1
0
mirror of git://projects.qi-hardware.com/openwrt-packages.git synced 2024-11-09 10:33:08 +02:00
openwrt-packages/milkymist-files/data/m1/files/etc/config/firewall

142 lines
3.1 KiB
Plaintext
Raw Normal View History

config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'lan'
option 'network' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
option 'mtu_fix' '1'
option 'network' 'wan wwan'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
config 'rule'
option 'name' 'Allow-DHCP-Renew'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'
option 'family' 'ipv4'
config 'rule'
option 'name' 'Allow-Ping'
option 'src' 'wan'
option 'proto' 'icmp'
option 'icmp_type' 'echo-request'
option 'family' 'ipv4'
option 'target' 'ACCEPT'
config 'rule'
option 'name' 'Allow-DHCPv6'
option 'src' 'wan'
option 'proto' 'udp'
option 'src_ip' 'fe80::/10'
option 'src_port' '547'
option 'dest_ip' 'fe80::/10'
option 'dest_port' '546'
option 'family' 'ipv6'
option 'target' 'ACCEPT'
config 'rule'
option 'name' 'Allow-ICMPv6-Input'
option 'src' 'wan'
option 'proto' 'icmp'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
list 'icmp_type' 'router-solicitation'
list 'icmp_type' 'neighbour-solicitation'
option 'limit' '1000/sec'
option 'family' 'ipv6'
option 'target' 'ACCEPT'
config 'rule'
option 'name' 'Allow-ICMPv6-Forward'
option 'src' 'wan'
option 'dest' '*'
option 'proto' 'icmp'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
option 'limit' '1000/sec'
option 'family' 'ipv6'
option 'target' 'ACCEPT'
config 'include'
option 'path' '/etc/firewall.user'
config 'zone'
option 'name' 'newzone'
option 'input' 'ACCEPT'
option 'forward' 'REJECT'
option 'network' ' '
option 'output' 'ACCEPT'
config 'rule'
option 'target' 'ACCEPT'
option 'src' 'wan'
option 'dest_port' '22'
option 'name' 'ssh'
option 'family' 'ipv4'
option 'proto' 'tcp udp'
config 'rule'
option 'target' 'ACCEPT'
option 'src' 'wan'
option 'dest_port' '80'
option 'name' 'web'
option 'family' 'ipv4'
option 'proto' 'tcp udp'
config 'redirect'
option 'target' 'DNAT'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'tcp udp'
option 'src_dport' '4444'
option 'dest_ip' '192.168.42.100'
option 'dest_port' '4444'
option 'name' 'osc'
config 'redirect'
option 'target' 'DNAT'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'tcp'
option 'src_dport' '21'
option 'dest_ip' '192.168.42.100'
option 'dest_port' '21'
option 'name' 'ftp'
config 'redirect'
option 'target' 'DNAT'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'tcp udp'
option 'src_dport' '23'
option 'dest_ip' '192.168.42.100'
option 'dest_port' '23'
option 'name' 'telnet'