2013-12-02 13:04:54 -07:00
|
|
|
config defaults
|
|
|
|
option syn_flood 1
|
|
|
|
option input ACCEPT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
# Uncomment this line to disable ipv6 rules
|
|
|
|
# option disable_ipv6 1
|
|
|
|
|
|
|
|
config zone
|
|
|
|
option name lan
|
|
|
|
option network 'lan'
|
|
|
|
option input ACCEPT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
|
|
|
|
config zone
|
|
|
|
option name wan
|
|
|
|
option network 'wan'
|
|
|
|
option input REJECT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
option masq 1
|
|
|
|
option mtu_fix 1
|
|
|
|
|
|
|
|
config zone
|
|
|
|
option name wifi
|
|
|
|
option network 'wifi'
|
|
|
|
option input REJECT
|
|
|
|
option output ACCEPT
|
|
|
|
option forward REJECT
|
|
|
|
option masq 1
|
|
|
|
option mtu_fix 1
|
|
|
|
|
|
|
|
|
|
|
|
config forwarding
|
|
|
|
option src lan
|
|
|
|
option dest wifi
|
|
|
|
|
|
|
|
|
|
|
|
# Allow IPv4 ping
|
|
|
|
config rule
|
|
|
|
option name Allow-Ping
|
|
|
|
option src wifi
|
|
|
|
option proto icmp
|
|
|
|
option icmp_type echo-request
|
|
|
|
option family ipv4
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config include
|
2022-12-22 13:22:49 -07:00
|
|
|
option path '/etc/firewall.user'
|
|
|
|
option fw4_compatible 1
|
2013-12-02 13:04:54 -07:00
|
|
|
|
|
|
|
config rule
|
|
|
|
option src wan
|
|
|
|
option dest_port 2222
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2020-06-24 20:08:06 -06:00
|
|
|
config rule
|
|
|
|
option name Allow-Ping
|
|
|
|
option src wan
|
|
|
|
option proto icmp
|
|
|
|
option icmp_type echo-request
|
|
|
|
option family ipv4
|
|
|
|
option target ACCEPT
|
|
|
|
|
2013-12-02 13:04:54 -07:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 2222
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 8080
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2018-08-20 13:09:47 -06:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 80
|
|
|
|
option proto tcp
|
|
|
|
option target ACCEPT
|
|
|
|
|
2013-12-02 13:04:54 -07:00
|
|
|
config rule
|
|
|
|
option src wifi
|
|
|
|
option dest_port 698
|
|
|
|
option proto udp
|
|
|
|
option target ACCEPT
|