mirror of
git://projects.qi-hardware.com/openwrt-packages.git
synced 2024-11-09 10:33:08 +02:00
142 lines
3.1 KiB
Plaintext
142 lines
3.1 KiB
Plaintext
|
|
||
|
config 'defaults'
|
||
|
option 'syn_flood' '1'
|
||
|
option 'input' 'ACCEPT'
|
||
|
option 'output' 'ACCEPT'
|
||
|
option 'forward' 'REJECT'
|
||
|
|
||
|
config 'zone'
|
||
|
option 'name' 'lan'
|
||
|
option 'network' 'lan'
|
||
|
option 'input' 'ACCEPT'
|
||
|
option 'output' 'ACCEPT'
|
||
|
option 'forward' 'REJECT'
|
||
|
|
||
|
config 'zone'
|
||
|
option 'name' 'wan'
|
||
|
option 'input' 'REJECT'
|
||
|
option 'output' 'ACCEPT'
|
||
|
option 'forward' 'REJECT'
|
||
|
option 'masq' '1'
|
||
|
option 'mtu_fix' '1'
|
||
|
option 'network' 'wan wwan'
|
||
|
|
||
|
config 'forwarding'
|
||
|
option 'src' 'lan'
|
||
|
option 'dest' 'wan'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'name' 'Allow-DHCP-Renew'
|
||
|
option 'src' 'wan'
|
||
|
option 'proto' 'udp'
|
||
|
option 'dest_port' '68'
|
||
|
option 'target' 'ACCEPT'
|
||
|
option 'family' 'ipv4'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'name' 'Allow-Ping'
|
||
|
option 'src' 'wan'
|
||
|
option 'proto' 'icmp'
|
||
|
option 'icmp_type' 'echo-request'
|
||
|
option 'family' 'ipv4'
|
||
|
option 'target' 'ACCEPT'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'name' 'Allow-DHCPv6'
|
||
|
option 'src' 'wan'
|
||
|
option 'proto' 'udp'
|
||
|
option 'src_ip' 'fe80::/10'
|
||
|
option 'src_port' '547'
|
||
|
option 'dest_ip' 'fe80::/10'
|
||
|
option 'dest_port' '546'
|
||
|
option 'family' 'ipv6'
|
||
|
option 'target' 'ACCEPT'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'name' 'Allow-ICMPv6-Input'
|
||
|
option 'src' 'wan'
|
||
|
option 'proto' 'icmp'
|
||
|
list 'icmp_type' 'echo-request'
|
||
|
list 'icmp_type' 'destination-unreachable'
|
||
|
list 'icmp_type' 'packet-too-big'
|
||
|
list 'icmp_type' 'time-exceeded'
|
||
|
list 'icmp_type' 'bad-header'
|
||
|
list 'icmp_type' 'unknown-header-type'
|
||
|
list 'icmp_type' 'router-solicitation'
|
||
|
list 'icmp_type' 'neighbour-solicitation'
|
||
|
option 'limit' '1000/sec'
|
||
|
option 'family' 'ipv6'
|
||
|
option 'target' 'ACCEPT'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'name' 'Allow-ICMPv6-Forward'
|
||
|
option 'src' 'wan'
|
||
|
option 'dest' '*'
|
||
|
option 'proto' 'icmp'
|
||
|
list 'icmp_type' 'echo-request'
|
||
|
list 'icmp_type' 'destination-unreachable'
|
||
|
list 'icmp_type' 'packet-too-big'
|
||
|
list 'icmp_type' 'time-exceeded'
|
||
|
list 'icmp_type' 'bad-header'
|
||
|
list 'icmp_type' 'unknown-header-type'
|
||
|
option 'limit' '1000/sec'
|
||
|
option 'family' 'ipv6'
|
||
|
option 'target' 'ACCEPT'
|
||
|
|
||
|
config 'include'
|
||
|
option 'path' '/etc/firewall.user'
|
||
|
|
||
|
config 'zone'
|
||
|
option 'name' 'newzone'
|
||
|
option 'input' 'ACCEPT'
|
||
|
option 'forward' 'REJECT'
|
||
|
option 'network' ' '
|
||
|
option 'output' 'ACCEPT'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'target' 'ACCEPT'
|
||
|
option 'src' 'wan'
|
||
|
option 'dest_port' '22'
|
||
|
option 'name' 'ssh'
|
||
|
option 'family' 'ipv4'
|
||
|
option 'proto' 'tcp udp'
|
||
|
|
||
|
config 'rule'
|
||
|
option 'target' 'ACCEPT'
|
||
|
option 'src' 'wan'
|
||
|
option 'dest_port' '80'
|
||
|
option 'name' 'web'
|
||
|
option 'family' 'ipv4'
|
||
|
option 'proto' 'tcp udp'
|
||
|
|
||
|
config 'redirect'
|
||
|
option 'target' 'DNAT'
|
||
|
option 'src' 'wan'
|
||
|
option 'dest' 'lan'
|
||
|
option 'proto' 'tcp udp'
|
||
|
option 'src_dport' '4444'
|
||
|
option 'dest_ip' '192.168.42.100'
|
||
|
option 'dest_port' '4444'
|
||
|
option 'name' 'osc'
|
||
|
|
||
|
config 'redirect'
|
||
|
option 'target' 'DNAT'
|
||
|
option 'src' 'wan'
|
||
|
option 'dest' 'lan'
|
||
|
option 'proto' 'tcp'
|
||
|
option 'src_dport' '21'
|
||
|
option 'dest_ip' '192.168.42.100'
|
||
|
option 'dest_port' '21'
|
||
|
option 'name' 'ftp'
|
||
|
|
||
|
config 'redirect'
|
||
|
option 'target' 'DNAT'
|
||
|
option 'src' 'wan'
|
||
|
option 'dest' 'lan'
|
||
|
option 'proto' 'tcp udp'
|
||
|
option 'src_dport' '23'
|
||
|
option 'dest_ip' '192.168.42.100'
|
||
|
option 'dest_port' '23'
|
||
|
option 'name' 'telnet'
|
||
|
|