{
- "cfg01e63d" : {
- ".anonymous" : true,
- ".index" : 0,
- ".name" : "cfg01e63d",
- ".type" : "defaults",
- "forward" : "REJECT",
- "input" : "ACCEPT",
- "output" : "ACCEPT",
- "syn_flood" : "1"
- },
- "cfg02dc81" : {
- ".anonymous" : true,
- ".index" : 1,
- ".name" : "cfg02dc81",
- ".type" : "zone",
- "forward" : "ACCEPT",
- "input" : "ACCEPT",
- "name" : "lan",
- "network" : [
- "lan"
- ],
- "output" : "ACCEPT"
- },
- "cfg03dc81" : {
- ".anonymous" : true,
- ".index" : 2,
- ".name" : "cfg03dc81",
- ".type" : "zone",
- "forward" : "REJECT",
- "input" : "REJECT",
- "masq" : "1",
- "mtu_fix" : "1",
- "name" : "wan",
- "network" : [
- "wan",
- "wan6"
- ],
- "output" : "ACCEPT"
- },
- "cfg04ad58" : {
- ".anonymous" : true,
- ".index" : 3,
- ".name" : "cfg04ad58",
- ".type" : "forwarding",
- "dest" : "wan",
- "src" : "lan"
- },
- "cfg0592bd" : {
- ".anonymous" : true,
- ".index" : 4,
- ".name" : "cfg0592bd",
- ".type" : "rule",
- "dest_port" : "68",
- "family" : "ipv4",
- "name" : "Allow-DHCP-Renew",
- "proto" : "udp",
- "src" : "wan",
- "target" : "ACCEPT"
- },
- "cfg0692bd" : {
- ".anonymous" : true,
- ".index" : 5,
- ".name" : "cfg0692bd",
- ".type" : "rule",
- "family" : "ipv4",
- "icmp_type" : "echo-request",
- "name" : "Allow-Ping",
- "proto" : "icmp",
- "src" : "wan",
- "target" : "ACCEPT"
- },
- "cfg0792bd" : {
- ".anonymous" : true,
- ".index" : 6,
- ".name" : "cfg0792bd",
- ".type" : "rule",
- "family" : "ipv4",
- "name" : "Allow-IGMP",
- "proto" : "igmp",
- "src" : "wan",
- "target" : "ACCEPT"
- },
- "cfg0892bd" : {
- ".anonymous" : true,
- ".index" : 7,
- ".name" : "cfg0892bd",
- ".type" : "rule",
- "dest_ip" : "fc00::/6",
- "dest_port" : "546",
- "family" : "ipv6",
- "name" : "Allow-DHCPv6",
- "proto" : "udp",
- "src" : "wan",
- "src_ip" : "fc00::/6",
- "target" : "ACCEPT"
- },
- "cfg0992bd" : {
- ".anonymous" : true,
- ".index" : 8,
- ".name" : "cfg0992bd",
- ".type" : "rule",
- "family" : "ipv6",
- "icmp_type" : [
- "130/0",
- "131/0",
- "132/0",
- "143/0"
- ],
- "name" : "Allow-MLD",
- "proto" : "icmp",
- "src" : "wan",
- "src_ip" : "fe80::/10",
- "target" : "ACCEPT"
- },
- "cfg0a92bd" : {
- ".anonymous" : true,
- ".index" : 9,
- ".name" : "cfg0a92bd",
- ".type" : "rule",
- "family" : "ipv6",
- "icmp_type" : [
- "echo-request",
- "echo-reply",
- "destination-unreachable",
- "packet-too-big",
- "time-exceeded",
- "bad-header",
- "unknown-header-type",
- "router-solicitation",
- "neighbour-solicitation",
- "router-advertisement",
- "neighbour-advertisement"
- ],
- "limit" : "1000/sec",
- "name" : "Allow-ICMPv6-Input",
- "proto" : "icmp",
- "src" : "wan",
- "target" : "ACCEPT"
- },
- "cfg0b92bd" : {
- ".anonymous" : true,
- ".index" : 10,
- ".name" : "cfg0b92bd",
- ".type" : "rule",
- "dest" : "*",
- "family" : "ipv6",
- "icmp_type" : [
- "echo-request",
- "echo-reply",
- "destination-unreachable",
- "packet-too-big",
