files/etc/config/firewall


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

config defaults                           
        option syn_flood        1         
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
                                   
config zone                        
        option name             lan
        option input    ACCEPT
        option output   ACCEPT
        option forward  REJECT     
                                         
config zone                              
        option name             wan
        option input    REJECT         
        option output   ACCEPT         
        option forward  REJECT     
        option masq             1  
        option mtu_fix  1   
config zone                 
        option name     mesh                
        option input    ACCEPT              
        option output   ACCEPT             
        option forward  REJECT             
config forwarding                          
        option src      lan                   
        option dest     wan                   
config forwarding                  
        option src      mesh       
        option dest     wan                
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule                        
        option src              wan 
        option proto            udp      
        option dest_port        68       
        option target           ACCEPT
                                    
#Allow ping                         
config rule                        
        option src wan        
        option proto icmp            
        option icmp_type echo-request
        option target ACCEPT       
                                                 
# include a file with users custom iptables rules
config include                           
        option path /etc/firewall.user