OWEALs
/
firewall4
oglindă de https://github.com/openwrt/firewall4


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
							{
	"defaults": {
		"flow_offloading": "1",
		"flow_offloading_hw": "1",
		"forward": "REJECT",
		"input": "REJECT",
		"output": "ACCEPT",
		"syn_flood": "1",
		"unknown_defaults_option": "foo"
	},
	"zone": [
		{
			"name": "lan",
			"input": "ACCEPT",
			"output": "ACCEPT",
			"forward": "ACCEPT",
			"network": [ "lan" ]
		},
		{
			"input": "REJECT",
			"output": "ACCEPT",
			"forward": "REJECT",
			"masq": "1",
			"mtu_fix": "1",
			"name": "wan",
			"network": [ "wan", "wan6" ]
		}
	],
	"forwarding": {
		"dest": "wan",
		"src": "lan"
	},
	"rule": [
		{
			"name": "Allow-DHCP-Renew",
			"family": "ipv4",
			"proto": "udp",
			"src": "wan",
			"dest_port": "68",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-Ping",
			"family": "ipv4",
			"proto": "icmp",
			"src": "wan",
			"icmp_type": "echo-request",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-IGMP",
			"family": "ipv4",
			"proto": "igmp",
			"src": "wan",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-DHCPv6",
			"family": "ipv6",
			"proto": "udp",
			"src": "wan",
			"src_ip": "fc00::/6",
			"dest_ip": "fc00::/6",
			"dest_port": "546",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-MLD",
			"family": "ipv6",
			"proto": "icmp",
			"src": "wan",
			"src_ip": "fe80::/10",
			"icmp_type": [ "130/0", "131/0", "132/0", "143/0" ],
			"target": "ACCEPT"
		},
		{
			"name": "Allow-ICMPv6-Input",
			"family": "ipv6",
			"proto": "icmp",
			"src": "wan",
			"icmp_type": [
				"echo-request", "echo-reply", "destination-unreachable",
				"packet-too-big", "time-exceeded", "bad-header", "unknown-header-type",
				"router-solicitation", "neighbour-solicitation", "router-advertisement",
				"neighbour-advertisement"
			],
			"limit": "1000/sec",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-ICMPv6-Forward",
			"family": "ipv6",
			"proto": "icmp",
			"src": "wan",
			"dest": "*",
			"icmp_type": [
				"echo-request", "echo-reply", "destination-unreachable",
				"packet-too-big", "time-exceeded", "bad-header", "unknown-header-type"
			],
			"limit": "1000/sec",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-IPSec-ESP",
			"proto": "esp",
			"src": "wan",
			"dest": "lan",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-ISAKMP",
			"proto": "udp",
			"src": "wan",
			"dest": "lan",
			"dest_port": "500",
			"target": "ACCEPT"
		},
		{
			"name": "Test-Deprecated-Rule-Option",
			"_name": "Test-Deprecated-Rule-Option",
			"proto": "tcp",
			"unknown_rule_option": "foo"
		}
	]
}