daily pastebin goal
28%
SHARE
TWEET

Untitled

a guest Oct 18th, 2018 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. config 'defaults'
  3.     option 'syn_flood' '1'
  4.     option 'input' 'ACCEPT'
  5.     option 'output' 'ACCEPT'
  6.     option 'forward' 'REJECT'
  7.     option 'drop_invalid' '1'
  8.  
  9. config 'zone'
  10.     option 'name' 'lan'
  11.     option 'input' 'ACCEPT'
  12.     option 'output' 'ACCEPT'
  13.     option 'forward' 'REJECT'
  14.     option 'network' 'lan'
  15.  
  16. config 'zone'
  17.     option 'name' 'dn42'
  18.     option 'input' 'ACCEPT'
  19.     option 'output' 'ACCEPT'
  20.     option 'forward' 'ACCEPT'
  21.     list 'masq_src' '192.168.19.0/24'
  22.     option 'masq' '1'
  23.     option 'network' 'dn42_siska dn42_crest'
  24.  
  25. config 'rule'
  26.     option 'name' 'Allow-DHCP-Renew'
  27.     option 'src' 'wan'
  28.     option 'proto' 'udp'
  29.     option 'dest_port' '68'
  30.     option 'target' 'ACCEPT'
  31.     option 'family' 'ipv4'
  32.  
  33. config 'rule'
  34.     option 'name' 'Allow-Ping'
  35.     option 'src' 'wan'
  36.     option 'proto' 'icmp'
  37.     option 'icmp_type' 'echo-request'
  38.     option 'family' 'ipv4'
  39.     option 'target' 'ACCEPT'
  40.  
  41. config 'rule'
  42.     option 'name' 'Allow-DHCPv6'
  43.     option 'src' 'wan'
  44.     option 'proto' 'udp'
  45.     option 'src_ip' 'fe80::/10'
  46.     option 'src_port' '547'
  47.     option 'dest_ip' 'fe80::/10'
  48.     option 'dest_port' '546'
  49.     option 'family' 'ipv6'
  50.     option 'target' 'ACCEPT'
  51.  
  52. config 'rule'
  53.     option 'name' 'Allow-ICMPv6-Input'
  54.     option 'src' 'wan'
  55.     option 'proto' 'icmp'
  56.     list 'icmp_type' 'echo-request'
  57.     list 'icmp_type' 'destination-unreachable'
  58.     list 'icmp_type' 'packet-too-big'
  59.     list 'icmp_type' 'time-exceeded'
  60.     list 'icmp_type' 'bad-header'
  61.     list 'icmp_type' 'unknown-header-type'
  62.     list 'icmp_type' 'router-solicitation'
  63.     list 'icmp_type' 'neighbour-solicitation'
  64.     option 'limit' '1000/sec'
  65.     option 'family' 'ipv6'
  66.     option 'target' 'ACCEPT'
  67.  
  68. config 'rule'
  69.     option 'name' 'Allow-ICMPv6-Forward'
  70.     option 'src' 'wan'
  71.     option 'dest' '*'
  72.     option 'proto' 'icmp'
  73.     list 'icmp_type' 'echo-request'
  74.     list 'icmp_type' 'destination-unreachable'
  75.     list 'icmp_type' 'packet-too-big'
  76.     list 'icmp_type' 'time-exceeded'
  77.     list 'icmp_type' 'bad-header'
  78.     list 'icmp_type' 'unknown-header-type'
  79.     option 'limit' '1000/sec'
  80.     option 'family' 'ipv6'
  81.     option 'target' 'ACCEPT'
  82.  
  83. config 'include'
  84.     option 'path' '/etc/firewall.user'
  85.  
  86. config 'rule'
  87.     option 'target' 'ACCEPT'
  88.     option '_name' 'OpenVPN'
  89.     option 'src' 'wan'
  90.     option 'proto' 'tcpudp'
  91.     option 'dest_port' '1194'
  92.  
  93. config 'rule'
  94.     option 'target' 'ACCEPT'
  95.     option '_name' 'BGP'
  96.     option 'src' 'wan'
  97.     option 'proto' 'tcp'
  98.     option 'dest_ip' '172.23.192.1'
  99.     option 'dest_port' '179'
  100.  
  101. config 'rule'
  102.     option 'target' 'ACCEPT'
  103.     option '_name' 'BitTorrent'
  104.     option 'src' 'wan'
  105.     option 'proto' 'tcpudp'
  106.     option 'dest_port' '51413'
  107.  
  108. config 'rule'
  109.     option 'target' 'ACCEPT'
  110.     option '_name' 'IPerf'
  111.     option 'src' 'wan'
  112.     option 'proto' 'tcpudp'
  113.     option 'dest_port' '5001'
  114.  
  115. config 'zone'
  116.     option 'name' 'lsd'
  117.     option 'input' 'ACCEPT'
  118.     option 'forward' 'REJECT'
  119.     option 'output' 'ACCEPT'
  120.     option 'network' 'lsd'
  121.  
  122. config 'forwarding'
  123.     option 'dest' 'dn42'
  124.     option 'src' 'lan'
  125.  
  126. config 'forwarding'
  127.     option 'dest' 'dn42'
  128.     option 'src' 'lsd'
  129.  
  130. config 'forwarding'
  131.     option 'dest' 'lsd'
  132.     option 'src' 'lan'
  133.  
  134. config 'forwarding'
  135.     option 'dest' 'lan'
  136.     option 'src' 'lsd'
  137.  
  138. config 'forwarding'
  139.     option 'dest' 'wan'
  140.     option 'src' 'lan'
  141.  
  142. config 'forwarding'
  143.     option 'dest' 'wan'
  144.     option 'src' 'lsd'
  145.  
  146. config 'redirect'
  147.     option 'target' 'DNAT'
  148.     option 'src' 'wan'
  149.     option 'dest' 'lan'
  150.     option 'proto' 'tcp udp'
  151.     option 'src_dport' '5060'
  152.     option 'dest_ip' '192.168.19.2'
  153.     option 'dest_port' '5060'
  154.     option 'name' 'VoIP-SIP'
  155.  
  156. config 'redirect'
  157.     option 'target' 'DNAT'
  158.     option 'src' 'wan'
  159.     option 'dest' 'lan'
  160.     option 'proto' 'tcp udp'
  161.     option 'src_dport' '5004'
  162.     option 'dest_ip' '192.168.19.2'
  163.     option 'dest_port' '5004'
  164.     option 'name' 'VoIP-RTP'
  165.  
  166. config 'rule'
  167.     option 'target' 'ACCEPT'
  168.     option 'name' '6to4'
  169.     option 'src' 'wan'
  170.     option 'proto' '41'
  171.     option '_name' '6in4-in'
  172.  
  173. config 'zone'
  174.     option 'name' 'wan'
  175.     option 'input' 'ACCEPT'
  176.     option 'forward' 'REJECT'
  177.     option 'output' 'ACCEPT'
  178.     option 'masq' '1'
  179.     option 'network' 'he6 wan'
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top