Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package 'firewall'
- config 'defaults'
- option 'syn_flood' '1'
- option 'input' 'ACCEPT'
- option 'output' 'ACCEPT'
- option 'forward' 'REJECT'
- option 'drop_invalid' '1'
- config 'zone'
- option 'name' 'lan'
- option 'network' 'lan'
- option 'input' 'ACCEPT'
- option 'output' 'ACCEPT'
- option 'forward' 'REJECT'
- config 'zone'
- option 'name' 'wan'
- option 'network' 'wan'
- option 'input' 'REJECT'
- option 'output' 'ACCEPT'
- option 'forward' 'REJECT'
- option 'masq' '1'
- option 'mtu_fix' '1'
- config 'forwarding'
- option 'src' 'lan'
- option 'dest' 'wan'
- config 'rule'
- option 'name' 'Allow-DHCP-Renew'
- option 'src' 'wan'
- option 'proto' 'udp'
- option 'dest_port' '68'
- option 'target' 'ACCEPT'
- option 'family' 'ipv4'
- config 'rule'
- option 'name' 'Allow-Ping'
- option 'src' 'wan'
- option 'proto' 'icmp'
- option 'icmp_type' 'echo-request'
- option 'family' 'ipv4'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'name' 'Allow-DHCPv6'
- option 'src' 'wan'
- option 'proto' 'udp'
- option 'src_ip' 'fe80::/10'
- option 'src_port' '547'
- option 'dest_ip' 'fe80::/10'
- option 'dest_port' '546'
- option 'family' 'ipv6'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'name' 'Allow-ICMPv6-Input'
- option 'src' 'wan'
- option 'proto' 'icmp'
- list 'icmp_type' 'echo-request'
- list 'icmp_type' 'destination-unreachable'
- list 'icmp_type' 'packet-too-big'
- list 'icmp_type' 'time-exceeded'
- list 'icmp_type' 'bad-header'
- list 'icmp_type' 'unknown-header-type'
- list 'icmp_type' 'router-solicitation'
- list 'icmp_type' 'neighbour-solicitation'
- option 'limit' '1000/sec'
- option 'family' 'ipv6'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'name' 'Allow-ICMPv6-Forward'
- option 'src' 'wan'
- option 'dest' '*'
- option 'proto' 'icmp'
- list 'icmp_type' 'echo-request'
- list 'icmp_type' 'destination-unreachable'
- list 'icmp_type' 'packet-too-big'
- list 'icmp_type' 'time-exceeded'
- list 'icmp_type' 'bad-header'
- list 'icmp_type' 'unknown-header-type'
- option 'limit' '1000/sec'
- option 'family' 'ipv6'
- option 'target' 'ACCEPT'
- config 'include'
- option 'path' '/etc/firewall.user'
- config 'redirect'
- option '_name' 'AnsibleStorage SSH'
- option 'src' 'wan'
- option 'proto' 'tcp'
- option 'src_dport' '22'
- option 'dest_ip' '172.16.1.150'
- option 'dest_port' '22'
- option 'target' 'DNAT'
- option 'dest' 'lan'
- config 'redirect'
- option 'src' 'wan'
- option 'proto' 'udp'
- option 'dest_ip' '172.16.1.152'
- option 'target' 'DNAT'
- option 'dest' 'lan'
- option '_name' 'AnsibleThreshold OpenVPN 1'
- option 'src_dport' '1294'
- option 'dest_port' '1294'
- config 'rule'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'target' 'ACCEPT'
- config 'rule'
- option 'target' 'ACCEPT'
Add Comment
Please, Sign In to add comment