API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 5th, 2019
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.49 KB | None | 0 0
raw download clone embed print report
  1. config defaults
  2. option syn_flood '1'
  3. option input 'ACCEPT'
  4. option output 'ACCEPT'
  5. option forward 'REJECT'
  6.  
  7. config zone
  8. option name 'lan'
  9. option input 'ACCEPT'
  10. option output 'ACCEPT'
  11. option forward 'ACCEPT'
  12. option network 'lan'
  13.  
  14. config zone
  15. option name 'wan'
  16. option input 'REJECT'
  17. option output 'ACCEPT'
  18. option forward 'REJECT'
  19. option masq '1'
  20. option mtu_fix '1'
  21. option network 'wan wan6'
  22.  
  23. config rule
  24. option name 'Allow-DHCP-Renew'
  25. option src 'wan'
  26. option proto 'udp'
  27. option dest_port '68'
  28. option target 'ACCEPT'
  29. option family 'ipv4'
  30.  
  31. config rule
  32. option name 'Allow-Ping'
  33. option src 'wan'
  34. option proto 'icmp'
  35. option icmp_type 'echo-request'
  36. option family 'ipv4'
  37. option target 'ACCEPT'
  38. option enabled '0'
  39.  
  40. config rule
  41. option name 'Allow-IGMP'
  42. option src 'wan'
  43. option proto 'igmp'
  44. option family 'ipv4'
  45. option target 'ACCEPT'
  46.  
  47. config rule
  48. option name 'Allow-DHCPv6'
  49. option src 'wan'
  50. option proto 'udp'
  51. option src_ip 'fc00::/6'
  52. option dest_ip 'fc00::/6'
  53. option dest_port '546'
  54. option family 'ipv6'
  55. option target 'ACCEPT'
  56.  
  57. config rule
  58. option name 'Allow-MLD'
  59. option src 'wan'
  60. option proto 'icmp'
  61. option src_ip 'fe80::/10'
  62. list icmp_type '130/0'
  63. list icmp_type '131/0'
  64. list icmp_type '132/0'
  65. list icmp_type '143/0'
  66. option family 'ipv6'
  67. option target 'ACCEPT'
  68.  
  69. config rule
  70. option name 'Allow-ICMPv6-Input'
  71. option src 'wan'
  72. option proto 'icmp'
  73. list icmp_type 'echo-request'
  74. list icmp_type 'echo-reply'
  75. list icmp_type 'destination-unreachable'
  76. list icmp_type 'packet-too-big'
  77. list icmp_type 'time-exceeded'
  78. list icmp_type 'bad-header'
  79. list icmp_type 'unknown-header-type'
  80. list icmp_type 'router-solicitation'
  81. list icmp_type 'neighbour-solicitation'
  82. list icmp_type 'router-advertisement'
  83. list icmp_type 'neighbour-advertisement'
  84. option limit '1000/sec'
  85. option family 'ipv6'
  86. option target 'ACCEPT'
  87.  
  88. config rule
  89. option name 'Allow-ICMPv6-Forward'
  90. option src 'wan'
  91. option dest '*'
  92. option proto 'icmp'
  93. list icmp_type 'echo-request'
  94. list icmp_type 'echo-reply'
  95. list icmp_type 'destination-unreachable'
  96. list icmp_type 'packet-too-big'
  97. list icmp_type 'time-exceeded'
  98. list icmp_type 'bad-header'
  99. list icmp_type 'unknown-header-type'
  100. option limit '1000/sec'
  101. option family 'ipv6'
  102. option target 'ACCEPT'
  103.  
  104. config rule
  105. option name 'Allow-IPSec-ESP'
  106. option src 'wan'
  107. option dest 'lan'
  108. option proto 'esp'
  109. option target 'ACCEPT'
  110.  
  111. config rule
  112. option name 'Allow-ISAKMP'
  113. option src 'wan'
  114. option dest 'lan'
  115. option dest_port '500'
  116. option proto 'udp'
  117. option target 'ACCEPT'
  118.  
  119. config include
  120. option path '/etc/firewall.user'
  121.  
  122. config zone
  123. option forward 'REJECT'
  124. option output 'ACCEPT'
  125. option name 'guest'
  126. option input 'REJECT'
  127. option network 'guest'
  128.  
  129. config rule
  130. option target 'ACCEPT'
  131. option proto 'tcp udp'
  132. option dest_port '53'
  133. option name 'Guest DNS'
  134. option src 'guest'
  135.  
  136. config rule
  137. option target 'ACCEPT'
  138. option proto 'udp'
  139. option dest_port '67-68'
  140. option name 'Guest DHCP'
  141. option src 'guest'
  142.  
  143. config zone
  144. option name 'vpnfirewall'
  145. option input 'REJECT'
  146. option output 'ACCEPT'
  147. option forward 'REJECT'
  148. option masq '1'
  149. option mtu_fix '1'
  150. list network 'nordvpntun'
  151.  
  152. #config forwarding
  153. # option src 'lan'
  154. # option dest 'vpnfirewall'
  155.  
  156. config forwarding
  157. option src 'guest'
  158. option dest 'vpnfirewall'
  159.  
  160. # Uncomment to disable kill switch
  161. config forwarding
  162. option src 'lan'
  163. option dest 'wan'
  164.  
  165. #config forwarding
  166. # option src 'guest'
  167. # option dest 'wan'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!