mirror of
git://projects.qi-hardware.com/openwrt-packages.git
synced 2024-12-19 14:11:52 +02:00
149 lines
2.9 KiB
Plaintext
149 lines
2.9 KiB
Plaintext
|
|
||
|
config defaults
|
||
|
option syn_flood '1'
|
||
|
option input 'ACCEPT'
|
||
|
option output 'ACCEPT'
|
||
|
option forward 'REJECT'
|
||
|
|
||
|
config zone
|
||
|
option name 'lan'
|
||
|
option input 'ACCEPT'
|
||
|
option output 'ACCEPT'
|
||
|
option forward 'REJECT'
|
||
|
option network 'lan USB'
|
||
|
|
||
|
config zone
|
||
|
option name 'wan'
|
||
|
option input 'REJECT'
|
||
|
option output 'ACCEPT'
|
||
|
option forward 'REJECT'
|
||
|
option masq '1'
|
||
|
option mtu_fix '1'
|
||
|
option network 'wan wwan'
|
||
|
|
||
|
config forwarding
|
||
|
option src 'lan'
|
||
|
option dest 'wan'
|
||
|
|
||
|
config rule
|
||
|
option name 'Allow-DHCP-Renew'
|
||
|
option src 'wan'
|
||
|
option proto 'udp'
|
||
|
option dest_port '68'
|
||
|
option target 'ACCEPT'
|
||
|
option family 'ipv4'
|
||
|
|
||
|
config rule
|
||
|
option name 'Allow-Ping'
|
||
|
option src 'wan'
|
||
|
option proto 'icmp'
|
||
|
option icmp_type 'echo-request'
|
||
|
option family 'ipv4'
|
||
|
option target 'ACCEPT'
|
||
|
|
||
|
config rule
|
||
|
option name 'Allow-DHCPv6'
|
||
|
option src 'wan'
|
||
|
option proto 'udp'
|
||
|
option src_ip 'fe80::/10'
|
||
|
option src_port '547'
|
||
|
option dest_ip 'fe80::/10'
|
||
|
option dest_port '546'
|
||
|
option family 'ipv6'
|
||
|
option target 'ACCEPT'
|
||
|
|
||
|
config rule
|
||
|
option name 'Allow-ICMPv6-Input'
|
||
|
option src 'wan'
|
||
|
option proto 'icmp'
|
||
|
list icmp_type 'echo-request'
|
||
|
list icmp_type 'destination-unreachable'
|
||
|
list icmp_type 'packet-too-big'
|
||
|
list icmp_type 'time-exceeded'
|
||
|
list icmp_type 'bad-header'
|
||
|
list icmp_type 'unknown-header-type'
|
||
|
list icmp_type 'router-solicitation'
|
||
|
list icmp_type 'neighbour-solicitation'
|
||
|
option limit '1000/sec'
|
||
|
option family 'ipv6'
|
||
|
option target 'ACCEPT'
|
||
|
|
||
|
config rule
|
||
|
option name 'Allow-ICMPv6-Forward'
|
||
|
option src 'wan'
|
||
|
option dest '*'
|
||
|
option proto 'icmp'
|
||
|
list icmp_type 'echo-request'
|
||
|
list icmp_type 'destination-unreachable'
|
||
|
list icmp_type 'packet-too-big'
|
||
|
list icmp_type 'time-exceeded'
|
||
|
list icmp_type 'bad-header'
|
||
|
list icmp_type 'unknown-header-type'
|
||
|
option limit '1000/sec'
|
||
|
option family 'ipv6'
|
||
|
option target 'ACCEPT'
|
||
|
|
||
|
config include
|
||
|
option path '/etc/firewall.user'
|
||
|
|
||
|
config zone
|
||
|
option name 'newzone'
|
||
|
option input 'ACCEPT'
|
||
|
option forward 'REJECT'
|
||
|
option network ' '
|
||
|
option output 'ACCEPT'
|
||
|
|
||
|
config rule
|
||
|
option target 'ACCEPT'
|
||
|
option src 'wan'
|
||
|
option dest_port '22'
|
||
|
option name 'ssh'
|
||
|
option family 'ipv4'
|
||
|
option proto 'tcp udp'
|
||
|
|
||
|
config rule
|
||
|
option target 'ACCEPT'
|
||
|
option src 'wan'
|
||
|
option dest_port '80'
|
||
|
option name 'web'
|
||
|
option family 'ipv4'
|
||
|
option proto 'tcp udp'
|
||
|
|
||
|
config redirect
|
||
|
option target 'DNAT'
|
||
|
option src 'wan'
|
||
|
option dest 'lan'
|
||
|
option proto 'tcp udp'
|
||
|
option src_dport '4444'
|
||
|
option dest_ip '192.168.42.100'
|
||
|
option dest_port '4444'
|
||
|
option name 'osc'
|
||
|
|
||
|
config redirect
|
||
|
option target 'DNAT'
|
||
|
option src 'wan'
|
||
|
option dest 'lan'
|
||
|
option proto 'tcp'
|
||
|
option src_dport '21'
|
||
|
option dest_ip '192.168.42.100'
|
||
|
option dest_port '21'
|
||
|
option name 'ftp'
|
||
|
|
||
|
config redirect
|
||
|
option target 'DNAT'
|
||
|
option src 'wan'
|
||
|
option dest 'lan'
|
||
|
option proto 'tcp udp'
|
||
|
option src_dport '23'
|
||
|
option dest_ip '192.168.42.100'
|
||
|
option dest_port '23'
|
||
|
option name 'telnet'
|
||
|
|
||
|
config rule
|
||
|
option target 'ACCEPT'
|
||
|
option src 'wan'
|
||
|
option proto 'tcp udp'
|
||
|
option dest_port '8080'
|
||
|
option name 'mjpg'
|
||
|
|