package/firewall/files/firewall.config

   1 config defaults
   2         option syn_flood        1
   3         option input            ACCEPT
   4         option output           ACCEPT
   5         option forward          REJECT
   6
   7 config zone
   8         option name             lan
   9         option input    ACCEPT
  10         option output   ACCEPT
  11         option forward  REJECT
  12
  13 config zone
  14         option name             wan
  15         option input    REJECT
  16         option output   ACCEPT
  17         option forward  REJECT
  18         option masq             1
  19         option mtu_fix  1
  20
  21 config forwarding
  22         option src      lan
  23         option dest     wan
  24
  25 # We need to accept udp packets on port 68,
  26 # see https://dev.openwrt.org/ticket/4108
  27 config rule
  28         option src              wan
  29         option proto            udp
  30         option dest_port        68
  31         option target           ACCEPT
  32
  33 #Allow ping
  34 config rule
  35         option src wan
  36         option proto icmp
  37         option icmp_type echo-request
  38         option target ACCEPT
  39
  40 # include a file with users custom iptables rules
  41 config include
  42         option path /etc/firewall.user
  43
  44
  45 ### EXAMPLE CONFIG SECTIONS
  46 # do not allow a specific ip to access wan
  47 #config rule
  48 #       option src              lan
  49 #       option src_ip   192.168.45.2
  50 #       option dest             wan
  51 #       option proto    tcp
  52 #       option target   REJECT
  53
  54 # block a specific mac on wan
  55 #config rule
  56 #       option dest             wan
  57 #       option src_mac  00:11:22:33:44:66
  58 #       option target   REJECT
  59
  60 # block incoming ICMP traffic on a zone
  61 #config rule
  62 #       option src              lan
  63 #       option proto    ICMP
  64 #       option target   DROP
  65
  66 # port redirect port coming in on wan to lan
  67 #config redirect
  68 #       option src                      wan
  69 #       option src_dport        80
  70 #       option dest                     lan
  71 #       option dest_ip          192.168.16.235
  72 #       option dest_port        80
  73 #       option proto            tcp
  74
  75
  76 ### FULL CONFIG SECTIONS
  77 #config rule
  78 #       option src              lan
  79 #       option src_ip   192.168.45.2
  80 #       option src_mac  00:11:22:33:44:55
  81 #       option src_port 80
  82 #       option dest             wan
  83 #       option dest_ip  194.25.2.129
  84 #       option dest_port        120
  85 #       option proto    tcp
  86 #       option target   REJECT
  87
  88 #config redirect
  89 #       option src              lan
  90 #       option src_ip   192.168.45.2
  91 #       option src_mac  00:11:22:33:44:55
  92 #       option src_port         1024
  93 #       option src_dport        80
  94 #       option dest_ip  194.25.2.129
  95 #       option dest_port        120
  96 #       option proto    tcp