diff options
Diffstat (limited to 'package/firewall/files')
-rw-r--r-- | package/firewall/files/firewall.config | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config index 632292265..4f2dc4821 100644 --- a/package/firewall/files/firewall.config +++ b/package/firewall/files/firewall.config @@ -1,7 +1,7 @@ config defaults option syn_flood 1 option input ACCEPT - option output ACCEPT + option output ACCEPT option forward REJECT # Uncomment this line to disable ipv6 rules # option disable_ipv6 1 @@ -9,22 +9,22 @@ config defaults config zone option name lan option network 'lan' - option input ACCEPT - option output ACCEPT + option input ACCEPT + option output ACCEPT option forward REJECT config zone option name wan option network 'wan' option input REJECT - option output ACCEPT + option output ACCEPT option forward REJECT - option masq 1 + option masq 1 option mtu_fix 1 -config forwarding - option src lan - option dest wan +config forwarding + option src lan + option dest wan # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 @@ -77,7 +77,7 @@ config rule option target ACCEPT # Allow essential forwarded IPv6 ICMP traffic -config rule +config rule option name Allow-ICMPv6-Forward option src wan option dest * @@ -105,13 +105,13 @@ config include # option src_ip 192.168.45.2 # option dest wan # option proto tcp -# option target REJECT +# option target REJECT # block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 -# option target REJECT +# option target REJECT # block incoming ICMP traffic on a zone #config rule @@ -125,7 +125,7 @@ config include # option src_dport 80 # option dest lan # option dest_ip 192.168.16.235 -# option dest_port 80 +# option dest_port 80 # option proto tcp # port redirect of remapped ssh port (22001) on wan @@ -161,7 +161,7 @@ config include # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp -# option target REJECT +# option target REJECT #config redirect # option src lan |