6 # Uncomment this line to disable ipv6 rules
7 # option disable_ipv6 1
27 # We need to accept udp packets on port 68,
28 # see https://dev.openwrt.org/ticket/4108
40 option icmp_type echo-request
43 # include a file with users custom iptables rules
45 option path /etc/firewall.user
48 ### EXAMPLE CONFIG SECTIONS
49 # do not allow a specific ip to access wan
52 # option src_ip 192.168.45.2
55 # option target REJECT
57 # block a specific mac on wan
60 # option src_mac 00:11:22:33:44:66
61 # option target REJECT
63 # block incoming ICMP traffic on a zone
69 # port redirect port coming in on wan to lan
74 # option dest_ip 192.168.16.235
78 # port redirect of remapped ssh port (22001) on wan
81 # option src_dport 22001
86 # allow IPsec/ESP and ISAKMP passthrough
91 # option target ACCEPT
97 # option dest_port 500
99 # option target ACCEPT
101 ### FULL CONFIG SECTIONS
104 # option src_ip 192.168.45.2
105 # option src_mac 00:11:22:33:44:55
108 # option dest_ip 194.25.2.129
109 # option dest_port 120
111 # option target REJECT
115 # option src_ip 192.168.45.2
116 # option src_mac 00:11:22:33:44:55
117 # option src_port 1024
118 # option src_dport 80
119 # option dest_ip 194.25.2.129
120 # option dest_port 120