API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 2nd, 2014
184
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.15 KB | None | 0 0
raw download clone embed print report
  1. config defaults
  2. option syn_flood '1'
  3. option input 'ACCEPT'
  4. option output 'ACCEPT'
  5. option forward 'REJECT'
  6.  
  7. config zone
  8. option name 'lan'
  9. option network 'lan'
  10. option input 'ACCEPT'
  11. option output 'ACCEPT'
  12. option forward 'REJECT'
  13.  
  14. config zone
  15. option name 'wan'
  16. option network 'wan'
  17. option input 'DROP'
  18. option output 'ACCEPT'
  19. option forward 'REJECT'
  20. option masq '1'
  21. option mtu_fix '1'
  22.  
  23. config forwarding
  24. option src 'lan'
  25. option dest 'wan'
  26.  
  27. config rule
  28. option src 'wan'
  29. option proto 'udp'
  30. option dest_port '68'
  31. option target 'ACCEPT'
  32. option family 'ipv4'
  33.  
  34. config rule
  35. option src 'wan'
  36. option proto 'icmp'
  37. option icmp_type 'echo-request'
  38. option family 'ipv4'
  39. option target 'ACCEPT'
  40.  
  41. config rule
  42. option src 'wan'
  43. option proto 'udp'
  44. option src_ip 'fe80::/10'
  45. option src_port '547'
  46. option dest_ip 'fe80::/10'
  47. option dest_port '546'
  48. option family 'ipv6'
  49. option target 'ACCEPT'
  50.  
  51. config rule
  52. option src 'wan'
  53. option proto 'icmp'
  54. list icmp_type 'echo-request'
  55. list icmp_type 'destination-unreachable'
  56. list icmp_type 'packet-too-big'
  57. list icmp_type 'time-exceeded'
  58. list icmp_type 'bad-header'
  59. list icmp_type 'unknown-header-type'
  60. option limit '1000/sec'
  61. option family 'ipv6'
  62. option target 'ACCEPT'
  63.  
  64. config rule
  65. option name 'Enforce-ULA-Border-Src'
  66. option src '*'
  67. option dest 'wan'
  68. option proto 'all'
  69. option src_ip 'fc00::/7'
  70. option family 'ipv6'
  71. option target 'REJECT'
  72.  
  73. config rule
  74. option name 'Enforce-ULA-Border-Dest'
  75. option src '*'
  76. option dest 'wan'
  77. option proto 'all'
  78. option dest_ip 'fc00::/7'
  79. option family 'ipv6'
  80. option target 'REJECT'
  81.  
  82. config include
  83. option path '/etc/firewall.user'
  84.  
  85. config rule
  86. option target 'ACCEPT'
  87. option _name 'ssh_WAN'
  88. option src 'wan'
  89. option proto 'tcp'
  90. option dest_ip '192.168.1.1'
  91. option dest_port '22'
  92.  
  93. config rule
  94. option target 'ACCEPT'
  95. option _name 'ftp_WAN'
  96. option src 'wan'
  97. option proto 'tcp'
  98. option dest_ip '192.168.1.1'
  99. option dest_port '21'
  100.  
  101.  
  102. config rule
  103. option target 'ACCEPT'
  104. option _name 'Luci_HTTPS'
  105. option src 'wan'
  106. option proto 'tcp'
  107. option dest_port '443'
  108.  
  109. config rule
  110. option src 'lan'
  111. option name 'block_internet_access_IP'
  112. option src_ip '192.168.1.181'
  113. option target 'DROP'
  114. option dest 'wan'
  115. option extra '-m time --weekdays Mon,Tue,Wed,Thu,Fri --timestart 10:00 --timestop 22:00'
  116. option enabled '0'
  117.  
  118. config include 'miniupnpd'
  119. option type 'script'
  120. option path '/usr/share/miniupnpd/firewall.include'
  121. option family 'IPv4'
  122. option reload '1'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!