Add firewall configuration to dev environment
[project/luci.git] / contrib / uci / hostfiles / etc / config / firewall
1 config defaults
2 option syn_flood 1
3 option input DROP
4 option output ACCEPT
5 option forward DROP
6
7 config zone
8 option name lan
9 option input ACCEPT
10 option output ACCEPT
11 option forward DROP
12
13 config zone
14 option name wan
15 option input DROP
16 option output ACCEPT
17 option forward DROP
18 option masq 1
19
20 config forwarding
21 option src lan
22 option dest wan
23
24
25 ### EXAMPLE CONFIG SECTIONS
26 # do not allow a specific ip to access wan
27 #config rule
28 # option src lan
29 # option src_ip 192.168.45.2
30 # option dest wan
31 # option proto tcp
32 # option target REJECT
33
34 # block a specific mac on wan
35 #config rule
36 # option dest wan
37 # option src_mac 00:11:22:33:44:66
38 # option target REJECT
39
40 # block incoming ICMP traffic on a zone
41 #config rule
42 # option src lan
43 # option proto ICMP
44 # option target DROP
45
46 # port redirect port coming in on wan to lan
47 #config redirect
48 # option src wan
49 # option src_dport 80
50 # option dest lan
51 # option dest_ip 192.168.16.235
52 # option dest_port 80
53 # option protocol tcp
54
55 # include a file with users custom iptables rules
56 #config include
57 # option path /etc/firewall.user
58
59
60 ### FULL CONFIG SECTIONS
61 #config rule
62 # option src lan
63 # option src_ip 192.168.45.2
64 # option src_mac 00:11:22:33:44:55
65 # option src_port 80
66 # option dest wan
67 # option dest_ip 194.25.2.129
68 # option dest_port 120
69 # option proto tcp
70 # option target REJECT
71
72 #config redirect
73 # option src lan
74 # option src_ip 192.168.45.2
75 # option src_mac 00:11:22:33:44:55
76 # option src_port 1024
77 # option src_dport 80
78 # option dest_ip 194.25.2.129
79 # option dest_port 120
80 # option proto tcp