mirror of https://github.com/aredn/aredn.git
265 lines
4.4 KiB
Plaintext
265 lines
4.4 KiB
Plaintext
|
|
config defaults
|
|
option syn_flood '1'
|
|
option input 'ACCEPT'
|
|
option output 'ACCEPT'
|
|
option forward 'REJECT'
|
|
|
|
config zone
|
|
option name 'lan'
|
|
option network 'lan'
|
|
option input 'ACCEPT'
|
|
option output 'ACCEPT'
|
|
option forward 'REJECT'
|
|
|
|
config zone
|
|
option name 'wan'
|
|
option network 'wan'
|
|
option input 'REJECT'
|
|
option output 'ACCEPT'
|
|
option forward 'REJECT'
|
|
option masq '1'
|
|
option mtu_fix '1'
|
|
|
|
config zone
|
|
option name 'wifi'
|
|
option network 'wifi'
|
|
option input 'REJECT'
|
|
option output 'ACCEPT'
|
|
option forward 'REJECT'
|
|
option mtu_fix '1'
|
|
|
|
config zone
|
|
option name 'dtdlink'
|
|
<dtdlink_interfaces>
|
|
option input 'REJECT'
|
|
option output 'ACCEPT'
|
|
option forward 'REJECT'
|
|
option mtu_fix '1'
|
|
|
|
config zone
|
|
option name 'vpn'
|
|
<vpn_interfaces>
|
|
option input 'REJECT'
|
|
option output 'ACCEPT'
|
|
option forward 'REJECT'
|
|
option mtu_fix '1'
|
|
|
|
config forwarding
|
|
option src 'lan'
|
|
option dest 'wan'
|
|
|
|
config forwarding
|
|
option src 'lan'
|
|
option dest 'wifi'
|
|
|
|
config forwarding
|
|
option src 'wifi'
|
|
option dest 'wifi'
|
|
|
|
config forwarding
|
|
option src 'lan'
|
|
option dest 'dtdlink'
|
|
|
|
config forwarding
|
|
option src 'wifi'
|
|
option dest 'dtdlink'
|
|
|
|
config forwarding
|
|
option src 'dtdlink'
|
|
option dest 'wifi'
|
|
|
|
config forwarding
|
|
option src 'dtdlink'
|
|
option dest 'dtdlink'
|
|
|
|
config forwarding
|
|
option src 'vpn'
|
|
option dest 'wifi'
|
|
|
|
config forwarding
|
|
option src 'wifi'
|
|
option dest 'vpn'
|
|
|
|
config forwarding
|
|
option src 'lan'
|
|
option dest 'vpn'
|
|
|
|
config forwarding
|
|
option src 'vpn'
|
|
option dest 'dtdlink'
|
|
|
|
config forwarding
|
|
option src 'dtdlink'
|
|
option dest 'vpn'
|
|
|
|
config forwarding
|
|
option src 'vpn'
|
|
option dest 'vpn'
|
|
|
|
config rule
|
|
option name 'Allow-Ping'
|
|
option src 'wifi'
|
|
option proto 'icmp'
|
|
option icmp_type 'echo-request'
|
|
option family 'ipv4'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option name 'Allow-Ping'
|
|
option src 'dtdlink'
|
|
option proto 'icmp'
|
|
option icmp_type 'echo-request'
|
|
option family 'ipv4'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option name 'Allow-Ping'
|
|
option src 'vpn'
|
|
option proto 'icmp'
|
|
option icmp_type 'echo-request'
|
|
option family 'ipv4'
|
|
option target 'ACCEPT'
|
|
|
|
config include
|
|
option path '/usr/local/bin/mesh-firewall'
|
|
option fw4_compatible '1'
|
|
|
|
config include
|
|
option path '/etc/firewall.user'
|
|
option fw4_compatible '1'
|
|
|
|
config rule
|
|
option name 'Allow-Ping'
|
|
option src 'wan'
|
|
option proto 'icmp'
|
|
option icmp_type 'echo-request'
|
|
option family 'ipv4'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '2222'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '8080'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '80'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '698'
|
|
option proto 'udp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '23'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '2222'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '8080'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '80'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '698'
|
|
option proto 'udp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '23'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '2222'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '8080'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '80'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '698'
|
|
option proto 'udp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '23'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '161'
|
|
option proto 'udp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '161'
|
|
option proto 'udp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '161'
|
|
option proto 'udp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'wifi'
|
|
option dest_port '9090'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'dtdlink'
|
|
option dest_port '9090'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|
|
|
|
config rule
|
|
option src 'vpn'
|
|
option dest_port '9090'
|
|
option proto 'tcp'
|
|
option target 'ACCEPT'
|