API tools faq
paste
Guest User

openwrt configs

a guest
Aug 17th, 2018
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.13 KB | None | 0 0
raw download clone embed print report
  1. /etc/config/network
  2. ==========================
  3.  
  4. config interface 'loopback'
  5. option ifname 'lo'
  6. option proto 'static'
  7. option ipaddr '127.0.0.1'
  8. option netmask '255.0.0.0'
  9.  
  10. config interface 'wan_pptp'
  11. option proto 'none'
  12.  
  13. config interface 'wan_l2tp'
  14. option proto 'none'
  15.  
  16. config interface 'wan_pppoe'
  17. option proto 'none'
  18. option ifname 'eth1'
  19.  
  20. config interface 'wan'
  21. option proto 'dhcp'
  22. option ifname 'eth1 eth0.1'
  23. option type 'bridge'
  24. option hostname 'ICX1'
  25.  
  26. config interface 'wan6'
  27. option proto 'dhcpv6'
  28. option ifname '@wan'
  29. option hostname 'ICX1'
  30.  
  31. config switch
  32. option name 'switch0'
  33. option enable_vlan '1'
  34. option reset '1'
  35.  
  36. config switch_vlan
  37. option vlan '1'
  38. option device 'switch0'
  39. option ports '0 1t 2 3 4 5 6'
  40.  
  41.  
  42. /etc/config/firewall
  43. =======================
  44. config defaults
  45. option syn_flood 1
  46. option input ACCEPT
  47. option output ACCEPT
  48. option forward ACCEPT
  49. # Uncomment this line to disable ipv6 rules
  50. # option disable_ipv6 1
  51. option disabled 0
  52.  
  53. config zone
  54. option name lan
  55. list network 'lan'
  56. option input ACCEPT
  57. option output ACCEPT
  58. option forward ACCEPT
  59.  
  60. config zone
  61. option name wan
  62. list network 'wan'
  63. list network 'wan6'
  64. option input ACCEPT
  65. option output ACCEPT
  66. option forward ACCEPT
  67. option masq 1
  68. option mtu_fix 1
  69.  
  70. config forwarding
  71. option src lan
  72. option dest wan
  73.  
  74. # We need to accept udp packets on port 68,
  75. # see https://dev.openwrt.org/ticket/4108
  76. config rule
  77. option name Allow-DHCP-Renew
  78. option src wan
  79. option proto udp
  80. option dest_port 68
  81. option target ACCEPT
  82. option family ipv4
  83.  
  84. # Allow IPv4 ping
  85. config rule
  86. option name Allow-Ping
  87. option src wan
  88. option proto icmp
  89. option icmp_type echo-request
  90. option family ipv4
  91. option target ACCEPT
  92.  
  93. config rule
  94. option name Allow-IGMP
  95. option src wan
  96. option proto igmp
  97. option family ipv4
  98. option target ACCEPT
  99.  
  100. # Allow DHCPv6 replies
  101. # see https://dev.openwrt.org/ticket/10381
  102. config rule
  103. option name Allow-DHCPv6
  104. option src wan
  105. option proto udp
  106. option src_ip fe80::/10
  107. option src_port 547
  108. option dest_ip fe80::/10
  109. option dest_port 546
  110. option family ipv6
  111. option target ACCEPT
  112.  
  113. config rule
  114. option name Allow-MLD
  115. option src wan
  116. option proto icmp
  117. option src_ip fe80::/10
  118. list icmp_type '130/0'
  119. list icmp_type '131/0'
  120. list icmp_type '132/0'
  121. list icmp_type '143/0'
  122. option family ipv6
  123. option target ACCEPT
  124.  
  125. # Allow essential incoming IPv6 ICMP traffic
  126. config rule
  127. option name Allow-ICMPv6-Input
  128. option src wan
  129. option proto icmp
  130. list icmp_type echo-request
  131. list icmp_type echo-reply
  132. list icmp_type destination-unreachable
  133. list icmp_type packet-too-big
  134. list icmp_type time-exceeded
  135. list icmp_type bad-header
  136. list icmp_type unknown-header-type
  137. list icmp_type router-solicitation
  138. list icmp_type neighbour-solicitation
  139. list icmp_type router-advertisement
  140. list icmp_type neighbour-advertisement
  141. option limit 1000/sec
  142. option family ipv6
  143. option target ACCEPT
  144.  
  145. # Allow essential forwarded IPv6 ICMP traffic
  146. config rule
  147. option name Allow-ICMPv6-Forward
  148. option src wan
  149. option dest *
  150. option proto icmp
  151. list icmp_type echo-request
  152. list icmp_type echo-reply
  153. list icmp_type destination-unreachable
  154. list icmp_type packet-too-big
  155. list icmp_type time-exceeded
  156. list icmp_type bad-header
  157. list icmp_type unknown-header-type
  158. option limit 1000/sec
  159. option family ipv6
  160. option target ACCEPT
  161.  
  162. # include a file with users custom iptables rules
  163. config include
  164. option path /etc/firewall.user
  165.  
  166.  
  167. ### EXAMPLE CONFIG SECTIONS
  168. # do not allow a specific ip to access wan
  169. #config rule
  170. # option src lan
  171. # option src_ip 192.168.45.2
  172. # option dest wan
  173. # option proto tcp
  174. # option target REJECT
  175.  
  176. # block a specific mac on wan
  177. #config rule
  178. # option dest wan
  179. # option src_mac 00:11:22:33:44:66
  180. # option target REJECT
  181.  
  182. # block incoming ICMP traffic on a zone
  183. #config rule
  184. # option src lan
  185. # option proto ICMP
  186. # option target DROP
  187.  
  188. # port redirect port coming in on wan to lan
  189. #config redirect
  190. # option src wan
  191. # option src_dport 80
  192. # option dest lan
  193. # option dest_ip 192.168.16.235
  194. # option dest_port 80
  195. # option proto tcp
  196.  
  197. # port redirect of remapped ssh port (22001) on wan
  198. #config redirect
  199. # option src wan
  200. # option src_dport 22001
  201. # option dest lan
  202. # option dest_port 22
  203. # option proto tcp
  204.  
  205. # allow IPsec/ESP and ISAKMP passthrough
  206. config rule
  207. option src wan
  208. option dest lan
  209. option proto esp
  210. option target ACCEPT
  211.  
  212. config rule
  213. option src wan
  214. option dest lan
  215. option dest_port 500
  216. option proto udp
  217. option target ACCEPT
  218.  
  219. ### FULL CONFIG SECTIONS
  220. #config rule
  221. # option src lan
  222. # option src_ip 192.168.45.2
  223. # option src_mac 00:11:22:33:44:55
  224. # option src_port 80
  225. # option dest wan
  226. # option dest_ip 194.25.2.129
  227. # option dest_port 120
  228. # option proto tcp
  229. # option target REJECT
  230.  
  231. #config redirect
  232. # option src lan
  233. # option src_ip 192.168.45.2
  234. # option src_mac 00:11:22:33:44:55
  235. # option src_port 1024
  236. # option src_dport 80
  237. # option dest_ip 194.25.2.129
  238. # option dest_port 120
  239. # option proto tcp
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!