Created
April 23, 2020 11:53
-
-
Save mu373/f6d80eb4f81e4eb1e9b36a599f75f546 to your computer and use it in GitHub Desktop.
EdgeRouter X Firewall Settings (excerpt)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set firewall ipv6-name WANv6_IN default-action drop | |
| set firewall ipv6-name WANv6_IN description 'WAN to LAN' | |
| set firewall ipv6-name WANv6_IN enable-default-log | |
| set firewall ipv6-name WANv6_IN rule 10 action accept | |
| set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related' | |
| set firewall ipv6-name WANv6_IN rule 10 state established enable | |
| set firewall ipv6-name WANv6_IN rule 10 state related enable | |
| set firewall ipv6-name WANv6_IN rule 20 action drop | |
| set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state' | |
| set firewall ipv6-name WANv6_IN rule 20 state invalid enable | |
| set firewall ipv6-name WANv6_IN rule 30 action accept | |
| set firewall ipv6-name WANv6_IN rule 30 description 'Allow IPv6 ICMP' | |
| set firewall ipv6-name WANv6_IN rule 30 protocol ipv6-icmp | |
| set firewall ipv6-name WANv6_LOCAL default-action drop | |
| set firewall ipv6-name WANv6_LOCAL description 'WAN to Router' | |
| set firewall ipv6-name WANv6_LOCAL enable-default-log | |
| set firewall ipv6-name WANv6_LOCAL rule 10 action accept | |
| set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related' | |
| set firewall ipv6-name WANv6_LOCAL rule 10 state established enable | |
| set firewall ipv6-name WANv6_LOCAL rule 10 state related enable | |
| set firewall ipv6-name WANv6_LOCAL rule 20 action drop | |
| set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state' | |
| set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable | |
| set firewall ipv6-name WANv6_LOCAL rule 30 action accept | |
| set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 ICMP' | |
| set firewall ipv6-name WANv6_LOCAL rule 30 protocol ipv6-icmp | |
| set firewall ipv6-name WANv6_LOCAL rule 40 action accept | |
| set firewall ipv6-name WANv6_LOCAL rule 40 description 'Allow DHCPv6' | |
| set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546 | |
| set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp | |
| set firewall ipv6-name WANv6_LOCAL rule 40 source port 547 | |
| set firewall name WAN_IN default-action drop | |
| set firewall name WAN_IN description 'WAN to LAN' | |
| set firewall name WAN_IN rule 10 action accept | |
| set firewall name WAN_IN rule 10 description 'Allow established/related' | |
| set firewall name WAN_IN rule 10 state established enable | |
| set firewall name WAN_IN rule 10 state related enable | |
| set firewall name WAN_IN rule 20 action drop | |
| set firewall name WAN_IN rule 20 description 'Drop invalid state' | |
| set firewall name WAN_IN rule 20 state invalid enable | |
| set firewall name WAN_LOCAL default-action drop | |
| set firewall name WAN_LOCAL description 'WAN to Router' | |
| set firewall name WAN_LOCAL rule 10 action accept | |
| set firewall name WAN_LOCAL rule 10 description 'Allow established/related' | |
| set firewall name WAN_LOCAL rule 10 state established enable | |
| set firewall name WAN_LOCAL rule 10 state related enable | |
| set firewall name WAN_LOCAL rule 20 action drop | |
| set firewall name WAN_LOCAL rule 20 description 'Drop invalid state' | |
| set firewall name WAN_LOCAL rule 20 state invalid enable | |
| set interfaces ethernet eth0 firewall in ipv6-name WANv6_IN | |
| set interfaces ethernet eth0 firewall in name WAN_IN | |
| set interfaces ethernet eth0 firewall local ipv6-name WANv6_LOCAL | |
| set interfaces ethernet eth0 firewall local name WAN_LOCAL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment