diff options
author | John Crispin <john@openwrt.org> | 2008-08-11 22:27:36 +0000 |
---|---|---|
committer | John Crispin <john@openwrt.org> | 2008-08-11 22:27:36 +0000 |
commit | 5627667654db791fc105117c8d5717caacbaa1b9 (patch) | |
tree | 45d8346e7513ce5adcc570f6fc31e09586ffb9c9 /package/firewall/files/firewall.config | |
parent | 4b5488ebfa23f854fc087a6ae64962905683be7f (diff) | |
download | upstream-5627667654db791fc105117c8d5717caacbaa1b9.tar.gz upstream-5627667654db791fc105117c8d5717caacbaa1b9.tar.bz2 upstream-5627667654db791fc105117c8d5717caacbaa1b9.zip |
uci firewall - make uci firewall default and remove old code - fix up dependencies
SVN-Revision: 12284
Diffstat (limited to 'package/firewall/files/firewall.config')
-rwxr-xr-x | package/firewall/files/firewall.config | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config new file mode 100755 index 0000000000..073169013d --- /dev/null +++ b/package/firewall/files/firewall.config @@ -0,0 +1,80 @@ +config defaults + option syn_flood 1 + option input DROP + option output ACCEPT + option forward DROP + +config zone + option name lan + option input ACCEPT + option output ACCEPT + option forward DROP + +config zone + option name wan + option input DROP + option output ACCEPT + option forward DROP + option masq 1 + +config forwarding + option src lan + option dest wan + + +### EXAMPLE CONFIG SECTIONS +# do not allow a specific ip to access wan +#config rule +# option src lan +# option src_ip 192.168.45.2 +# option dest wan +# option proto tcp +# option target REJECT + +# block a specific mac on wan +#config rule +# option dest wan +# option src_mac 00:11:22:33:44:66 +# option target REJECT + +# block incoming ICMP traffic on a zone +#config rule +# option src lan +# option proto ICMP +# option target DROP + +# port redirect port coming in on wan to lan +#config redirect +# option src wan +# option src_dport 80 +# option dest lan +# option dest_ip 192.168.16.235 +# option dest_port 80 +# option protocol tcp + +# include a file with users custom iptables rules +#config include +# option path /etc/firewall.user + + +### FULL CONFIG SECTIONS +#config rule +# option src lan +# option src_ip 192.168.45.2 +# option src_mac 00:11:22:33:44:55 +# option src_port 80 +# option dest wan +# option dest_ip 194.25.2.129 +# option dest_port 120 +# option proto tcp +# option target REJECT + +#config redirect +# option src lan +# option src_ip 192.168.45.2 +# option src_mac 00:11:22:33:44:55 +# option src_port 1024 +# option src_dport 80 +# option dest_ip 194.25.2.129 +# option dest_port 120 +# option proto tcp |