API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 16th, 2022
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.26 KB | None | 0 0
raw download clone embed print report
  1. _______ ________ __
  2. | |.-----.-----.-----.| | | |.----.| |_
  3. | - || _ | -__| || | | || _|| _|
  4. |_______|| __|_____|__|__||________||__| |____|
  5. |__| W I R E L E S S F R E E D O M
  6. -----------------------------------------------------
  7. OpenWrt 19.07.8, r11364-ef56c85848
  8. -----------------------------------------------------
  9. root@GL-X750:~# cat /etc/config/firewall
  10.  
  11. config defaults
  12. option input 'ACCEPT'
  13. option output 'ACCEPT'
  14. option forward 'REJECT'
  15. option synflood_protect '1'
  16.  
  17. config zone
  18. option name 'lan'
  19. list network 'lan'
  20. option input 'ACCEPT'
  21. option output 'ACCEPT'
  22. option forward 'ACCEPT'
  23.  
  24. config zone
  25. option name 'wan'
  26. option output 'ACCEPT'
  27. option forward 'REJECT'
  28. option masq '1'
  29. option mtu_fix '1'
  30. option input 'DROP'
  31. option network 'wan wan6 modem_1_1_2'
  32.  
  33. config forwarding
  34. option src 'lan'
  35. option dest 'wan'
  36. option enabled '1'
  37.  
  38. config rule
  39. option name 'Allow-DHCP-Renew'
  40. option src 'wan'
  41. option proto 'udp'
  42. option dest_port '68'
  43. option target 'ACCEPT'
  44. option family 'ipv4'
  45.  
  46. config rule
  47. option name 'Allow-Ping'
  48. option src 'wan'
  49. option proto 'icmp'
  50. option icmp_type 'echo-request'
  51. option family 'ipv4'
  52. option target 'ACCEPT'
  53.  
  54. config rule
  55. option name 'Allow-IGMP'
  56. option src 'wan'
  57. option proto 'igmp'
  58. option family 'ipv4'
  59. option target 'ACCEPT'
  60.  
  61. config rule
  62. option name 'Allow-DHCPv6'
  63. option src 'wan'
  64. option proto 'udp'
  65. option src_ip 'fc00::/6'
  66. option dest_ip 'fc00::/6'
  67. option dest_port '546'
  68. option family 'ipv6'
  69. option target 'ACCEPT'
  70.  
  71. config rule
  72. option name 'Allow-MLD'
  73. option src 'wan'
  74. option proto 'icmp'
  75. option src_ip 'fe80::/10'
  76. list icmp_type '130/0'
  77. list icmp_type '131/0'
  78. list icmp_type '132/0'
  79. list icmp_type '143/0'
  80. option family 'ipv6'
  81. option target 'ACCEPT'
  82.  
  83. config rule
  84. option name 'Allow-ICMPv6-Input'
  85. option src 'wan'
  86. option proto 'icmp'
  87. list icmp_type 'echo-request'
  88. list icmp_type 'echo-reply'
  89. list icmp_type 'destination-unreachable'
  90. list icmp_type 'packet-too-big'
  91. list icmp_type 'time-exceeded'
  92. list icmp_type 'bad-header'
  93. list icmp_type 'unknown-header-type'
  94. list icmp_type 'router-solicitation'
  95. list icmp_type 'neighbour-solicitation'
  96. list icmp_type 'router-advertisement'
  97. list icmp_type 'neighbour-advertisement'
  98. option limit '1000/sec'
  99. option family 'ipv6'
  100. option target 'ACCEPT'
  101.  
  102. config rule
  103. option name 'Allow-ICMPv6-Forward'
  104. option src 'wan'
  105. option dest '*'
  106. option proto 'icmp'
  107. list icmp_type 'echo-request'
  108. list icmp_type 'echo-reply'
  109. list icmp_type 'destination-unreachable'
  110. list icmp_type 'packet-too-big'
  111. list icmp_type 'time-exceeded'
  112. list icmp_type 'bad-header'
  113. list icmp_type 'unknown-header-type'
  114. option limit '1000/sec'
  115. option family 'ipv6'
  116. option target 'ACCEPT'
  117.  
  118. config rule
  119. option name 'Allow-IPSec-ESP'
  120. option src 'wan'
  121. option dest 'lan'
  122. option proto 'esp'
  123. option target 'ACCEPT'
  124.  
  125. config rule
  126. option name 'Allow-ISAKMP'
  127. option src 'wan'
  128. option dest 'lan'
  129. option dest_port '500'
  130. option proto 'udp'
  131. option target 'ACCEPT'
  132.  
  133. config include
  134. option path '/etc/firewall.user'
  135. option reload '1'
  136.  
  137. config include 'gls2s'
  138. option type 'script'
  139. option path '/var/etc/gls2s.include'
  140. option reload '1'
  141.  
  142. config include 'glfw'
  143. option type 'script'
  144. option path '/usr/bin/glfw.sh'
  145. option reload '1'
  146.  
  147. config include 'glqos'
  148. option type 'script'
  149. option path '/usr/sbin/glqos.sh'
  150. option reload '1'
  151.  
  152. config zone 'guestzone'
  153. option name 'guestzone'
  154. option network 'guest'
  155. option forward 'REJECT'
  156. option output 'ACCEPT'
  157. option input 'REJECT'
  158.  
  159. config forwarding 'guestzone_fwd'
  160. option src 'guestzone'
  161. option dest 'wan'
  162. option enabled '1'
  163.  
  164. config rule 'guestzone_dhcp'
  165. option name 'guestzone_DHCP'
  166. option src 'guestzone'
  167. option target 'ACCEPT'
  168. option proto 'udp'
  169. option dest_port '67-68'
  170.  
  171. config rule 'guestzone_dns'
  172. option name 'guestzone_DNS'
  173. option src 'guestzone'
  174. option target 'ACCEPT'
  175. option proto 'tcp udp'
  176. option dest_port '53'
  177.  
  178. config rule 'sambasharewan'
  179. option src 'wan'
  180. option dest_port '137 138 139 445'
  181. option dest_proto 'tcpudp'
  182. option target 'DROP'
  183.  
  184. config rule 'sambasharelan'
  185. option src 'lan'
  186. option dest_port '137 138 139 445'
  187. option dest_proto 'tcpudp'
  188. option target 'ACCEPT'
  189.  
  190. config rule 'AllowWireguard'
  191. option name 'Allow-Wireguard'
  192. option target 'ACCEPT'
  193. option src 'wan'
  194. option proto 'udp tcp'
  195. option family 'ipv4'
  196. option dest_port '51820'
  197.  
  198. config zone 'wireguard'
  199. option name 'wireguard'
  200. option input 'ACCEPT'
  201. option output 'ACCEPT'
  202. option masq '1'
  203. option mtu_fix '1'
  204. option masq6 '1'
  205. list device 'wg0'
  206. option forward 'ACCEPT'
  207.  
  208. config forwarding 'wireguard_wan'
  209. option src 'wireguard'
  210. option dest 'wan'
  211.  
  212. config forwarding 'wireguard_lan'
  213. option src 'wireguard'
  214. option dest 'lan'
  215.  
  216. config forwarding 'lan_wireguard'
  217. option src 'lan'
  218. option dest 'wireguard'
  219.  
  220. config forwarding 'guest_wireguard'
  221. option src 'guestzone'
  222. option dest 'wireguard'
  223.  
  224. config forwarding 'wireguard_guest'
  225. option src 'wireguard'
  226. option dest 'guestzone'
  227.  
  228. config forwarding
  229. option dest 'wireguard'
  230. option src 'wan'
  231.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!