config defaults
option syn_flood 1
- option input DROP
+ option input ACCEPT
option output ACCEPT
- option forward DROP
+ option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
- option forward DROP
+ option forward REJECT
config zone
option name wan
- option input DROP
+ option input REJECT
option output ACCEPT
- option forward DROP
+ option forward REJECT
option masq 1
+ option mtu_fix 1
config forwarding
option src lan
option dest wan
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+ option src wan
+ option proto udp
+ option dest_port 68
+ option target ACCEPT
+
+# include a file with users custom iptables rules
+config include
+ option path /etc/firewall.user
+
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
-# option protocol tcp
-
-# include a file with users custom iptables rules
-#config include
-# option path /etc/firewall.user
+# option proto tcp
### FULL CONFIG SECTIONS