2008-08-04 19:51:58 +08:00
|
|
|
config defaults
|
|
|
|
option syn_flood 1
|
2008-09-29 00:17:49 +08:00
|
|
|
option input ACCEPT
|
2008-08-04 19:51:58 +08:00
|
|
|
option output ACCEPT
|
2008-09-24 23:10:16 +08:00
|
|
|
option forward REJECT
|
2008-08-04 19:51:58 +08:00
|
|
|
|
|
|
|
config zone
|
|
|
|
option name lan
|
|
|
|
option input ACCEPT
|
|
|
|
option output ACCEPT
|
2008-09-24 23:10:16 +08:00
|
|
|
option forward REJECT
|
2008-08-04 19:51:58 +08:00
|
|
|
|
|
|
|
config zone
|
|
|
|
option name wan
|
2008-09-24 23:10:16 +08:00
|
|
|
option input REJECT
|
2008-08-04 19:51:58 +08:00
|
|
|
option output ACCEPT
|
2008-09-24 23:10:16 +08:00
|
|
|
option forward REJECT
|
2008-08-04 19:51:58 +08:00
|
|
|
option masq 1
|
|
|
|
|
|
|
|
config forwarding
|
|
|
|
option src lan
|
|
|
|
option dest wan
|
2009-01-31 10:14:27 +08:00
|
|
|
option mtu_fix 1
|
2009-01-01 03:02:03 +08:00
|
|
|
|
2009-04-13 06:38:34 +08:00
|
|
|
# include a file with users custom iptables rules
|
|
|
|
config include
|
|
|
|
option path /etc/firewall.user
|
|
|
|
|
2008-08-04 19:51:58 +08:00
|
|
|
|
|
|
|
### EXAMPLE CONFIG SECTIONS
|
|
|
|
# do not allow a specific ip to access wan
|
|
|
|
#config rule
|
|
|
|
# option src lan
|
|
|
|
# option src_ip 192.168.45.2
|
|
|
|
# option dest wan
|
|
|
|
# option proto tcp
|
|
|
|
# option target REJECT
|
|
|
|
|
|
|
|
# block a specific mac on wan
|
|
|
|
#config rule
|
|
|
|
# option dest wan
|
|
|
|
# option src_mac 00:11:22:33:44:66
|
|
|
|
# option target REJECT
|
|
|
|
|
|
|
|
# block incoming ICMP traffic on a zone
|
|
|
|
#config rule
|
|
|
|
# option src lan
|
|
|
|
# option proto ICMP
|
|
|
|
# option target DROP
|
|
|
|
|
|
|
|
# port redirect port coming in on wan to lan
|
|
|
|
#config redirect
|
|
|
|
# option src wan
|
|
|
|
# option src_dport 80
|
|
|
|
# option dest lan
|
|
|
|
# option dest_ip 192.168.16.235
|
|
|
|
# option dest_port 80
|
2008-08-26 15:23:29 +08:00
|
|
|
# option proto tcp
|
2008-08-04 19:51:58 +08:00
|
|
|
|
|
|
|
|
|
|
|
### FULL CONFIG SECTIONS
|
|
|
|
#config rule
|
|
|
|
# option src lan
|
|
|
|
# option src_ip 192.168.45.2
|
|
|
|
# option src_mac 00:11:22:33:44:55
|
|
|
|
# option src_port 80
|
|
|
|
# option dest wan
|
|
|
|
# option dest_ip 194.25.2.129
|
|
|
|
# option dest_port 120
|
|
|
|
# option proto tcp
|
|
|
|
# option target REJECT
|
|
|
|
|
|
|
|
#config redirect
|
|
|
|
# option src lan
|
|
|
|
# option src_ip 192.168.45.2
|
|
|
|
# option src_mac 00:11:22:33:44:55
|
|
|
|
# option src_port 1024
|
|
|
|
# option src_dport 80
|
|
|
|
# option dest_ip 194.25.2.129
|
|
|
|
# option dest_port 120
|
|
|
|
# option proto tcp
|