2013-12-02 13:04:54 -07:00
|
|
|
config defaults
|
|
|
|
option syn_flood 1
|
|
|
|
option input ACCEPT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
# Uncomment this line to disable ipv6 rules
|
|
|
|
# option disable_ipv6 1
|
|
|
|
|
|
|
|
config zone
|
|
|
|
option name lan
|
|
|
|
option network 'lan'
|
|
|
|
option input ACCEPT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
|
|
|
|
config zone
|
|
|
|
option name wan
|
|
|
|
option network 'wan'
|
|
|
|
option input REJECT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
option masq 1
|
|
|
|
option mtu_fix 1
|
|
|
|
|
|
|
|
config zone
|
|
|
|
option name wifi
|
|
|
|
option network 'wifi'
|
|
|
|
option input REJECT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
option masq 1
|
|
|
|
option mtu_fix 1
|
|
|
|
|
2014-04-09 00:19:45 -06:00
|
|
|
config zone
|
|
|
|
option name dtdlink
|
|
|
|
option network 'dtdlink'
|
|
|
|
option input REJECT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
option mtu_fix 1
|
2013-12-02 13:04:54 -07:00
|
|
|
|
|
|
|
config forwarding
|
|
|
|
option src lan
|
|
|
|
option dest wan
|
|
|
|
|
|
|
|
config forwarding
|
|
|
|
option src lan
|
|
|
|
option dest wifi
|
|
|
|
|
2013-12-04 20:29:42 -07:00
|
|
|
config forwarding
|
|
|
|
option src wifi
|
|
|
|
option dest wifi
|
2013-12-02 13:04:54 -07:00
|
|
|
|
2014-04-09 00:19:45 -06:00
|
|
|
config forwarding
|
|
|
|
option src lan
|
|
|
|
option dest dtdlink
|
|
|
|
|
|
|
|
config forwarding
|
|
|
|
option src wifi
|
|
|
|
option dest dtdlink
|
|
|
|
|
|
|
|
config forwarding
|
|
|
|
option src dtdlink
|
|
|
|
option dest wifi
|
2013-12-02 13:04:54 -07:00
|
|
|
|
|
|
|
# Allow IPv4 ping
|
|
|
|
config rule
|
|
|
|
option name Allow-Ping
|
|
|
|
option src wifi
|
|
|
|
option proto icmp
|
|
|
|
option icmp_type echo-request
|
|
|
|
option family ipv4
|
|
|
|
option target ACCEPT
|
|
|
|
|
2014-04-09 00:19:45 -06:00
|
|
|
config rule
|
|
|
|
option name Allow-Ping
|
|
|
|
option src dtdlink
|
|
|
|
option proto icmp
|
|
|
|
option icmp_type echo-request
|
|
|
|
option family ipv4
|
|
|
|
option target ACCEPT
|
|
|
|
|
2016-01-09 16:01:30 -07:00
|
|
|
config include
|
|
|
|
option path /usr/local/bin/mesh-firewall
|
|
|
|
option reload 1
|
|
|
|
|
2013-12-02 13:04:54 -07:00
|
|
|
config include
|
|
|
|
option path /etc/firewall.user
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src wan
|
|
|
|
option dest_port 2222
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src wan
|
|
|
|
option dest_port 8080
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2018-08-20 13:09:47 -06:00
|
|
|
config rule
|
|
|
|
option src wan
|
|
|
|
option dest_port 80
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2020-06-24 20:08:06 -06:00
|
|
|
config rule
|
|
|
|
option name Allow-Ping
|
|
|
|
option src wan
|
|
|
|
option proto icmp
|
|
|
|
option icmp_type echo-request
|
|
|
|
option family ipv4
|
|
|
|
option target ACCEPT
|
|
|
|
|
2013-12-02 13:04:54 -07:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 2222
|
|
|
|
option proto tcp
|
2014-01-28 14:05:58 -07:00
|
|
|
option target ACCEPT
|
2013-12-02 13:04:54 -07:00
|
|
|
|
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 8080
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2018-08-20 13:09:47 -06:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 80
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2013-12-02 13:04:54 -07:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 698
|
|
|
|
option proto udp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2013-12-07 19:38:47 -07:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 23
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2014-04-09 00:19:45 -06:00
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 2222
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 8080
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2018-08-20 13:09:47 -06:00
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 80
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2014-04-09 00:19:45 -06:00
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 698
|
|
|
|
option proto udp
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 23
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
2015-04-14 23:31:21 -06:00
|
|
|
|
|
|
|
#SNMPD
|
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 161
|
|
|
|
option proto udp
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 161
|
|
|
|
option proto udp
|
|
|
|
option target ACCEPT
|
2016-01-05 11:00:22 -07:00
|
|
|
|
|
|
|
# olsr jsoninfo
|
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 9090
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src dtdlink
|
|
|
|
option dest_port 9090
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|