aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall/files/firewall.config
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2008-08-11 22:27:36 +0000
committerJohn Crispin <john@openwrt.org>2008-08-11 22:27:36 +0000
commit5627667654db791fc105117c8d5717caacbaa1b9 (patch)
tree45d8346e7513ce5adcc570f6fc31e09586ffb9c9 /package/firewall/files/firewall.config
parent4b5488ebfa23f854fc087a6ae64962905683be7f (diff)
downloadupstream-5627667654db791fc105117c8d5717caacbaa1b9.tar.gz
upstream-5627667654db791fc105117c8d5717caacbaa1b9.tar.bz2
upstream-5627667654db791fc105117c8d5717caacbaa1b9.zip
uci firewall - make uci firewall default and remove old code - fix up dependencies
SVN-Revision: 12284
Diffstat (limited to 'package/firewall/files/firewall.config')
-rwxr-xr-xpackage/firewall/files/firewall.config80
1 files changed, 80 insertions, 0 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
new file mode 100755
index 0000000000..073169013d
--- /dev/null
+++ b/package/firewall/files/firewall.config
@@ -0,0 +1,80 @@
+config defaults
+ option syn_flood 1
+ option input DROP
+ option output ACCEPT
+ option forward DROP
+
+config zone
+ option name lan
+ option input ACCEPT
+ option output ACCEPT
+ option forward DROP
+
+config zone
+ option name wan
+ option input DROP
+ option output ACCEPT
+ option forward DROP
+ option masq 1
+
+config forwarding
+ option src lan
+ option dest wan
+
+
+### EXAMPLE CONFIG SECTIONS
+# do not allow a specific ip to access wan
+#config rule
+# option src lan
+# option src_ip 192.168.45.2
+# option dest wan
+# option proto tcp
+# option target REJECT
+
+# block a specific mac on wan
+#config rule
+# option dest wan
+# option src_mac 00:11:22:33:44:66
+# option target REJECT
+
+# block incoming ICMP traffic on a zone
+#config rule
+# option src lan
+# option proto ICMP
+# option target DROP
+
+# port redirect port coming in on wan to lan
+#config redirect
+# option src wan
+# option src_dport 80
+# option dest lan
+# option dest_ip 192.168.16.235
+# option dest_port 80
+# option protocol tcp
+
+# include a file with users custom iptables rules
+#config include
+# option path /etc/firewall.user
+
+
+### FULL CONFIG SECTIONS
+#config rule
+# option src lan
+# option src_ip 192.168.45.2
+# option src_mac 00:11:22:33:44:55
+# option src_port 80
+# option dest wan
+# option dest_ip 194.25.2.129
+# option dest_port 120
+# option proto tcp
+# option target REJECT
+
+#config redirect
+# option src lan
+# option src_ip 192.168.45.2
+# option src_mac 00:11:22:33:44:55
+# option src_port 1024
+# option src_dport 80
+# option dest_ip 194.25.2.129
+# option dest_port 120
+# option proto tcp