Created
April 29, 2014 13:15
-
-
Save irl/11399986 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config defaults | |
| option input 'ACCEPT' | |
| option output 'ACCEPT' | |
| option forward 'ACCEPT' | |
| option drop_invalid '1' | |
| option synflood_protect '1' | |
| option synflood_rate '200/s' | |
| option synflood_burst '500' | |
| option tcp_ecn '1' | |
| config zone | |
| option input 'ACCEPT' | |
| option forward 'ACCEPT' | |
| option output 'ACCEPT' | |
| option name 'wan' | |
| option masq '1' | |
| option mtu_fix '1' | |
| option network 'ge00' | |
| config zone | |
| option input 'ACCEPT' | |
| option forward 'ACCEPT' | |
| option output 'ACCEPT' | |
| option name 'lan' | |
| option device 's+' | |
| config forwarding | |
| option dest 'wan' | |
| option src 'lan' | |
| config forwarding | |
| option dest 'lan' | |
| option src 'wan' | |
| config zone | |
| option input 'ACCEPT' | |
| option output 'ACCEPT' | |
| option name 'guest' | |
| option forward 'ACCEPT' | |
| option device 'gw+' | |
| config zone | |
| option input 'ACCEPT' | |
| option output 'ACCEPT' | |
| option name 'guest' | |
| option forward 'ACCEPT' | |
| option device 'ge00' | |
| config forwarding | |
| option dest 'wan' | |
| option src 'guest' | |
| config forwarding | |
| option dest 'guest' | |
| option src 'lan' | |
| config forwarding | |
| option dest 'guest' | |
| option src 'wan' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'domain' | |
| option proto 'tcp udp' | |
| option src '*' | |
| option dest '*' | |
| option dest_port '53' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'ntp' | |
| option proto 'udp' | |
| option dest '*' | |
| option src '*' | |
| option dest_port '123' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'dhcp4' | |
| option family 'ipv4' | |
| option proto 'udp' | |
| option src '*' | |
| option dest '*' | |
| option dest_port '68' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'printers' | |
| option proto 'tcp' | |
| option src '*' | |
| option dest '*' | |
| option dest_port '631' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'Useful Services' | |
| option proto 'tcp' | |
| option src '*' | |
| option dest '*' | |
| option dest_port '80 81 443 873 993' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'ipv6 dfz' | |
| option family 'ipv6' | |
| option proto 'all' | |
| option src '*' | |
| option dest 'guest' | |
| config rule | |
| option target 'ACCEPT' | |
| option name 'icmpv6' | |
| option family 'ipv6' | |
| option proto 'icmp' | |
| option src '*' | |
| option dest '*' | |
| config rule | |
| option src 'wan' | |
| option proto 'tcp udp' | |
| option dest_port '161 137 138 139 445 9091 8123' | |
| option name 'blockconfig' | |
| option target 'ACCEPT' | |
| config rule | |
| option name 'Allow-DHCPv6' | |
| option src 'wan' | |
| option proto 'udp' | |
| option src_ip 'fe80::/10' | |
| option src_port '547' | |
| option dest_ip 'fe80::/10' | |
| option dest_port '546' | |
| option family 'ipv6' | |
| option target 'ACCEPT' | |
| config rule | |
| option src 'guest' | |
| option proto 'tcpudp' | |
| option dest_port '137 138 139 445 8123' | |
| option name 'blockconfig2' | |
| option target 'ACCEPT' | |
| config rule | |
| option src 'wan' | |
| option dest_port '22' | |
| option target 'ACCEPT' | |
| option proto 'tcp' | |
| config include | |
| option path '/etc/firewall.user' | |
| config include 'miniupnpd' | |
| option type 'script' | |
| option path '/usr/share/miniupnpd/firewall.include' | |
| option family 'IPv4' | |
| option reload '1' | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment