Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall.@defaults[0]=defaults
- firewall.@defaults[0].syn_flood='1'
- firewall.@defaults[0].input='ACCEPT'
- firewall.@defaults[0].output='ACCEPT'
- firewall.@defaults[0].forward='REJECT'
- firewall.@zone[0]=zone
- firewall.@zone[0].name='lan'
- firewall.@zone[0].input='ACCEPT'
- firewall.@zone[0].output='ACCEPT'
- firewall.@zone[0].forward='ACCEPT'
- firewall.@zone[0].network='lan'
- firewall.@zone[1]=zone
- firewall.@zone[1].name='wan'
- firewall.@zone[1].input='REJECT'
- firewall.@zone[1].output='ACCEPT'
- firewall.@zone[1].forward='REJECT'
- firewall.@zone[1].masq='1'
- firewall.@zone[1].mtu_fix='1'
- firewall.@zone[1].network='wan'
- firewall.@forwarding[0]=forwarding
- firewall.@forwarding[0].src='lan'
- firewall.@forwarding[0].dest='wan'
- firewall.@rule[0]=rule
- firewall.@rule[0].name='Allow-DHCP-Renew'
- firewall.@rule[0].src='wan'
- firewall.@rule[0].proto='udp'
- firewall.@rule[0].dest_port='68'
- firewall.@rule[0].target='ACCEPT'
- firewall.@rule[0].family='ipv4'
- firewall.@rule[1]=rule
- firewall.@rule[1].name='Allow-Ping'
- firewall.@rule[1].src='wan'
- firewall.@rule[1].proto='icmp'
- firewall.@rule[1].icmp_type='echo-request'
- firewall.@rule[1].family='ipv4'
- firewall.@rule[1].target='ACCEPT'
- firewall.@rule[2]=rule
- firewall.@rule[2].name='Allow-IGMP'
- firewall.@rule[2].src='wan'
- firewall.@rule[2].proto='igmp'
- firewall.@rule[2].family='ipv4'
- firewall.@rule[2].target='ACCEPT'
- firewall.@rule[3]=rule
- firewall.@rule[3].name='Allow-DHCPv6'
- firewall.@rule[3].src='wan'
- firewall.@rule[3].proto='udp'
- firewall.@rule[3].src_ip='fc00::/6'
- firewall.@rule[3].dest_ip='fc00::/6'
- firewall.@rule[3].dest_port='546'
- firewall.@rule[3].family='ipv6'
- firewall.@rule[3].target='ACCEPT'
- firewall.@rule[4]=rule
- firewall.@rule[4].name='Allow-MLD'
- firewall.@rule[4].src='wan'
- firewall.@rule[4].proto='icmp'
- firewall.@rule[4].src_ip='fe80::/10'
- firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
- firewall.@rule[4].family='ipv6'
- firewall.@rule[4].target='ACCEPT'
- firewall.@rule[5]=rule
- firewall.@rule[5].name='Allow-ICMPv6-Input'
- firewall.@rule[5].src='wan'
- firewall.@rule[5].proto='icmp'
- firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-so licitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertise ment'
- firewall.@rule[5].limit='1000/sec'
- firewall.@rule[5].family='ipv6'
- firewall.@rule[5].target='ACCEPT'
- firewall.@rule[6]=rule
- firewall.@rule[6].name='Allow-ICMPv6-Forward'
- firewall.@rule[6].src='wan'
- firewall.@rule[6].dest='*'
- firewall.@rule[6].proto='icmp'
- firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
- firewall.@rule[6].limit='1000/sec'
- firewall.@rule[6].family='ipv6'
- firewall.@rule[6].target='ACCEPT'
- firewall.@rule[7]=rule
- firewall.@rule[7].name='Allow-IPSec-ESP'
- firewall.@rule[7].src='wan'
- firewall.@rule[7].dest='lan'
- firewall.@rule[7].proto='esp'
- firewall.@rule[7].target='ACCEPT'
- firewall.@rule[8]=rule
- firewall.@rule[8].name='Allow-ISAKMP'
- firewall.@rule[8].src='wan'
- firewall.@rule[8].dest='lan'
- firewall.@rule[8].dest_port='500'
- firewall.@rule[8].proto='udp'
- firewall.@rule[8].target='ACCEPT'
- firewall.@include[0]=include
- firewall.@include[0].path='/etc/firewall.user'
- firewall.@zone[2]=zone
- firewall.@zone[2].name='guest'
- firewall.@zone[2].input='REJECT'
- firewall.@zone[2].output='ACCEPT'
- firewall.@zone[2].forward='REJECT'
- firewall.@zone[2].network='guest'
- firewall.@forwarding[1]=forwarding
- firewall.@forwarding[1].src='guest'
- firewall.@forwarding[1].dest='wan'
- firewall.@rule[9]=rule
- firewall.@rule[9].src='guest'
- firewall.@rule[9].proto='udp'
- firewall.@rule[9].src_port='67-68'
- firewall.@rule[9].dest_port='67-68'
- firewall.@rule[9].target='ACCEPT'
- firewall.@rule[9].family='ipv4'
- firewall.@rule[10]=rule
- firewall.@rule[10].src='guest'
- firewall.@rule[10].dest_port='53'
- firewall.@rule[10].target='ACCEPT'
- firewall.@rule[10].family='ipv4'
- firewall.@rule[10].proto='tcpudp'
- firewall.@rule[11]=rule
- firewall.@rule[11].dest='lan'
- firewall.@rule[11].src='wan'
- firewall.@rule[11].target='ACCEPT'
- firewall.@zone[3]=zone
- firewall.@zone[3].network='IOT'
- firewall.@zone[3].input='REJECT'
- firewall.@zone[3].forward='REJECT'
- firewall.@zone[3].name='iot'
- firewall.@zone[3].output='ACCEPT'
- firewall.@rule[12]=rule
- firewall.@rule[12].proto='udp'
- firewall.@rule[12].src_port='67-68'
- firewall.@rule[12].dest_port='67-68'
- firewall.@rule[12].target='ACCEPT'
- firewall.@rule[12].family='ipv4'
- firewall.@rule[12].src='iot'
- firewall.@rule[13]=rule
- firewall.@rule[13].dest_port='53'
- firewall.@rule[13].target='ACCEPT'
- firewall.@rule[13].family='ipv4'
- firewall.@rule[13].proto='tcpudp'
- firewall.@rule[13].src='iot'
- firewall.@rule[14]=rule
- firewall.@rule[14].target='ACCEPT'
- firewall.@rule[14].src='iot'
- firewall.@rule[14].dest_ip='192.168.2.209'
- firewall.@rule[14].family='ipv4'
- firewall.@rule[15]=rule
- firewall.@rule[15].dest='iot'
- firewall.@rule[15].target='ACCEPT'
- firewall.@rule[15].family='ipv4'
- firewall.@rule[15].src_ip='192.168.2.209'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement