Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /etc/config/network
- config interface 'loopback'
- option ifname 'lo'
- option proto 'static'
- option ipaddr '127.0.0.1'
- option netmask '255.0.0.0'
- config interface 'lan'
- option ifname 'eth0.1'
- option type 'bridge'
- option proto 'static'
- option ipaddr '192.168.1.11'
- option netmask '255.255.255.0'
- option macaddr 'c4:93:00:00:13:dc'
- option gateway '192.168.1.1'
- config interface wifi
- option 'proto' 'static'
- option 'ipaddr' '192.168.2.1'
- option 'netmask' '255.255.255.0'
- /etc/config/wireless
- config 'wifi-device' 'radio0'
- option 'type' 'mac80211'
- option 'macaddr' 'c4:93:00:00:13:de'
- option 'hwmode' '11ng'
- option 'htmode' 'HT20'
- list 'ht_capab' 'GF'
- list 'ht_capab' 'SHORT-GI-20'
- list 'ht_capab' 'SHORT-GI-40'
- list 'ht_capab' 'RX-STBC1'
- option 'txpower' '10'
- option 'channel' '11'
- config 'wifi-iface'
- option 'device' 'radio0'
- option 'network' 'wifi'
- option 'mode' 'ap'
- option 'ssid' 'OpenWrt'
- option 'encryption' 'none'
- /etc/config/dhcp
- config dnsmasq
- option domainneeded 1
- option boguspriv 1
- option filterwin2k 0 # enable for dial on demand
- option localise_queries 1
- option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
- option rebind_localhost 1 # enable for RBL checking and similar services
- #list rebind_domain example.lan # whitelist RFC1918 responses for domains
- option local '/lan/'
- option domain 'lan'
- option expandhosts 1
- option nonegcache 0
- option authoritative 1
- option readethers 1
- option leasefile '/tmp/dhcp.leases'
- option resolvfile '/tmp/resolv.conf.auto'
- #list server '/mycompany.local/1.2.3.4'
- #option nonwildcard 1
- #list interface br-lan
- #list notinterface lo
- #list bogusnxdomain '64.94.110.11'
- config dhcp lan
- option interface lan
- option start 100
- option limit 150
- option leasetime 12h
- config dhcp wan
- option interface wan
- option ignore 1
- config 'dhcp' 'wifi'
- option 'interface' 'wifi'
- option 'start' '100'
- option 'limit' '150'
- option 'leasetime' '12h'
- /etc/config/firewall
- config defaults
- option syn_flood '1'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'ACCEPT'
- config zone
- option name 'lan'
- option network 'lan'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'ACCEPT'
- # option masq '1'
- # option mtu_fix '1'
- config zone
- option name 'wifi'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'ACCEPT'
- option masq '1'
- option mtu_fix '1'
- config forwarding
- option src 'wifi'
- option dest 'lan'
- config forwarding
- option src 'lan'
- option dest 'wifi'
- config rule
- option name 'Allow-DHCP-Renew'
- option src 'lan'
- option proto 'udp'
- option dest_port '68'
- option target 'ACCEPT'
- option family 'ipv4'
- config rule
- option name 'Allow-Ping'
- option src 'lan'
- option proto 'icmp'
- option icmp_type 'echo-request'
- option family 'ipv4'
- option target 'ACCEPT'
- config rule
- option name 'Allow-DHCPv6'
- option src 'lan'
- option proto 'udp'
- option src_ip 'fe80::/10'
- option src_port '547'
- option dest_ip 'fe80::/10'
- option dest_port '546'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option name 'Allow-ICMPv6-Input'
- option src 'lan'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- list icmp_type 'router-solicitation'
- list icmp_type 'neighbour-solicitation'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option name 'Allow-ICMPv6-Forward'
- option src 'lan'
- option dest '*'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
- config rule
- option src 'wifi'
- option dest_port '53'
- option proto 'tcpudp'
- option target 'ACCEPT'
- config rule
- option src 'wifi'
- option src_port '67-68'
- option dest_port '67-68'
- option proto 'udp'
- option target 'ACCEPT'
- config include
- option path '/etc/firewall.user'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement