API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 25th, 2014
206
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.34 KB | None | 0 0
raw download clone embed print report
  1. cat /etc/config/firewall
  2.  
  3. config defaults
  4. option syn_flood '1'
  5. option input 'ACCEPT'
  6. option output 'ACCEPT'
  7. option forward 'REJECT'
  8.  
  9. config zone
  10. option name 'lan'
  11. option network 'lan'
  12. option input 'ACCEPT'
  13. option output 'ACCEPT'
  14. option forward 'REJECT'
  15.  
  16. config zone
  17. option name 'wan'
  18. option network 'wan'
  19. option input 'REJECT'
  20. option output 'ACCEPT'
  21. option forward 'REJECT'
  22. option masq '1'
  23. option mtu_fix '1'
  24.  
  25. config forwarding
  26. option src 'lan'
  27. option dest 'wan'
  28.  
  29. config rule
  30. option name 'Allow-DHCP-Renew'
  31. option src 'wan'
  32. option proto 'udp'
  33. option dest_port '68'
  34. option target 'ACCEPT'
  35. option family 'ipv4'
  36.  
  37. config rule
  38. option name 'Allow-Ping'
  39. option src 'wan'
  40. option proto 'icmp'
  41. option icmp_type 'echo-request'
  42. option family 'ipv4'
  43. option target 'ACCEPT'
  44.  
  45. config rule
  46. option name 'Allow-DHCPv6'
  47. option src 'wan'
  48. option proto 'udp'
  49. option src_ip 'fe80::/10'
  50. option src_port '547'
  51. option dest_ip 'fe80::/10'
  52. option dest_port '546'
  53. option family 'ipv6'
  54. option target 'ACCEPT'
  55.  
  56. config rule
  57. option name 'Allow-ICMPv6-Input'
  58. option src 'wan'
  59. option proto 'icmp'
  60. list icmp_type 'echo-request'
  61. list icmp_type 'echo-reply'
  62. list icmp_type 'destination-unreachable'
  63. list icmp_type 'packet-too-big'
  64. list icmp_type 'time-exceeded'
  65. list icmp_type 'bad-header'
  66. list icmp_type 'unknown-header-type'
  67. list icmp_type 'router-solicitation'
  68. list icmp_type 'neighbour-solicitation'
  69. list icmp_type 'router-advertisement'
  70. list icmp_type 'neighbour-advertisement'
  71. option limit '1000/sec'
  72. option family 'ipv6'
  73. option target 'ACCEPT'
  74.  
  75. config rule
  76. option name 'Allow-ICMPv6-Forward'
  77. option src 'wan'
  78. option dest '*'
  79. option proto 'icmp'
  80. list icmp_type 'echo-request'
  81. list icmp_type 'echo-reply'
  82. list icmp_type 'destination-unreachable'
  83. list icmp_type 'packet-too-big'
  84. list icmp_type 'time-exceeded'
  85. list icmp_type 'bad-header'
  86. list icmp_type 'unknown-header-type'
  87. option limit '1000/sec'
  88. option family 'ipv6'
  89. option target 'ACCEPT'
  90.  
  91. config include
  92. option path '/etc/firewall.user'
  93.  
  94. config rule
  95. option name 'Allow-OpenVPN-Inbound'
  96. option target 'ACCEPT'
  97. option src '*'
  98. option proto 'udp'
  99. option dest_port '3333'
  100.  
  101. config zone
  102. option name 'vpn'
  103. option input 'ACCEPT'
  104. option forward 'ACCEPT'
  105. option output 'ACCEPT'
  106. option network 'vpn0'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!