API tools faq
paste
Guest User

Untitled

a guest
Oct 18th, 2018
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.76 KB | None | 0 0
raw download clone embed print report
  1.  
  2. config 'defaults'
  3. option 'syn_flood' '1'
  4. option 'input' 'ACCEPT'
  5. option 'output' 'ACCEPT'
  6. option 'forward' 'REJECT'
  7. option 'drop_invalid' '1'
  8.  
  9. config 'zone'
  10. option 'name' 'lan'
  11. option 'input' 'ACCEPT'
  12. option 'output' 'ACCEPT'
  13. option 'forward' 'REJECT'
  14. option 'network' 'lan'
  15.  
  16. config 'zone'
  17. option 'name' 'dn42'
  18. option 'input' 'ACCEPT'
  19. option 'output' 'ACCEPT'
  20. option 'forward' 'ACCEPT'
  21. list 'masq_src' '192.168.19.0/24'
  22. option 'masq' '1'
  23. option 'network' 'dn42_siska dn42_crest'
  24.  
  25. config 'rule'
  26. option 'name' 'Allow-DHCP-Renew'
  27. option 'src' 'wan'
  28. option 'proto' 'udp'
  29. option 'dest_port' '68'
  30. option 'target' 'ACCEPT'
  31. option 'family' 'ipv4'
  32.  
  33. config 'rule'
  34. option 'name' 'Allow-Ping'
  35. option 'src' 'wan'
  36. option 'proto' 'icmp'
  37. option 'icmp_type' 'echo-request'
  38. option 'family' 'ipv4'
  39. option 'target' 'ACCEPT'
  40.  
  41. config 'rule'
  42. option 'name' 'Allow-DHCPv6'
  43. option 'src' 'wan'
  44. option 'proto' 'udp'
  45. option 'src_ip' 'fe80::/10'
  46. option 'src_port' '547'
  47. option 'dest_ip' 'fe80::/10'
  48. option 'dest_port' '546'
  49. option 'family' 'ipv6'
  50. option 'target' 'ACCEPT'
  51.  
  52. config 'rule'
  53. option 'name' 'Allow-ICMPv6-Input'
  54. option 'src' 'wan'
  55. option 'proto' 'icmp'
  56. list 'icmp_type' 'echo-request'
  57. list 'icmp_type' 'destination-unreachable'
  58. list 'icmp_type' 'packet-too-big'
  59. list 'icmp_type' 'time-exceeded'
  60. list 'icmp_type' 'bad-header'
  61. list 'icmp_type' 'unknown-header-type'
  62. list 'icmp_type' 'router-solicitation'
  63. list 'icmp_type' 'neighbour-solicitation'
  64. option 'limit' '1000/sec'
  65. option 'family' 'ipv6'
  66. option 'target' 'ACCEPT'
  67.  
  68. config 'rule'
  69. option 'name' 'Allow-ICMPv6-Forward'
  70. option 'src' 'wan'
  71. option 'dest' '*'
  72. option 'proto' 'icmp'
  73. list 'icmp_type' 'echo-request'
  74. list 'icmp_type' 'destination-unreachable'
  75. list 'icmp_type' 'packet-too-big'
  76. list 'icmp_type' 'time-exceeded'
  77. list 'icmp_type' 'bad-header'
  78. list 'icmp_type' 'unknown-header-type'
  79. option 'limit' '1000/sec'
  80. option 'family' 'ipv6'
  81. option 'target' 'ACCEPT'
  82.  
  83. config 'include'
  84. option 'path' '/etc/firewall.user'
  85.  
  86. config 'rule'
  87. option 'target' 'ACCEPT'
  88. option '_name' 'OpenVPN'
  89. option 'src' 'wan'
  90. option 'proto' 'tcpudp'
  91. option 'dest_port' '1194'
  92.  
  93. config 'rule'
  94. option 'target' 'ACCEPT'
  95. option '_name' 'BGP'
  96. option 'src' 'wan'
  97. option 'proto' 'tcp'
  98. option 'dest_ip' '172.23.192.1'
  99. option 'dest_port' '179'
  100.  
  101. config 'rule'
  102. option 'target' 'ACCEPT'
  103. option '_name' 'BitTorrent'
  104. option 'src' 'wan'
  105. option 'proto' 'tcpudp'
  106. option 'dest_port' '51413'
  107.  
  108. config 'rule'
  109. option 'target' 'ACCEPT'
  110. option '_name' 'IPerf'
  111. option 'src' 'wan'
  112. option 'proto' 'tcpudp'
  113. option 'dest_port' '5001'
  114.  
  115. config 'zone'
  116. option 'name' 'lsd'
  117. option 'input' 'ACCEPT'
  118. option 'forward' 'REJECT'
  119. option 'output' 'ACCEPT'
  120. option 'network' 'lsd'
  121.  
  122. config 'forwarding'
  123. option 'dest' 'dn42'
  124. option 'src' 'lan'
  125.  
  126. config 'forwarding'
  127. option 'dest' 'dn42'
  128. option 'src' 'lsd'
  129.  
  130. config 'forwarding'
  131. option 'dest' 'lsd'
  132. option 'src' 'lan'
  133.  
  134. config 'forwarding'
  135. option 'dest' 'lan'
  136. option 'src' 'lsd'
  137.  
  138. config 'forwarding'
  139. option 'dest' 'wan'
  140. option 'src' 'lan'
  141.  
  142. config 'forwarding'
  143. option 'dest' 'wan'
  144. option 'src' 'lsd'
  145.  
  146. config 'redirect'
  147. option 'target' 'DNAT'
  148. option 'src' 'wan'
  149. option 'dest' 'lan'
  150. option 'proto' 'tcp udp'
  151. option 'src_dport' '5060'
  152. option 'dest_ip' '192.168.19.2'
  153. option 'dest_port' '5060'
  154. option 'name' 'VoIP-SIP'
  155.  
  156. config 'redirect'
  157. option 'target' 'DNAT'
  158. option 'src' 'wan'
  159. option 'dest' 'lan'
  160. option 'proto' 'tcp udp'
  161. option 'src_dport' '5004'
  162. option 'dest_ip' '192.168.19.2'
  163. option 'dest_port' '5004'
  164. option 'name' 'VoIP-RTP'
  165.  
  166. config 'rule'
  167. option 'target' 'ACCEPT'
  168. option 'name' '6to4'
  169. option 'src' 'wan'
  170. option 'proto' '41'
  171. option '_name' '6in4-in'
  172.  
  173. config 'zone'
  174. option 'name' 'wan'
  175. option 'input' 'ACCEPT'
  176. option 'forward' 'REJECT'
  177. option 'output' 'ACCEPT'
  178. option 'masq' '1'
  179. option 'network' 'he6 wan'
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!