Firewall Rules

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-name WANv6_IN {
5. default-action drop
6. description "WAN inbound traffic forwarded to LAN"
7. enable-default-log
8. rule 10 {
9. action accept
10. description "Allow established/related sessions"
11. state {
12. established enable
13. related enable
14. }
15. }
16. rule 20 {
17. action drop
18. description "Drop invalid state"
19. state {
20. invalid enable
21. }
22. }
23. }
24. ipv6-name WANv6_LOCAL {
25. default-action drop
26. description "WAN inbound traffic to the router"
27. enable-default-log
28. rule 10 {
29. action accept
30. description "Allow established/related sessions"
31. state {
32. established enable
33. related enable
34. }
35. }
36. rule 20 {
37. action drop
38. description "Drop invalid state"
39. state {
40. invalid enable
41. }
42. }
43. rule 30 {
44. action accept
45. description "Allow IPv6 icmp"
46. protocol ipv6-icmp
47. }
48. rule 40 {
49. action accept
50. description "allow dhcpv6"
51. destination {
52. port 546
53. }
54. protocol udp
55. source {
56. port 547
57. }
58. }
59. }
60. ipv6-receive-redirects disable
61. ipv6-src-route disable
62. ip-src-route disable
63. log-martians enable
64. name WAN_IN {
65. default-action drop
66. description "WAN to internal"
67. rule 10 {
68. action accept
69. description "Allow established/related"
70. state {
71. established enable
72. related enable
73. }
74. }
75. rule 20 {
76. action drop
77. description "Drop invalid state"
78. state {
79. invalid enable
80. }
81. }
82. }
83. name WAN_LOCAL {
84. default-action drop
85. description "WAN to router"
86. rule 10 {
87. action accept
88. description "Allow established/related"
89. state {
90. established enable
91. related enable
92. }
93. }
94. rule 20 {
95. action drop
96. description "Drop invalid state"
97. state {
98. invalid enable
99. }
100. }
101. }
102. receive-redirects disable
103. send-redirects enable
104. source-validation disable
105. syn-cookies enable
106. }