首页 发现 帮助
注册 登录
gogadmin
/
home_network
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 6b5f0cef89
分支列表 标签列表
home_network
/
1900acs
/
openwrt
/
2022-02
/
etc
/
config
/
firewall

firewall 1.9 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. 

  2. config defaults
    3. 

  3. 	option input 'ACCEPT'
    4. 

  4. 	option output 'ACCEPT'
    5. 

  5. 	option forward 'REJECT'
    6. 

  6. 	option synflood_protect '1'
    7. 

  7. 

  8. config zone
    9. 

  9. 	option name 'lan'
    10. 

  10. 	option input 'ACCEPT'
    11. 

  11. 	option output 'ACCEPT'
    12. 

  12. 	option forward 'ACCEPT'
    13. 

  13. 	option network 'lan'
    14. 

  14. 

  15. config zone
    16. 

  16. 	option name 'wan'
    17. 

  17. 	option input 'REJECT'
    18. 

  18. 	option output 'ACCEPT'
    19. 

  19. 	option forward 'REJECT'
    20. 

  20. 	option masq '1'
    21. 

  21. 	option mtu_fix '1'
    22. 

  22. 	option network 'wan wan6'
    23. 

  23. 

  24. config forwarding
    25. 

  25. 	option src 'lan'
    26. 

  26. 	option dest 'wan'
    27. 

  27. 

  28. config rule
    29. 

  29. 	option name 'Allow-ICMPv6-Forward'
    30. 

  30. 	option src 'wan'
    31. 

  31. 	option dest '*'
    32. 

  32. 	option proto 'icmp'
    33. 

  33. 	list icmp_type 'echo-request'
    34. 

  34. 	list icmp_type 'echo-reply'
    35. 

  35. 	list icmp_type 'destination-unreachable'
    36. 

  36. 	list icmp_type 'packet-too-big'
    37. 

  37. 	list icmp_type 'time-exceeded'
    38. 

  38. 	list icmp_type 'bad-header'
    39. 

  39. 	list icmp_type 'unknown-header-type'
    40. 

  40. 	option limit '1000/sec'
    41. 

  41. 	option family 'ipv6'
    42. 

  42. 	option target 'ACCEPT'
    43. 

  43. 

  44. config rule
    45. 

  45. 	option name 'Allow-IPSec-ESP'
    46. 

  46. 	option src 'wan'
    47. 

  47. 	option dest 'lan'
    48. 

  48. 	option proto 'esp'
    49. 

  49. 	option target 'ACCEPT'
    50. 

  50. 

  51. config rule
    52. 

  52. 	option name 'Allow-ISAKMP'
    53. 

  53. 	option src 'wan'
    54. 

  54. 	option dest 'lan'
    55. 

  55. 	option dest_port '500'
    56. 

  56. 	option proto 'udp'
    57. 

  57. 	option target 'ACCEPT'
    58. 

  58. 

  59. config include
    60. 

  60. 	option path '/etc/firewall.user'
    61. 

  61. 

  62. config zone
    63. 

  63. 	option name 'lan6v'
    64. 

  64. 	option input 'ACCEPT'
    65. 

  65. 	option network 'LAN6'
    66. 

  66. 	option output 'ACCEPT'
    67. 

  67. 	option forward 'ACCEPT'
    68. 

  68. 

  69. config forwarding
    70. 

  70. 	option dest 'lan'
    71. 

  71. 	option src 'lan6v'
    72. 

  72. 

  73. config zone
    74. 

  74. 	option name 'lanv6wan'
    75. 

  75. 	option input 'ACCEPT'
    76. 

  76. 	option forward 'ACCEPT'
    77. 

  77. 	option network 'LAN6'
    78. 

  78. 	option output 'ACCEPT'
    79. 

  79. 

  80. config forwarding
    81. 

  81. 	option dest 'wan'
    82. 

  82. 	option src 'lanv6wan'
    83. 

  83. 

  84. config zone
    85. 

  85. 	option name 'lanlan6v'
    86. 

  86. 	option input 'ACCEPT'
    87. 

  87. 	option forward 'ACCEPT'
    88. 

  88. 	option network 'lan'
    89. 

  89. 	option output 'ACCEPT'
    90. 

  90. 

  91. config forwarding
    92. 

  92. 	option dest 'lan6v'
    93. 

  93. 	option src 'lanlan6v'
    94. 

  94. 

  95. config zone
    96. 

  96. 	option name 'VLAN7'
    97. 

  97. 	option input 'ACCEPT'
    98. 

  98. 	option forward 'ACCEPT'
    99. 

  99. 	option network 'VLAN7'
    100. 

  100. 	option output 'ACCEPT'
    101. 

  101.