Root/cgminer/root-files/etc/config/firewall

Source at commit 25b0a63d4dbda61c994166c906ccb692c3a1cf5f created 11 years 2 months ago.
By Xiangfu, cgminer: update to 2.10.4, include root-files
1
2config 'defaults'
3    option 'syn_flood' '1'
4    option 'input' 'ACCEPT'
5    option 'output' 'ACCEPT'
6    option 'forward' 'REJECT'
7
8config 'zone'
9    option 'name' 'lan'
10    option 'network' 'lan'
11    option 'input' 'ACCEPT'
12    option 'output' 'ACCEPT'
13    option 'forward' 'REJECT'
14
15config 'zone'
16    option 'name' 'wan'
17    option 'input' 'REJECT'
18    option 'output' 'ACCEPT'
19    option 'forward' 'REJECT'
20    option 'masq' '1'
21    option 'mtu_fix' '1'
22    option 'network' 'wan wwan'
23
24config 'forwarding'
25    option 'src' 'lan'
26    option 'dest' 'wan'
27
28config 'rule'
29    option 'name' 'Allow-DHCP-Renew'
30    option 'src' 'wan'
31    option 'proto' 'udp'
32    option 'dest_port' '68'
33    option 'target' 'ACCEPT'
34    option 'family' 'ipv4'
35
36config 'rule'
37    option 'name' 'Allow-Ping'
38    option 'src' 'wan'
39    option 'proto' 'icmp'
40    option 'icmp_type' 'echo-request'
41    option 'family' 'ipv4'
42    option 'target' 'ACCEPT'
43
44config 'rule'
45    option 'name' 'Allow-DHCPv6'
46    option 'src' 'wan'
47    option 'proto' 'udp'
48    option 'src_ip' 'fe80::/10'
49    option 'src_port' '547'
50    option 'dest_ip' 'fe80::/10'
51    option 'dest_port' '546'
52    option 'family' 'ipv6'
53    option 'target' 'ACCEPT'
54
55config 'rule'
56    option 'name' 'Allow-ICMPv6-Input'
57    option 'src' 'wan'
58    option 'proto' 'icmp'
59    list 'icmp_type' 'echo-request'
60    list 'icmp_type' 'destination-unreachable'
61    list 'icmp_type' 'packet-too-big'
62    list 'icmp_type' 'time-exceeded'
63    list 'icmp_type' 'bad-header'
64    list 'icmp_type' 'unknown-header-type'
65    list 'icmp_type' 'router-solicitation'
66    list 'icmp_type' 'neighbour-solicitation'
67    option 'limit' '1000/sec'
68    option 'family' 'ipv6'
69    option 'target' 'ACCEPT'
70
71config 'rule'
72    option 'name' 'Allow-ICMPv6-Forward'
73    option 'src' 'wan'
74    option 'dest' '*'
75    option 'proto' 'icmp'
76    list 'icmp_type' 'echo-request'
77    list 'icmp_type' 'destination-unreachable'
78    list 'icmp_type' 'packet-too-big'
79    list 'icmp_type' 'time-exceeded'
80    list 'icmp_type' 'bad-header'
81    list 'icmp_type' 'unknown-header-type'
82    option 'limit' '1000/sec'
83    option 'family' 'ipv6'
84    option 'target' 'ACCEPT'
85
86config 'include'
87    option 'path' '/etc/firewall.user'
88
89config 'zone'
90    option 'name' 'newzone'
91    option 'input' 'ACCEPT'
92    option 'forward' 'REJECT'
93    option 'network' ' '
94    option 'output' 'ACCEPT'
95
96config 'rule'
97    option 'target' 'ACCEPT'
98    option 'src' 'wan'
99    option 'dest_port' '22'
100    option 'name' 'ssh'
101    option 'family' 'ipv4'
102    option 'proto' 'tcp udp'
103
104config 'rule'
105    option 'target' 'ACCEPT'
106    option 'src' 'wan'
107    option 'dest_port' '80'
108    option 'name' 'web'
109    option 'family' 'ipv4'
110    option 'proto' 'tcp udp'
111
112config 'rule'
113    option 'target' 'ACCEPT'
114    option 'src' 'wan'
115    option 'dest_port' '4028'
116    option 'name' 'cgminer'
117    option 'family' 'ipv4'
118    option 'proto' 'tcp udp'
119
120

Archive Download this file



interactive