API tools faq
paste
Advertisement
jonathanholvey

firewall

jonathanholvey
Dec 12th, 2018
192
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.73 KB | None | 0 0
raw download clone embed print report
  1. config defaults
  2. option syn_flood '1'
  3. option input 'ACCEPT'
  4. option output 'ACCEPT'
  5. option forward 'REJECT'
  6.  
  7. config zone
  8. option name 'lan'
  9. option input 'ACCEPT'
  10. option output 'ACCEPT'
  11. option forward 'ACCEPT'
  12. option network 'lan'
  13.  
  14. config zone
  15. option name 'wan'
  16. option input 'REJECT'
  17. option output 'ACCEPT'
  18. option forward 'REJECT'
  19. option masq '1'
  20. option mtu_fix '1'
  21. option network 'wan wan6'
  22.  
  23. config forwarding
  24. option src 'lan'
  25. option dest 'wan'
  26.  
  27. config rule
  28. option name 'Allow-DHCP-Renew'
  29. option src 'wan'
  30. option proto 'udp'
  31. option dest_port '68'
  32. option target 'ACCEPT'
  33. option family 'ipv4'
  34.  
  35. config rule
  36. option name 'Allow-Ping'
  37. option src 'wan'
  38. option proto 'icmp'
  39. option icmp_type 'echo-request'
  40. option family 'ipv4'
  41. option target 'ACCEPT'
  42.  
  43. config rule
  44. option name 'Allow-IGMP'
  45. option src 'wan'
  46. option proto 'igmp'
  47. option family 'ipv4'
  48. option target 'ACCEPT'
  49.  
  50. config rule
  51. option name 'Allow-DHCPv6'
  52. option src 'wan'
  53. option proto 'udp'
  54. option src_ip 'fc00::/6'
  55. option dest_ip 'fc00::/6'
  56. option dest_port '546'
  57. option family 'ipv6'
  58. option target 'ACCEPT'
  59.  
  60. config rule
  61. option name 'Allow-MLD'
  62. option src 'wan'
  63. option proto 'icmp'
  64. option src_ip 'fe80::/10'
  65. list icmp_type '130/0'
  66. list icmp_type '131/0'
  67. list icmp_type '132/0'
  68. list icmp_type '143/0'
  69. option family 'ipv6'
  70. option target 'ACCEPT'
  71.  
  72. config rule
  73. option name 'Allow-ICMPv6-Input'
  74. option src 'wan'
  75. option proto 'icmp'
  76. list icmp_type 'echo-request'
  77. list icmp_type 'echo-reply'
  78. list icmp_type 'destination-unreachable'
  79. list icmp_type 'packet-too-big'
  80. list icmp_type 'time-exceeded'
  81. list icmp_type 'bad-header'
  82. list icmp_type 'unknown-header-type'
  83. list icmp_type 'router-solicitation'
  84. list icmp_type 'neighbour-solicitation'
  85. list icmp_type 'router-advertisement'
  86. list icmp_type 'neighbour-advertisement'
  87. option limit '1000/sec'
  88. option family 'ipv6'
  89. option target 'ACCEPT'
  90.  
  91. config rule
  92. option name 'Allow-ICMPv6-Forward'
  93. option src 'wan'
  94. option dest '*'
  95. option proto 'icmp'
  96. list icmp_type 'echo-request'
  97. list icmp_type 'echo-reply'
  98. list icmp_type 'destination-unreachable'
  99. list icmp_type 'packet-too-big'
  100. list icmp_type 'time-exceeded'
  101. list icmp_type 'bad-header'
  102. list icmp_type 'unknown-header-type'
  103. option limit '1000/sec'
  104. option family 'ipv6'
  105. option target 'ACCEPT'
  106.  
  107. config rule
  108. option name 'Allow-IPSec-ESP'
  109. option src 'wan'
  110. option dest 'lan'
  111. option proto 'esp'
  112. option target 'ACCEPT'
  113.  
  114. config rule
  115. option name 'Allow-ISAKMP'
  116. option src 'wan'
  117. option dest 'lan'
  118. option dest_port '500'
  119. option proto 'udp'
  120. option target 'ACCEPT'
  121.  
  122. config include
  123. option path '/etc/firewall.user'
  124.  
  125. config zone
  126. option forward 'REJECT'
  127. option output 'ACCEPT'
  128. option input 'REJECT'
  129. option masq '1'
  130. option network 'vpnclient'
  131. option name 'vpnclient'
  132. option mtu_fix '1'
  133.  
  134. config forwarding
  135. option src 'lan'
  136. option dest 'vpnclient'
  137.  
  138. config redirect
  139. option target 'SNAT'
  140. option src 'lan'
  141. option dest 'wan'
  142. option proto 'all'
  143. option src_dip '172.21.30.5'
  144. option enabled '0'
  145. option name 'VPN Client Traffic'
  146.  
  147. config rule
  148. option target 'ACCEPT'
  149. option dest_port '1194'
  150. option name 'Allow-VPN-Server-Connections'
  151. option proto 'tcp udp'
  152. option src 'wan'
  153.  
  154. config zone
  155. option name 'vpnserver'
  156. option input 'ACCEPT'
  157. option output 'ACCEPT'
  158. option network 'vpnserver'
  159. option forward 'REJECT'
  160.  
  161. config forwarding
  162. option src 'vpnserver'
  163. option dest 'lan'
  164.  
  165. config forwarding
  166. option src 'lan'
  167. option dest 'vpnserver'
  168.  
  169. config redirect
  170. option target 'DNAT'
  171. option src 'vpnserver'
  172. option dest 'lan'
  173. option proto 'udp'
  174. option src_dport '9'
  175. option dest_port '9'
  176. option name 'WOL'
  177. option dest_ip '192.168.0.254'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!