Root/nanonote-TLWR11U/files/etc/config/firewall

1
2config defaults
3    option syn_flood '1'
4    option input 'ACCEPT'
5    option output 'ACCEPT'
6    option forward 'REJECT'
7
8config zone
9    option name 'lan'
10    option input 'ACCEPT'
11    option output 'ACCEPT'
12    option forward 'REJECT'
13    option network 'lan USB'
14
15config zone
16    option name 'wan'
17    option input 'REJECT'
18    option output 'ACCEPT'
19    option forward 'REJECT'
20    option masq '1'
21    option mtu_fix '1'
22    option network 'wan wwan'
23
24config forwarding
25    option src 'lan'
26    option dest 'wan'
27
28config rule
29    option name 'Allow-DHCP-Renew'
30    option src 'wan'
31    option proto 'udp'
32    option dest_port '68'
33    option target 'ACCEPT'
34    option family 'ipv4'
35
36config rule
37    option name 'Allow-Ping'
38    option src 'wan'
39    option proto 'icmp'
40    option icmp_type 'echo-request'
41    option family 'ipv4'
42    option target 'ACCEPT'
43
44config rule
45    option name 'Allow-DHCPv6'
46    option src 'wan'
47    option proto 'udp'
48    option src_ip 'fe80::/10'
49    option src_port '547'
50    option dest_ip 'fe80::/10'
51    option dest_port '546'
52    option family 'ipv6'
53    option target 'ACCEPT'
54
55config rule
56    option name 'Allow-ICMPv6-Input'
57    option src 'wan'
58    option proto 'icmp'
59    list icmp_type 'echo-request'
60    list icmp_type 'destination-unreachable'
61    list icmp_type 'packet-too-big'
62    list icmp_type 'time-exceeded'
63    list icmp_type 'bad-header'
64    list icmp_type 'unknown-header-type'
65    list icmp_type 'router-solicitation'
66    list icmp_type 'neighbour-solicitation'
67    option limit '1000/sec'
68    option family 'ipv6'
69    option target 'ACCEPT'
70
71config rule
72    option name 'Allow-ICMPv6-Forward'
73    option src 'wan'
74    option dest '*'
75    option proto 'icmp'
76    list icmp_type 'echo-request'
77    list icmp_type 'destination-unreachable'
78    list icmp_type 'packet-too-big'
79    list icmp_type 'time-exceeded'
80    list icmp_type 'bad-header'
81    list icmp_type 'unknown-header-type'
82    option limit '1000/sec'
83    option family 'ipv6'
84    option target 'ACCEPT'
85
86config include
87    option path '/etc/firewall.user'
88
89config zone
90    option name 'newzone'
91    option input 'ACCEPT'
92    option forward 'REJECT'
93    option network ' '
94    option output 'ACCEPT'
95
96config rule
97    option target 'ACCEPT'
98    option src 'wan'
99    option dest_port '22'
100    option name 'ssh'
101    option family 'ipv4'
102    option proto 'tcp udp'
103
104config rule
105    option target 'ACCEPT'
106    option src 'wan'
107    option dest_port '80'
108    option name 'web'
109    option family 'ipv4'
110    option proto 'tcp udp'
111
112config redirect
113    option target 'DNAT'
114    option src 'wan'
115    option dest 'lan'
116    option proto 'tcp udp'
117    option src_dport '4444'
118    option dest_ip '192.168.42.100'
119    option dest_port '4444'
120    option name 'osc'
121
122config redirect
123    option target 'DNAT'
124    option src 'wan'
125    option dest 'lan'
126    option proto 'tcp'
127    option src_dport '21'
128    option dest_ip '192.168.42.100'
129    option dest_port '21'
130    option name 'ftp'
131
132config redirect
133    option target 'DNAT'
134    option src 'wan'
135    option dest 'lan'
136    option proto 'tcp udp'
137    option src_dport '23'
138    option dest_ip '192.168.42.100'
139    option dest_port '23'
140    option name 'telnet'
141
142config rule
143    option target 'ACCEPT'
144    option src 'wan'
145    option proto 'tcp udp'
146    option dest_port '8080'
147    option name 'mjpg'
148
149

Archive Download this file



interactive