6 # Uncomment this line to disable ipv6 rules
7 # option disable_ipv6 1
29 # We need to accept udp packets on port 68,
30 # see https://dev.openwrt.org/ticket/4108
42 option icmp_type echo-request
46 # Allow essential incoming IPv6 ICMP traffic
51 list icmp_type echo-request
52 list icmp_type destination-unreachable
53 list icmp_type packet-too-big
54 list icmp_type time-exceeded
55 list icmp_type bad-header
56 list icmp_type unknown-header-type
61 # include a file with users custom iptables rules
63 option path /etc/firewall.user
66 ### EXAMPLE CONFIG SECTIONS
67 # do not allow a specific ip to access wan
70 # option src_ip 192.168.45.2
73 # option target REJECT
75 # block a specific mac on wan
78 # option src_mac 00:11:22:33:44:66
79 # option target REJECT
81 # block incoming ICMP traffic on a zone
87 # port redirect port coming in on wan to lan
92 # option dest_ip 192.168.16.235
97 ### FULL CONFIG SECTIONS
100 # option src_ip 192.168.45.2
101 # option src_mac 00:11:22:33:44:55
104 # option dest_ip 194.25.2.129
105 # option dest_port 120
107 # option target REJECT
111 # option src_ip 192.168.45.2
112 # option src_mac 00:11:22:33:44:55
113 # option src_port 1024
114 # option src_dport 80
115 # option dest_ip 194.25.2.129
116 # option dest_port 120