API tools faq
paste
Advertisement
Guest User

firewall, wireless and network

a guest
Mar 3rd, 2016
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.85 KB | None | 0 0
raw download clone embed print report
  1. FIREWALL:
  2.  
  3. config defaults
  4. option syn_flood '1'
  5. option input 'ACCEPT'
  6. option output 'ACCEPT'
  7. option forward 'REJECT'
  8.  
  9. config zone
  10. option name 'lan'
  11. option input 'ACCEPT'
  12. option output 'ACCEPT'
  13. option forward 'ACCEPT'
  14. option network 'lan'
  15.  
  16. config zone
  17. option name 'wan'
  18. option input 'REJECT'
  19. option output 'ACCEPT'
  20. option forward 'REJECT'
  21. option masq '1'
  22. option mtu_fix '1'
  23. option network 'wan wan6 wwan'
  24.  
  25. config forwarding
  26. option src 'lan'
  27. option dest 'wan'
  28.  
  29. config rule
  30. option name 'Allow-DHCP-Renew'
  31. option src 'wan'
  32. option proto 'udp'
  33. option dest_port '68'
  34. option target 'ACCEPT'
  35. option family 'ipv4'
  36.  
  37. config rule
  38. option name 'Allow-Ping'
  39. option src 'wan'
  40. option proto 'icmp'
  41. option icmp_type 'echo-request'
  42. option family 'ipv4'
  43. option target 'ACCEPT'
  44.  
  45. config rule
  46. option name 'Allow-IGMP'
  47. option src 'wan'
  48. option proto 'igmp'
  49. option family 'ipv4'
  50. option target 'ACCEPT'
  51.  
  52. config rule
  53. option name 'Allow-DHCPv6'
  54. option src 'wan'
  55. option proto 'udp'
  56. option src_ip 'fe80::/10'
  57. option src_port '547'
  58. option dest_ip 'fe80::/10'
  59. option dest_port '546'
  60. option family 'ipv6'
  61. option target 'ACCEPT'
  62.  
  63. config rule
  64. option name 'Allow-MLD'
  65. option src 'wan'
  66. option proto 'icmp'
  67. option src_ip 'fe80::/10'
  68. list icmp_type '130/0'
  69. list icmp_type '131/0'
  70. list icmp_type '132/0'
  71. list icmp_type '143/0'
  72. option family 'ipv6'
  73. option target 'ACCEPT'
  74.  
  75. config rule
  76. option name 'Allow-ICMPv6-Input'
  77. option src 'wan'
  78. option proto 'icmp'
  79. list icmp_type 'echo-request'
  80. list icmp_type 'echo-reply'
  81. list icmp_type 'destination-unreachable'
  82. list icmp_type 'packet-too-big'
  83. list icmp_type 'time-exceeded'
  84. list icmp_type 'bad-header'
  85. list icmp_type 'unknown-header-type'
  86. list icmp_type 'router-solicitation'
  87. list icmp_type 'neighbour-solicitation'
  88. list icmp_type 'router-advertisement'
  89. list icmp_type 'neighbour-advertisement'
  90. option limit '1000/sec'
  91. option family 'ipv6'
  92. option target 'ACCEPT'
  93.  
  94. config rule
  95. option name 'Allow-ICMPv6-Forward'
  96. option src 'wan'
  97. option dest '*'
  98. option proto 'icmp'
  99. list icmp_type 'echo-request'
  100. list icmp_type 'echo-reply'
  101. list icmp_type 'destination-unreachable'
  102. list icmp_type 'packet-too-big'
  103. list icmp_type 'time-exceeded'
  104. list icmp_type 'bad-header'
  105. list icmp_type 'unknown-header-type'
  106. option limit '1000/sec'
  107. option family 'ipv6'
  108. option target 'ACCEPT'
  109.  
  110. config include
  111. option path '/etc/firewall.user'
  112.  
  113. config rule
  114. option src 'wan'
  115. option dest 'lan'
  116. option proto 'esp'
  117. option target 'ACCEPT'
  118.  
  119. config rule
  120. option src 'wan'
  121. option dest 'lan'
  122. option dest_port '500'
  123. option proto 'udp'
  124. option target 'ACCEPT'
  125.  
  126. =============
  127. WIRELESS:
  128.  
  129. config wifi-device 'radio0'
  130. option type 'mac80211'
  131. option hwmode '11g'
  132. option path '10180000.wmac'
  133. option htmode 'HT20'
  134. option txpower '20'
  135. option country '00'
  136. option channel '11'
  137.  
  138. config wifi-iface
  139. option device 'radio0'
  140. option network 'lan'
  141. option mode 'ap'
  142. option ssid 'PLUTO-1'
  143. option encryption 'psk2+ccmp'
  144. option key '#987router#987'
  145.  
  146. config wifi-iface
  147. option network 'wwan'
  148. option ssid 'WORK'
  149. option encryption 'psk2'
  150. option device 'radio0'
  151. option mode 'sta'
  152. option bssid '64:BC:0C:77:3D:2D'
  153. option key 'WORKKEY717'
  154.  
  155.  
  156. =============
  157. NETWORK:
  158.  
  159. config interface 'loopback'
  160. option ifname 'lo'
  161. option proto 'static'
  162. option ipaddr '127.0.0.1'
  163. option netmask '255.0.0.0'
  164.  
  165. config globals 'globals'
  166. option ula_prefix 'fd5b:7445:68af::/48'
  167.  
  168. config interface 'lan'
  169. option ifname 'eth0'
  170. option force_link '1'
  171. option macaddr '00:1c:c2:1f:cc:b7'
  172. option type 'bridge'
  173. option proto 'static'
  174. option netmask '255.255.255.0'
  175. option ip6assign '60'
  176. option ipaddr '10.10.10.253'
  177.  
  178. config switch
  179. option name 'switch0'
  180. option reset '1'
  181. option enable_vlan '0'
  182.  
  183. config interface 'wwan'
  184. option proto 'dhcp'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!