- "time-exceeded",
- "bad-header",
- "unknown-header-type"
- ],
- "limit" : "1000/sec",
- "name" : "Allow-ICMPv6-Forward",
- "proto" : "icmp",
- "src" : "wan",
- "target" : "ACCEPT"
- },
- "cfg0c92bd" : {
- ".anonymous" : true,
- ".index" : 11,
- ".name" : "cfg0c92bd",
- ".type" : "rule",
- "dest" : "lan",
- "name" : "Allow-IPSec-ESP",
- "proto" : "esp",
- "src" : "wan",
- "target" : "ACCEPT"
- },
- "cfg0d92bd" : {
- ".anonymous" : true,
- ".index" : 12,
- ".name" : "cfg0d92bd",
- ".type" : "rule",
- "dest" : "lan",
- "dest_port" : "500",
- "name" : "Allow-ISAKMP",
- "proto" : "udp",
- "src" : "wan",
- "target" : "ACCEPT"
- }
+ "defaults": {
+ "forward": "REJECT",
+ "input": "ACCEPT",
+ "output": "ACCEPT",
+ "syn_flood": "1"
+ },
+ "zone": [
+ {
+ "name": "lan",
+ "input": "ACCEPT",
+ "output": "ACCEPT",
+ "forward": "ACCEPT",
+ "network": [ "lan" ]
+ },
+ {
+ "input": "REJECT",
+ "output": "ACCEPT",
+ "forward": "REJECT",
+ "masq": "1",
+ "mtu_fix": "1",
+ "name": "wan",
+ "network": [ "wan", "wan6" ]
+ }
+ ],
+ "forwarding": {
+ "dest": "wan",
+ "src": "lan"
+ },
+ "rule": [
+ {
+ "name": "Allow-DHCP-Renew",
+ "family": "ipv4",
+ "proto": "udp",
+ "src": "wan",
+ "dest_port": "68",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-Ping",
+ "family": "ipv4",
+ "proto": "icmp",
+ "src": "wan",
+ "icmp_type": "echo-request",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-IGMP",
+ "family": "ipv4",
+ "proto": "igmp",
+ "src": "wan",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-DHCPv6",
+ "family": "ipv6",
+ "proto": "udp",
+ "src": "wan",
+ "src_ip": "fc00::/6",
+ "dest_ip": "fc00::/6",
+ "dest_port": "546",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-MLD",
+ "family": "ipv6",
+ "proto": "icmp",
+ "src": "wan",
+ "src_ip": "fe80::/10",
+ "icmp_type": [ "130/0", "131/0", "132/0", "143/0" ],
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-ICMPv6-Input",
+ "family": "ipv6",
+ "proto": "icmp",
+ "src": "wan",
+ "icmp_type": [
+ "echo-request", "echo-reply", "destination-unreachable",
+ "packet-too-big", "time-exceeded", "bad-header", "unknown-header-type",
+ "router-solicitation", "neighbour-solicitation", "router-advertisement",
+ "neighbour-advertisement"
+ ],
+ "limit": "1000/sec",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-ICMPv6-Forward",
+ "family": "ipv6",
+ "proto": "icmp",
+ "src": "wan",
+ "dest": "*",
+ "icmp_type": [
+ "echo-request", "echo-reply", "destination-unreachable",
+ "packet-too-big", "time-exceeded", "bad-header", "unknown-header-type"
+ ],
+ "limit": "1000/sec",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-IPSec-ESP",
+ "proto": "esp",
+ "src": "wan",
+ "dest": "lan",
+ "target": "ACCEPT"
+ },
+ {
+ "name": "Allow-ISAKMP",
+ "proto": "udp",
+ "src": "wan",
+ "dest": "lan",
+ "dest_port": "500",
+ "target": "ACCEPT"
+ }
+ ]
}
projects / project / firewall4.git / blobdiff