projects / openwrt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add LD_LIBRARY to cmake.mk
[openwrt.git] / package / firewall / files / firewall.config
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
index 50a92f7..c852f4b 100644 (file)
--- a/package/firewall/files/firewall.config
+++ b/package/firewall/files/firewall.config
@@ -3,15 +3,19 @@ config defaults
        option input            ACCEPT
        option output           ACCEPT 
        option forward          REJECT
        option input            ACCEPT
        option output           ACCEPT 
        option forward          REJECT
+# Uncomment this line to disable ipv6 rules
+#      option disable_ipv6     1
 
 config zone
        option name             lan
 
 config zone
        option name             lan
+       option network  'lan'
        option input    ACCEPT 
        option output   ACCEPT 
        option forward  REJECT
 
 config zone
        option name             wan
        option input    ACCEPT 
        option output   ACCEPT 
        option forward  REJECT
 
 config zone
        option name             wan
+       option network  'wan'
        option input    REJECT
        option output   ACCEPT 
        option forward  REJECT
        option input    REJECT
        option output   ACCEPT 
        option forward  REJECT
@@ -29,6 +33,14 @@ config rule
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option proto            udp
        option dest_port        68
        option target           ACCEPT
+       option family   ipv4
+
+#Allow ping
+config rule
+       option src wan
+       option proto icmp
+       option icmp_type echo-request
+       option target ACCEPT
 
 # include a file with users custom iptables rules
 config include
 
 # include a file with users custom iptables rules
 config include
@@ -65,6 +77,28 @@ config include
 #      option dest_port        80 
 #      option proto            tcp
 
 #      option dest_port        80 
 #      option proto            tcp
 
+# port redirect of remapped ssh port (22001) on wan
+#config redirect
+#      option src              wan
+#      option src_dport        22001
+#      option dest             lan
+#      option dest_port        22
+#      option proto            tcp
+
+# allow IPsec/ESP and ISAKMP passthrough
+#config rule
+#      option src              wan
+#      option dest             lan
+#      option protocol         esp
+#      option target           ACCEPT
+
+#config rule
+#      option src              wan
+#      option dest             lan
+#      option src_port         500
+#      option dest_port        500
+#      option proto            udp
+#      option target           ACCEPT
 
 ### FULL CONFIG SECTIONS
 #config rule
 
 ### FULL CONFIG SECTIONS
 #config rule
Personal OpenWRT clone
This page took 0.019437 seconds and 4 git commands to generate.