uci firewall

- make uci firewall default and remove old code - fix up dependencies git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12284 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: John Crispin <blogic@openwrt.org> 2008-08-11 22:27:36 +0000
committer: John Crispin <blogic@openwrt.org> 2008-08-11 22:27:36 +0000
commit: 4b924f0d7b32978e5161a716acc032ad68007e72 (patch)
tree: c66c8d821b4c251a41ef47fdd7f5237766662b57 /package/firewall/files/firewall.config
parent: ecc88154322e2996c0e6f9734b8224c94d5b070a (diff)
download: master-187ad058-4b924f0d7b32978e5161a716acc032ad68007e72.tar.gz
master-187ad058-4b924f0d7b32978e5161a716acc032ad68007e72.tar.bz2
master-187ad058-4b924f0d7b32978e5161a716acc032ad68007e72.zip
1 files changed, 80 insertions, 0 deletions
diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
new file mode 100755
index 0000000000..073169013d
--- /dev/null
+++ b/package/firewall/files/firewall.config
@@ -0,0 +1,80 @@
+config defaults
+	option syn_flood	1
+	option input		DROP 
+	option output		ACCEPT 
+	option forward		DROP 
+
+config zone
+	option name		lan
+	option input	ACCEPT 
+	option output	ACCEPT 
+	option forward	DROP 
+
+config zone
+	option name		wan
+	option input	DROP 
+	option output	ACCEPT 
+	option forward	DROP 
+	option masq		1 
+
+config forwarding 
+	option src      lan
+	option dest     wan
+
+
+### EXAMPLE CONFIG SECTIONS
+# do not allow a specific ip to access wan
+#config rule
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option dest		wan
+#	option proto	tcp
+#	option target	REJECT 
+
+# block a specific mac on wan
+#config rule
+#	option dest		wan
+#	option src_mac	00:11:22:33:44:66
+#	option target	REJECT 
+
+# block incoming ICMP traffic on a zone
+#config rule
+#	option src		lan
+#	option proto	ICMP
+#	option target	DROP
+
+# port redirect port coming in on wan to lan
+#config redirect
+#	option src			wan
+#	option src_dport	80
+#	option dest			lan
+#	option dest_ip		192.168.16.235
+#	option dest_port	80 
+#	option protocol		tcp
+
+# include a file with users custom iptables rules
+#config include
+#	option path /etc/firewall.user
+
+
+### FULL CONFIG SECTIONS
+#config rule
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option src_mac	00:11:22:33:44:55
+#	option src_port	80
+#	option dest		wan
+#	option dest_ip	194.25.2.129
+#	option dest_port	120
+#	option proto	tcp
+#	option target	REJECT 
+
+#config redirect
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option src_mac	00:11:22:33:44:55
+#	option src_port		1024
+#	option src_dport	80
+#	option dest_ip	194.25.2.129
+#	option dest_port	120
+#	option proto	tcp
author	John Crispin <blogic@openwrt.org>	2008-08-11 22:27:36 +0000
committer	John Crispin <blogic@openwrt.org>	2008-08-11 22:27:36 +0000
commit	4b924f0d7b32978e5161a716acc032ad68007e72 (patch)
tree	c66c8d821b4c251a41ef47fdd7f5237766662b57 /package/firewall/files/firewall.config
parent	ecc88154322e2996c0e6f9734b8224c94d5b070a (diff)
download	master-187ad058-4b924f0d7b32978e5161a716acc032ad68007e72.tar.gz master-187ad058-4b924f0d7b32978e5161a716acc032ad68007e72.tar.bz2 master-187ad058-4b924f0d7b32978e5161a716acc032ad68007e72.zip