
  50. #list rebind_domain example.lan # whitelist RFC1918 responses for domains
  51. option local '/lan/'
  52. option domain 'lan'
  53. option expandhosts 1
  54. option nonegcache 0
  55. option authoritative 1
  56. option readethers 1
  57. option leasefile '/tmp/dhcp.leases'
  58. option resolvfile '/tmp/resolv.conf.auto'
  59. #list server '/mycompany.local/1.2.3.4'
  60. #option nonwildcard 1
  61. #list interface br-lan
  62. #list notinterface lo
  63. #list bogusnxdomain '64.94.110.11'
  64.  
  65. config dhcp lan
  66. option interface lan
  67. option start 100
  68. option limit 150
  69. option leasetime 12h
  70. config dhcp wan
  71. option interface wan
  72. option ignore 1
  73.  
  74. config 'dhcp' 'wifi'
  75. option 'interface' 'wifi'
  76. option 'start' '100'
  77. option 'limit' '150'
  78. option 'leasetime' '12h'
  79.  
  80. /etc/config/firewall
  81. config defaults
  82. option syn_flood '1'
  83. option input 'ACCEPT'
  84. option output 'ACCEPT'
  85. option forward 'ACCEPT'
  86.  
  87. config zone
  88. option name 'lan'
  89. option network 'lan'
  90. option input 'ACCEPT'
  91. option output 'ACCEPT'
  92. option forward 'ACCEPT'
  93. # option masq '1'
  94. # option mtu_fix '1'
  95.  
  96. config zone
  97. option name 'wifi'
  98. option input 'ACCEPT'
  99. option output 'ACCEPT'
  100. option forward 'ACCEPT'
  101. option masq '1'
  102. option mtu_fix '1'
  103.  
  104.  
  105. config forwarding
  106. option src 'wifi'
  107. option dest 'lan'
  108.  
  109. config forwarding
  110. option src 'lan'
  111. option dest 'wifi'
  112.  
  113. config rule
  114. option name 'Allow-DHCP-Renew'
  115. option src 'lan'
  116. option proto 'udp'
  117. option dest_port '68'
  118. option target 'ACCEPT'
  119. option family 'ipv4'
  120.  
  121. config rule
  122. option name 'Allow-Ping'
  123. option src 'lan'
  124. option proto 'icmp'
  125. option icmp_type 'echo-request'
  126. option family 'ipv4'
  127. option target 'ACCEPT'
  128.  
  129. config rule
  130. option name 'Allow-DHCPv6'
  131. option src 'lan'
  132. option proto 'udp'
  133. option src_ip 'fe80::/10'
  134. option src_port '547'
  135. option dest_ip 'fe80::/10'
  136. option dest_port '546'
  137. option family 'ipv6'
  138. option target 'ACCEPT'
  139.  
  140. config rule
  141. option name 'Allow-ICMPv6-Input'
  142. option src 'lan'
  143. option proto 'icmp'
  144. list icmp_type 'echo-request'
  145. list icmp_type 'echo-reply'
  146. list icmp_type 'destination-unreachable'
  147. list icmp_type 'packet-too-big'
  148. list icmp_type 'time-exceeded'
  149. list icmp_type 'bad-header'
  150. list icmp_type 'unknown-header-type'
  151. list icmp_type 'router-solicitation'
  152. list icmp_type 'neighbour-solicitation'
  153. option limit '1000/sec'
  154. option family 'ipv6'
  155. option target 'ACCEPT'
  156.  
  157. config rule
  158. option name 'Allow-ICMPv6-Forward'
  159. option src 'lan'
  160. option dest '*'
  161. option proto 'icmp'
  162. list icmp_type 'echo-request'
  163. list icmp_type 'echo-reply'
  164. list icmp_type 'destination-unreachable'
  165. list icmp_type 'packet-too-big'
  166. list icmp_type 'time-exceeded'
  167. list icmp_type 'bad-header'
  168. list icmp_type 'unknown-header-type'
  169. option limit '1000/sec'
  170. option family 'ipv6'
  171. option target 'ACCEPT'
  172.  
  173. config rule
  174. option src 'wifi'
  175. option dest_port '53'
  176. option proto 'tcpudp'
  177. option target 'ACCEPT'
  178.  
  179. config rule
  180. option src 'wifi'
  181. option src_port '67-68'
  182. option dest_port '67-68'
  183. option proto 'udp'
  184. option target 'ACCEPT'
  185.  
  186. config include
  187. option path '/etc/firewall.user'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!