API tools faq
paste
Guest User

firewall

a guest
Sep 12th, 2017
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.62 KB | None | 0 0
raw download clone embed print report
  1.  
  2. config defaults
  3. option syn_flood '1'
  4. option input 'ACCEPT'
  5. option output 'ACCEPT'
  6. option forward 'REJECT'
  7.  
  8. config zone
  9. option name 'lan'
  10. option input 'ACCEPT'
  11. option output 'ACCEPT'
  12. option forward 'REJECT'
  13. option network 'lan'
  14. option masq '1'
  15.  
  16. config zone
  17. option name 'wan'
  18. option input 'ACCEPT'
  19. option output 'ACCEPT'
  20. option masq '1'
  21. option mtu_fix '1'
  22. option network 'wan6'
  23. option forward 'REJECT'
  24.  
  25. config rule
  26. option name 'Allow-DHCP-Renew'
  27. option src 'wan'
  28. option proto 'udp'
  29. option dest_port '68'
  30. option target 'ACCEPT'
  31. option family 'ipv4'
  32.  
  33. config rule
  34. option name 'Allow-Ping'
  35. option src 'wan'
  36. option proto 'icmp'
  37. option icmp_type 'echo-request'
  38. option family 'ipv4'
  39. option target 'ACCEPT'
  40.  
  41. config rule
  42. option name 'Allow-DHCPv6'
  43. option src 'wan'
  44. option proto 'udp'
  45. option src_ip 'fe80::/10'
  46. option src_port '547'
  47. option dest_ip 'fe80::/10'
  48. option dest_port '546'
  49. option family 'ipv6'
  50. option target 'ACCEPT'
  51.  
  52. config rule
  53. option name 'Allow-ICMPv6-Input'
  54. option src 'wan'
  55. option proto 'icmp'
  56. list icmp_type 'echo-request'
  57. list icmp_type 'echo-reply'
  58. list icmp_type 'destination-unreachable'
  59. list icmp_type 'packet-too-big'
  60. list icmp_type 'time-exceeded'
  61. list icmp_type 'bad-header'
  62. list icmp_type 'unknown-header-type'
  63. list icmp_type 'router-solicitation'
  64. list icmp_type 'neighbour-solicitation'
  65. list icmp_type 'router-advertisement'
  66. list icmp_type 'neighbour-advertisement'
  67. option limit '1000/sec'
  68. option family 'ipv6'
  69. option target 'ACCEPT'
  70.  
  71. config rule
  72. option name 'Allow-ICMPv6-Forward'
  73. option src 'wan'
  74. option dest '*'
  75. option proto 'icmp'
  76. list icmp_type 'echo-request'
  77. list icmp_type 'echo-reply'
  78. list icmp_type 'destination-unreachable'
  79. list icmp_type 'packet-too-big'
  80. list icmp_type 'time-exceeded'
  81. list icmp_type 'bad-header'
  82. list icmp_type 'unknown-header-type'
  83. option limit '1000/sec'
  84. option family 'ipv6'
  85. option target 'ACCEPT'
  86.  
  87. config include
  88. option path '/etc/firewall.user'
  89.  
  90. config rule
  91. option src 'wan'
  92. option proto 'tcp'
  93. option dest_port '22'
  94. option target 'ACCEPT'
  95.  
  96. config rule
  97. option src 'lan'
  98. option proto 'tcp'
  99. option dest_port '22'
  100. option target 'ACCEPT'
  101.  
  102. config zone
  103. option name 'cute'
  104. list network 'cute'
  105. option input 'ACCEPT'
  106. option output 'ACCEPT'
  107. #option masq '1'
  108. #option mtu_fix '1'
  109. option forward 'REJECT'
  110.  
  111. config forwarding
  112. option src 'lan'
  113. option dest 'cute'
  114.  
  115. config forwarding
  116. option src 'cute'
  117. option dest 'wan'
  118.  
  119. config forwarding
  120. option dest 'cute'
  121. option src 'lan'
  122.  
  123. config forwarding
  124. option dest 'lan'
  125. option src 'wan'
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!