summaryrefslogtreecommitdiffstats
path: root/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2013-02-23 15:55:49 +0100
committermakefu <github@syntax-fehler.de>2013-02-23 15:55:49 +0100
commit001bfd5f2b6890cafd209de4ea360927d4dd8a55 (patch)
treeff5805c808afc2fbe460f767f65ae1152fb32776 /minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall
parent1ca9360f5a35d0c2ee5876bba85f2ead44e5a540 (diff)
minikrebs is now a submodule
Diffstat (limited to 'minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall')
m---------minikrebs0
-rw-r--r--minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall112
2 files changed, 0 insertions, 112 deletions
diff --git a/minikrebs b/minikrebs
new file mode 160000
+Subproject 8fd46a7e3258bff753c42dc43fecfbbc853a685
diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall
deleted file mode 100644
index 56f20aa7..00000000
--- a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall
+++ /dev/null
@@ -1,112 +0,0 @@
-config defaults
- option syn_flood 1
- option input ACCEPT
- option output ACCEPT
- option forward REJECT
-
-config zone
- option name lan
- option network 'lan'
- option input ACCEPT
- option output ACCEPT
- option forward REJECT
-
-config zone
- option name wan
- option network 'wan'
- option input ACCEPT
- option output ACCEPT
- option forward REJECT
- option masq 1
- option mtu_fix 1
-
-config forwarding
- option src lan
- option dest wan
-
-# We need to accept udp packets on port 68,
-# see https://dev.openwrt.org/ticket/4108
-config rule
- option name Allow-DHCP-Renew
- option src wan
- option proto udp
- option dest_port 68
- option target ACCEPT
- option family ipv4
-
-# Allow IPv4 ping
-config rule
- option name Allow-Ping
- option src wan
- option proto icmp
- option icmp_type echo-request
- option family ipv4
- option target ACCEPT
-
-# Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
-config rule
- option name Allow-DHCPv6
- option src wan
- option proto udp
- option src_ip fe80::/10
- option src_port 547
- option dest_ip fe80::/10
- option dest_port 546
- option family ipv6
- option target ACCEPT
-
-# Allow essential incoming IPv6 ICMP traffic
-config rule
- option name Allow-ICMPv6-Input
- option src wan
- option proto icmp
- list icmp_type echo-request
- list icmp_type echo-reply
- list icmp_type destination-unreachable
- list icmp_type packet-too-big
- list icmp_type time-exceeded
- list icmp_type bad-header
- list icmp_type unknown-header-type
- list icmp_type router-solicitation
- list icmp_type neighbour-solicitation
- list icmp_type router-advertisement
- list icmp_type neighbour-advertisement
- option limit 1000/sec
- option family ipv6
- option target ACCEPT
-
-# Allow essential forwarded IPv6 ICMP traffic
-config rule
- option name Allow-ICMPv6-Forward
- option src wan
- option dest *
- option proto icmp
- list icmp_type echo-request
- list icmp_type echo-reply
- list icmp_type destination-unreachable
- list icmp_type packet-too-big
- list icmp_type time-exceeded
- list icmp_type bad-header
- list icmp_type unknown-header-type
- option limit 1000/sec
- option family ipv6
- option target ACCEPT
-
-config redirect
- option src lan
- option proto tcp
- option src_dport 80
- option src_ip !192.168.23.1
- option dest_port 80
- option dest_ip 192.168.23.1
- option target DNAT
-
-config redirect
- option src lan
- option proto tcp
- option src_dport 443
- option src_ip !192.168.23.1
- option dest_port 443
- option dest_ip 192.168.23.1
- option target DNAT