aredn/files/etc/config.mesh_ap/firewall

86 lines
2.2 KiB
Plaintext
Raw Normal View History

config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name wifi
option network 'wifi'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest lan
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wifi
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config include
option path /etc/firewall.user
config rule
option src wan
option dest_port 2222
option proto tcp
option target ACCEPT
config rule
option src wan
option dest_port 8080
option proto tcp
option target ACCEPT
config rule
option src wifi
option dest_port 2222
option proto tcp
option target ACCEPT
config rule
option src wifi
option dest_port 8080
option proto tcp
option target ACCEPT
config rule
option src wifi
option dest_port 698
option proto udp
option target ACCEPT
config rule
option src wifi
option dest_port 1978
option proto tcp
option target ACCEPT