mirror of https://github.com/aredn/aredn.git
268 lines
6.7 KiB
Plaintext
268 lines
6.7 KiB
Plaintext
config defaults
|
|
option syn_flood 1
|
|
option input ACCEPT
|
|
option output ACCEPT
|
|
option forward REJECT
|
|
|
|
config zone
|
|
option name lan
|
|
option network 'lan'
|
|
option input ACCEPT
|
|
option output ACCEPT
|
|
option forward REJECT
|
|
|
|
config zone
|
|
option name wan
|
|
option network 'wan'
|
|
option input REJECT
|
|
option output ACCEPT
|
|
option forward REJECT
|
|
option masq 1
|
|
option mtu_fix 1
|
|
|
|
config zone
|
|
option name wifi
|
|
option network 'wifi'
|
|
option input REJECT
|
|
option output ACCEPT
|
|
option forward REJECT
|
|
option masq 1
|
|
option mtu_fix 1
|
|
|
|
config zone
|
|
option name dtdlink
|
|
<dtdlink_interfaces>
|
|
option input REJECT
|
|
option output ACCEPT
|
|
option forward REJECT
|
|
option mtu_fix 1
|
|
|
|
config zone
|
|
option name vpn
|
|
<vpn_interfaces>
|
|
option input REJECT
|
|
option output ACCEPT
|
|
option forward REJECT
|
|
option mtu_fix 1
|
|
|
|
config forwarding
|
|
option src lan
|
|
option dest wan
|
|
|
|
config forwarding
|
|
option src lan
|
|
option dest wifi
|
|
|
|
config forwarding
|
|
option src wifi
|
|
option dest wifi
|
|
|
|
config forwarding
|
|
option src lan
|
|
option dest dtdlink
|
|
|
|
config forwarding
|
|
option src wifi
|
|
option dest dtdlink
|
|
|
|
config forwarding
|
|
option src dtdlink
|
|
option dest wifi
|
|
|
|
config forwarding
|
|
option src dtdlink
|
|
option dest dtdlink
|
|
|
|
config forwarding
|
|
option src vpn
|
|
option dest wifi
|
|
|
|
config forwarding
|
|
option src wifi
|
|
option dest vpn
|
|
|
|
config forwarding
|
|
option src lan
|
|
option dest vpn
|
|
|
|
config forwarding
|
|
option src vpn
|
|
option dest dtdlink
|
|
|
|
config forwarding
|
|
option src dtdlink
|
|
option dest vpn
|
|
|
|
config forwarding
|
|
option src vpn
|
|
option dest vpn
|
|
|
|
# Allow IPv4 ping
|
|
config rule
|
|
option name Allow-Ping
|
|
option src wifi
|
|
option proto icmp
|
|
option icmp_type echo-request
|
|
option family ipv4
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option name Allow-Ping
|
|
option src dtdlink
|
|
option proto icmp
|
|
option icmp_type echo-request
|
|
option family ipv4
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option name Allow-Ping
|
|
option src vpn
|
|
option proto icmp
|
|
option icmp_type echo-request
|
|
option family ipv4
|
|
option target ACCEPT
|
|
|
|
config include
|
|
option path /usr/local/bin/mesh-firewall
|
|
option fw4_compatible 1
|
|
|
|
config include
|
|
option path /etc/firewall.user
|
|
option fw4_compatible 1
|
|
|
|
config rule
|
|
option name Allow-Ping
|
|
option src wan
|
|
option proto icmp
|
|
option icmp_type echo-request
|
|
option family ipv4
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src wifi
|
|
option dest_port 2222
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src wifi
|
|
option dest_port 8080
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src wifi
|
|
option dest_port 80
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src wifi
|
|
option dest_port 698
|
|
option proto udp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src wifi
|
|
option dest_port 23
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 2222
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 8080
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 80
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 698
|
|
option proto udp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 23
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 2222
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 8080
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 80
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 698
|
|
option proto udp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 23
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
#SNMPD
|
|
config rule
|
|
option src wifi
|
|
option dest_port 161
|
|
option proto udp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 161
|
|
option proto udp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 161
|
|
option proto udp
|
|
option target ACCEPT
|
|
|
|
# olsr jsoninfo
|
|
config rule
|
|
option src wifi
|
|
option dest_port 9090
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src dtdlink
|
|
option dest_port 9090
|
|
option proto tcp
|
|
option target ACCEPT
|
|
|
|
config rule
|
|
option src vpn
|
|
option dest_port 9090
|
|
option proto tcp
|
|
option target ACCEPT
|