files/etc/config/firewall


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

config defaults                           
        option syn_flood        1         
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
                                                                            
config zone                              
        option name             wan
        option input    REJECT         
        option output   ACCEPT         
        option forward  REJECT     
        option masq             1  
        option mtu_fix  1   
config zone                 
        option name     mesh                
        option input    ACCEPT              
        option output   ACCEPT             
        option forward  REJECT             
                   
config forwarding                  
        option src      mesh       
        option dest     wan                
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule                        
        option src              wan 
        option proto            udp      
        option dest_port        68       
        option target           ACCEPT
                                    
#Allow ping                         
config rule                        
        option src wan        
        option proto icmp            
        option icmp_type echo-request
        option target ACCEPT       
                                                 
# include a file with users custom iptables rules
config include                           
        option path /etc/firewall.user