config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 config zone option name lan option network 'lan' option input ACCEPT option output ACCEPT option forward REJECT config zone option name wan option network 'wan' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config zone option name wifi option network 'wifi' option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1 config forwarding option src lan option dest wifi # Allow IPv4 ping config rule option name Allow-Ping option src wifi option proto icmp option icmp_type echo-request option family ipv4 option target ACCEPT config include option path /etc/firewall.user config rule option src wan option dest_port 2222 option proto tcp option target ACCEPT config rule option src wifi option dest_port 2222 option proto tcp option target ACCEPT config rule option src wifi option dest_port 8080 option proto tcp option target ACCEPT config rule option src wifi option dest_port 80 option proto tcp option target ACCEPT config rule option src wifi option dest_port 698 option proto udp option target ACCEPT