?SECTION INVALID?SECTION UNTRACKED?SECTION NEW# Don't allow connec

1. ?SECTION INVALID
2. ?SECTION UNTRACKED
3. ?SECTION NEW
4.  
5. # Don't allow connection pickup from the net
6. #
7. Invalid(DROP) net all tcp
8. #
9. # Accept DNS connections from the firewall to the network
10. #
11. DNS(ACCEPT) $FW net
12. #
13. # Allow Ping from/to the VPN
14. #
15. Ping(ACCEPT) vpn $FW
16. Ping(ACCEPT) $FW vpn
17. #
18. # Allow Ping from the firewall to the network
19. #
20. Ping(ACCEPT) $FW net
21. #
22. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
23. #
24. #Ping(DROP) net $FW
25. Ping(ACCEPT) net $FW
26. #
27. # Accept connection from port > 65000 for shadowsocks and glorytun on the firewall
28. #
29. ACCEPT net $FW tcp 65000-65535
30. ACCEPT net $FW udp 65000-65535
31. #
32. # Accept connection from SSH to the firewall
33. #
34. ACCEPT net $FW tcp 65222
35. #
36. # DHCP forward to the VPN from the firewall
37. #
38. DHCPfwd(ACCEPT) $FW vpn
39. #
40. # Redirect all port from 1 to 64999 to the VPN client from the network
41. #
42. DNAT net vpn:$OMR_ADDR tcp 1-64999
43. DNAT net vpn:$OMR_ADDR udp 1-64999
44. ACCEPT net $FW tcp 65101 # OMR openmptcprouter open shadowsocks port tcp
45. ACCEPT net $FW udp 65101 # OMR openmptcprouter open shadowsocks port udp
46. ACCEPT net $FW tcp 65001 # OMR openmptcprouter open glorytun port tcp
47. ACCEPT net $FW udp 65001 # OMR openmptcprouter open glorytun port udp
48. DNAT net vpn:$OMR_ADDR tcp 15501 # OMR openmptcprouter redirect router 15501 port tcp
49. DNAT net vpn:$OMR_ADDR tcp 15500 # OMR openmptcprouter redirect router 15500 port tcp
50. DNAT net vpn:$OMR_ADDR tcp 443 # OMR openmptcprouter redirect router 443 port tcp
51. DNAT net vpn:$OMR_ADDR tcp 80 # OMR openmptcprouter redirect router 80 port tcp
52. DNAT net vpn:$OMR_ADDR tcp 5006 # OMR openmptcprouter redirect router 5006 port tcp
53. DNAT net vpn:$OMR_ADDR tcp 6690 # OMR openmptcprouter redirect router 6690 port tcp
54. DNAT net vpn:$OMR_ADDR tcp 53 # OMR openmptcprouter redirect router 53 port tcp
55. DNAT net vpn:$OMR_ADDR udp 500 # OMR openmptcprouter redirect router 500 port udp
56. DNAT net vpn:$OMR_ADDR udp 4500 # OMR openmptcprouter redirect router 4500 port udp