7682ace78dbb986060c35d708080288f7f7819eb
[openwrt/svn-archive/archive.git] / package / firewall / files / firewall.config
1 config defaults
2 option syn_flood 1
3 option input ACCEPT
4 option output ACCEPT
5 option forward REJECT
6 # Uncomment this line to disable ipv6 rules
7 # option disable_ipv6 1
8
9 config zone
10 option name lan
11 option input ACCEPT
12 option output ACCEPT
13 option forward REJECT
14
15 config zone
16 option name wan
17 option input REJECT
18 option output ACCEPT
19 option forward REJECT
20 option masq 1
21 option mtu_fix 1
22
23 config forwarding
24 option src lan
25 option dest wan
26
27 # We need to accept udp packets on port 68,
28 # see https://dev.openwrt.org/ticket/4108
29 config rule
30 option src wan
31 option proto udp
32 option dest_port 68
33 option target ACCEPT
34
35 #Allow ping
36 config rule
37 option src wan
38 option proto icmp
39 option icmp_type echo-request
40 option target ACCEPT
41
42 # include a file with users custom iptables rules
43 config include
44 option path /etc/firewall.user
45
46
47 ### EXAMPLE CONFIG SECTIONS
48 # do not allow a specific ip to access wan
49 #config rule
50 # option src lan
51 # option src_ip 192.168.45.2
52 # option dest wan
53 # option proto tcp
54 # option target REJECT
55
56 # block a specific mac on wan
57 #config rule
58 # option dest wan
59 # option src_mac 00:11:22:33:44:66
60 # option target REJECT
61
62 # block incoming ICMP traffic on a zone
63 #config rule
64 # option src lan
65 # option proto ICMP
66 # option target DROP
67
68 # port redirect port coming in on wan to lan
69 #config redirect
70 # option src wan
71 # option src_dport 80
72 # option dest lan
73 # option dest_ip 192.168.16.235
74 # option dest_port 80
75 # option proto tcp
76
77
78 ### FULL CONFIG SECTIONS
79 #config rule
80 # option src lan
81 # option src_ip 192.168.45.2
82 # option src_mac 00:11:22:33:44:55
83 # option src_port 80
84 # option dest wan
85 # option dest_ip 194.25.2.129
86 # option dest_port 120
87 # option proto tcp
88 # option target REJECT
89
90 #config redirect
91 # option src lan
92 # option src_ip 192.168.45.2
93 # option src_mac 00:11:22:33:44:55
94 # option src_port 1024
95 # option src_dport 80
96 # option dest_ip 194.25.2.129
97 # option dest_port 120
98 # option proto tcp