Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. config defaults
  2. option syn_flood 1
  3. option input ACCEPT
  4. option output ACCEPT
  5. option forward REJECT
  6. # Uncomment this line to disable ipv6 rules
  7. # option disable_ipv6 1
  8.  
  9. config zone
  10. option name lan
  11. option network 'lan'
  12. option input ACCEPT
  13. option output ACCEPT
  14. option forward REJECT
  15.  
  16. config zone
  17. option name wan
  18. option network 'wan'
  19. option input REJECT
  20. option output ACCEPT
  21. option forward REJECT
  22. option masq 1
  23. option mtu_fix 1
  24.  
  25. config forwarding
  26. option src lan
  27. option dest wan
  28.  
  29. # We need to accept udp packets on port 68,
  30. # see https://dev.openwrt.org/ticket/4108
  31. config rule
  32. option src wan
  33. option proto udp
  34. option dest_port 68
  35. option target ACCEPT
  36. option family ipv4
  37.  
  38. # Allow IPv4 ping
  39. config rule
  40. option src wan
  41. option proto icmp
  42. option icmp_type echo-request
  43. option family ipv4
  44. option target ACCEPT
  45.  
  46. # Allow essential incoming IPv6 ICMP traffic
  47. config rule
  48. option src wan
  49. option dest *
  50. option proto icmp
  51. list icmp_type echo-request
  52. list icmp_type destination-unreachable
  53. list icmp_type packet-too-big
  54. list icmp_type time-exceeded
  55. list icmp_type bad-header
  56. list icmp_type unknown-header-type
  57. option limit 1000/sec
  58. option family ipv6
  59. option target ACCEPT
  60.  
  61. # include a file with users custom iptables rules
  62. config include
  63. option path /etc/firewall.user