X-Git-Url: http://git.ozo.com/?p=openwrt-10.03%2F.git;a=blobdiff_plain;f=package%2Ffirewall%2Ffiles%2Ffirewall.config;h=428c5a211c24870709a4c6ba14322f93ef724990;hp=f842a970e0aae97aa61d7d3f509b28762d7a1b05;hb=4993294b6c6dbf6a703975f1b85c98ddfa7bd134;hpb=22bece97bf9ee407b25214cb984edf88c0e44ccc diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config index f842a970e..428c5a211 100644 --- a/package/firewall/files/firewall.config +++ b/package/firewall/files/firewall.config @@ -8,23 +8,23 @@ config defaults config zone option name lan - option network 'lan' - option input ACCEPT - option output ACCEPT - option forward REJECT + option network 'lan' + option input ACCEPT + option output ACCEPT + option forward REJECT config zone option name wan - option network 'wan' - option input REJECT - option output ACCEPT - option forward REJECT + option network 'wan' + option input REJECT + option output ACCEPT + option forward REJECT option masq 1 - option mtu_fix 1 + option mtu_fix 1 config forwarding - option src lan - option dest wan + option src lan + option dest wan # We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 @@ -33,14 +33,30 @@ config rule option proto udp option dest_port 68 option target ACCEPT - option family ipv4 + option family ipv4 -#Allow ping +# Allow IPv4 ping config rule - option src wan - option proto icmp - option icmp_type echo-request - option target ACCEPT + option src wan + option proto icmp + option icmp_type echo-request + option family ipv4 + option target ACCEPT + +# Allow essential incoming IPv6 ICMP traffic +config rule + option src wan + option dest * + option proto icmp + list icmp_type echo-request + list icmp_type destination-unreachable + list icmp_type packet-too-big + list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type + option limit 1000/sec + option family ipv6 + option target ACCEPT # include a file with users custom iptables rules config include