Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-name WANv6_IN {
- default-action drop
- description "WAN inbound traffic forwarded to LAN"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related sessions"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- ipv6-name WANv6_LOCAL {
- default-action drop
- description "WAN inbound traffic to the router"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related sessions"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 30 {
- action accept
- description "Allow IPv6 icmp"
- protocol ipv6-icmp
- }
- rule 40 {
- action accept
- description "allow dhcpv6"
- destination {
- port 546
- }
- protocol udp
- source {
- port 547
- }
- }
- }
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement