diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2013-06-04 12:32:18 +0000 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2013-06-04 12:32:18 +0000 |
| commit | b3f58703d8fbdda3757c31d884df06c109ec33cb (patch) | |
| tree | 3ff9422003f770fccb31fa1c7d2712ef6c356326 /package/firewall/files/firewall.config | |
| parent | 28b4a86ba338302e49eadb8334c62504b8095e6b (diff) | |
| download | upstream-b3f58703d8fbdda3757c31d884df06c109ec33cb.tar.gz upstream-b3f58703d8fbdda3757c31d884df06c109ec33cb.tar.bz2 upstream-b3f58703d8fbdda3757c31d884df06c109ec33cb.zip | |
AA: Drop legacy firewall package
git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@36841 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/firewall/files/firewall.config')
| -rw-r--r-- | package/firewall/files/firewall.config | 176 |
1 files changed, 0 insertions, 176 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config deleted file mode 100644 index 59a45b208d..0000000000 --- a/package/firewall/files/firewall.config +++ /dev/null @@ -1,176 +0,0 @@ -config defaults - option syn_flood 1 - option input ACCEPT - option output ACCEPT - option forward REJECT -# Uncomment this line to disable ipv6 rules -# option disable_ipv6 1 - -config zone - option name lan - option network 'lan' - option input ACCEPT - option output ACCEPT - option forward REJECT - -config zone - option name wan - option network 'wan wan6' - option input REJECT - option output ACCEPT - option forward REJECT - option masq 1 - option mtu_fix 1 - -config forwarding - option src lan - option dest wan - -# We need to accept udp packets on port 68, -# see https://dev.openwrt.org/ticket/4108 -config rule - option name Allow-DHCP-Renew - option src wan - option proto udp - option dest_port 68 - option target ACCEPT - option family ipv4 - -# Allow IPv4 ping -config rule - option name Allow-Ping - option src wan - option proto icmp - option icmp_type echo-request - option family ipv4 - option target ACCEPT - -# Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 -config rule - option name Allow-DHCPv6 - option src wan - option proto udp - option src_ip fe80::/10 - option src_port 547 - option dest_ip fe80::/10 - option dest_port 546 - option family ipv6 - option target ACCEPT - -# Allow essential incoming IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Input - option src wan - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - list icmp_type router-solicitation - list icmp_type neighbour-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-advertisement - option limit 1000/sec - option family ipv6 - option target ACCEPT - -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src wan - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT - -# include a file with users custom iptables rules -config include - option path /etc/firewall.user - - -### EXAMPLE CONFIG SECTIONS -# do not allow a specific ip to access wan -#config rule -# option src lan -# option src_ip 192.168.45.2 -# option dest wan -# option proto tcp -# option target REJECT - -# block a specific mac on wan -#config rule -# option dest wan -# option src_mac 00:11:22:33:44:66 -# option target REJECT - -# block incoming ICMP traffic on a zone -#config rule -# option src lan -# option proto ICMP -# option target DROP - -# port redirect port coming in on wan to lan -#config redirect -# option src wan -# option src_dport 80 -# option dest lan -# option dest_ip 192.168.16.235 -# option dest_port 80 -# option proto tcp - -# port redirect of remapped ssh port (22001) on wan -#config redirect -# option src wan -# option src_dport 22001 -# option dest lan -# option dest_port 22 -# option proto tcp - -# allow IPsec/ESP and ISAKMP passthrough -#config rule -# option src wan -# option dest lan -# option protocol esp -# option target ACCEPT - -#config rule -# option src wan -# option dest lan -# option src_port 500 -# option dest_port 500 -# option proto udp -# option target ACCEPT - -### FULL CONFIG SECTIONS -#config rule -# option src lan -# option src_ip 192.168.45.2 -# option src_mac 00:11:22:33:44:55 -# option src_port 80 -# option dest wan -# option dest_ip 194.25.2.129 -# option dest_port 120 -# option proto tcp -# option target REJECT - -#config redirect -# option src lan -# option src_ip 192.168.45.2 -# option src_mac 00:11:22:33:44:55 -# option src_port 1024 -# option src_dport 80 -# option dest_ip 194.25.2.129 -# option dest_port 120 -# option proto tcp |