Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 10f627db5c
Branches Tags
openwrt
/
package
/
firewall
/
files
/
firewall.config

firewall.config 1.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. config defaults
    2. 

  2. 	option syn_flood	1
    3. 

  3. 	option input		ACCEPT
    4. 

  4. 	option output		ACCEPT 
    5. 

  5. 	option forward		REJECT
    6. 

  6. 

  7. config zone
    8. 

  8. 	option name		lan
    9. 

  9. 	option input	ACCEPT 
    10. 

  10. 	option output	ACCEPT 
    11. 

  11. 	option forward	REJECT
    12. 

  12. 

  13. config zone
    14. 

  14. 	option name		wan
    15. 

  15. 	option input	REJECT
    16. 

  16. 	option output	ACCEPT 
    17. 

  17. 	option forward	REJECT
    18. 

  18. 	option masq		1 
    19. 

  19. 	option mtu_fix	1
    20. 

  20. 

  21. config forwarding 
    22. 

  22. 	option src      lan
    23. 

  23. 	option dest     wan
    24. 

  24. 

  25. # We need to accept udp packets on port 68,
    26. 

  26. # see https://dev.openwrt.org/ticket/4108
    27. 

  27. config rule
    28. 

  28. 	option src		wan
    29. 

  29. 	option proto		udp
    30. 

  30. 	option dest_port	68
    31. 

  31. 	option target		ACCEPT
    32. 

  32. 

  33. # include a file with users custom iptables rules
    34. 

  34. config include
    35. 

  35. 	option path /etc/firewall.user
    36. 

  36. 

  37. 

  38. ### EXAMPLE CONFIG SECTIONS
    39. 

  39. # do not allow a specific ip to access wan
    40. 

  40. #config rule
    41. 

  41. #	option src		lan
    42. 

  42. #	option src_ip	192.168.45.2
    43. 

  43. #	option dest		wan
    44. 

  44. #	option proto	tcp
    45. 

  45. #	option target	REJECT 
    46. 

  46. 

  47. # block a specific mac on wan
    48. 

  48. #config rule
    49. 

  49. #	option dest		wan
    50. 

  50. #	option src_mac	00:11:22:33:44:66
    51. 

  51. #	option target	REJECT 
    52. 

  52. 

  53. # block incoming ICMP traffic on a zone
    54. 

  54. #config rule
    55. 

  55. #	option src		lan
    56. 

  56. #	option proto	ICMP
    57. 

  57. #	option target	DROP
    58. 

  58. 

  59. # port redirect port coming in on wan to lan
    60. 

  60. #config redirect
    61. 

  61. #	option src			wan
    62. 

  62. #	option src_dport	80
    63. 

  63. #	option dest			lan
    64. 

  64. #	option dest_ip		192.168.16.235
    65. 

  65. #	option dest_port	80 
    66. 

  66. #	option proto		tcp
    67. 

  67. 

  68. 

  69. ### FULL CONFIG SECTIONS
    70. 

  70. #config rule
    71. 

  71. #	option src		lan
    72. 

  72. #	option src_ip	192.168.45.2
    73. 

  73. #	option src_mac	00:11:22:33:44:55
    74. 

  74. #	option src_port	80
    75. 

  75. #	option dest		wan
    76. 

  76. #	option dest_ip	194.25.2.129
    77. 

  77. #	option dest_port	120
    78. 

  78. #	option proto	tcp
    79. 

  79. #	option target	REJECT 
    80. 

  80. 

  81. #config redirect
    82. 

  82. #	option src		lan
    83. 

  83. #	option src_ip	192.168.45.2
    84. 

  84. #	option src_mac	00:11:22:33:44:55
    85. 

  85. #	option src_port		1024
    86. 

  86. #	option src_dport	80
    87. 

  87. #	option dest_ip	194.25.2.129
    88. 

  88. #	option dest_port	120
    89. 

  89. #	option proto	tcp
    90.