1*d6f4f085SAndroid Build Coastguard Workerconfig defaults 2*d6f4f085SAndroid Build Coastguard Worker option syn_flood '1' 3*d6f4f085SAndroid Build Coastguard Worker option input 'ACCEPT' 4*d6f4f085SAndroid Build Coastguard Worker option output 'ACCEPT' 5*d6f4f085SAndroid Build Coastguard Worker option forward 'REJECT' 6*d6f4f085SAndroid Build Coastguard Worker 7*d6f4f085SAndroid Build Coastguard Workerconfig zone 8*d6f4f085SAndroid Build Coastguard Worker option name 'wifi0' 9*d6f4f085SAndroid Build Coastguard Worker list network 'wifi0' 10*d6f4f085SAndroid Build Coastguard Worker option input 'ACCEPT' 11*d6f4f085SAndroid Build Coastguard Worker option output 'ACCEPT' 12*d6f4f085SAndroid Build Coastguard Worker option forward 'REJECT' 13*d6f4f085SAndroid Build Coastguard Worker 14*d6f4f085SAndroid Build Coastguard Workerconfig forwarding 15*d6f4f085SAndroid Build Coastguard Worker option src 'wifi0' 16*d6f4f085SAndroid Build Coastguard Worker option dest 'wan' 17*d6f4f085SAndroid Build Coastguard Worker 18*d6f4f085SAndroid Build Coastguard Workerconfig zone 19*d6f4f085SAndroid Build Coastguard Worker option name 'wifi1' 20*d6f4f085SAndroid Build Coastguard Worker list network 'wifi1' 21*d6f4f085SAndroid Build Coastguard Worker option input 'ACCEPT' 22*d6f4f085SAndroid Build Coastguard Worker option output 'ACCEPT' 23*d6f4f085SAndroid Build Coastguard Worker option forward 'REJECT' 24*d6f4f085SAndroid Build Coastguard Worker 25*d6f4f085SAndroid Build Coastguard Workerconfig forwarding 26*d6f4f085SAndroid Build Coastguard Worker option src 'wifi1' 27*d6f4f085SAndroid Build Coastguard Worker option dest 'wan' 28*d6f4f085SAndroid Build Coastguard Worker 29*d6f4f085SAndroid Build Coastguard Workerconfig zone 30*d6f4f085SAndroid Build Coastguard Worker option name 'lan' 31*d6f4f085SAndroid Build Coastguard Worker list network 'lan' 32*d6f4f085SAndroid Build Coastguard Worker option input 'ACCEPT' 33*d6f4f085SAndroid Build Coastguard Worker option output 'ACCEPT' 34*d6f4f085SAndroid Build Coastguard Worker option forward 'ACCEPT' 35*d6f4f085SAndroid Build Coastguard Worker 36*d6f4f085SAndroid Build Coastguard Workerconfig zone 37*d6f4f085SAndroid Build Coastguard Worker option name 'wan' 38*d6f4f085SAndroid Build Coastguard Worker list network 'wan' 39*d6f4f085SAndroid Build Coastguard Worker list network 'wan6' 40*d6f4f085SAndroid Build Coastguard Worker option input 'REJECT' 41*d6f4f085SAndroid Build Coastguard Worker option output 'ACCEPT' 42*d6f4f085SAndroid Build Coastguard Worker option forward 'REJECT' 43*d6f4f085SAndroid Build Coastguard Worker option masq '1' 44*d6f4f085SAndroid Build Coastguard Worker option mtu_fix '1' 45*d6f4f085SAndroid Build Coastguard Worker 46*d6f4f085SAndroid Build Coastguard Workerconfig forwarding 47*d6f4f085SAndroid Build Coastguard Worker option src 'lan' 48*d6f4f085SAndroid Build Coastguard Worker option dest 'wan' 49*d6f4f085SAndroid Build Coastguard Worker 50*d6f4f085SAndroid Build Coastguard Workerconfig rule 51*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-DHCP-Renew' 52*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 53*d6f4f085SAndroid Build Coastguard Worker option proto 'udp' 54*d6f4f085SAndroid Build Coastguard Worker option dest_port '68' 55*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 56*d6f4f085SAndroid Build Coastguard Worker option family 'ipv4' 57*d6f4f085SAndroid Build Coastguard Worker 58*d6f4f085SAndroid Build Coastguard Workerconfig rule 59*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-Ping' 60*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 61*d6f4f085SAndroid Build Coastguard Worker option proto 'icmp' 62*d6f4f085SAndroid Build Coastguard Worker option icmp_type 'echo-request' 63*d6f4f085SAndroid Build Coastguard Worker option family 'ipv4' 64*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 65*d6f4f085SAndroid Build Coastguard Worker 66*d6f4f085SAndroid Build Coastguard Workerconfig rule 67*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-IGMP' 68*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 69*d6f4f085SAndroid Build Coastguard Worker option proto 'igmp' 70*d6f4f085SAndroid Build Coastguard Worker option family 'ipv4' 71*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 72*d6f4f085SAndroid Build Coastguard Worker 73*d6f4f085SAndroid Build Coastguard Workerconfig rule 74*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-DHCPv6' 75*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 76*d6f4f085SAndroid Build Coastguard Worker option proto 'udp' 77*d6f4f085SAndroid Build Coastguard Worker option src_ip 'fc00::/6' 78*d6f4f085SAndroid Build Coastguard Worker option dest_ip 'fc00::/6' 79*d6f4f085SAndroid Build Coastguard Worker option dest_port '546' 80*d6f4f085SAndroid Build Coastguard Worker option family 'ipv6' 81*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 82*d6f4f085SAndroid Build Coastguard Worker 83*d6f4f085SAndroid Build Coastguard Workerconfig rule 84*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-MLD' 85*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 86*d6f4f085SAndroid Build Coastguard Worker option proto 'icmp' 87*d6f4f085SAndroid Build Coastguard Worker option src_ip 'fe80::/10' 88*d6f4f085SAndroid Build Coastguard Worker list icmp_type '130/0' 89*d6f4f085SAndroid Build Coastguard Worker list icmp_type '131/0' 90*d6f4f085SAndroid Build Coastguard Worker list icmp_type '132/0' 91*d6f4f085SAndroid Build Coastguard Worker list icmp_type '143/0' 92*d6f4f085SAndroid Build Coastguard Worker option family 'ipv6' 93*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 94*d6f4f085SAndroid Build Coastguard Worker 95*d6f4f085SAndroid Build Coastguard Workerconfig rule 96*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-ICMPv6-Input' 97*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 98*d6f4f085SAndroid Build Coastguard Worker option proto 'icmp' 99*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'echo-request' 100*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'echo-reply' 101*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'destination-unreachable' 102*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'packet-too-big' 103*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'time-exceeded' 104*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'bad-header' 105*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'unknown-header-type' 106*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'router-solicitation' 107*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'neighbour-solicitation' 108*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'router-advertisement' 109*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'neighbour-advertisement' 110*d6f4f085SAndroid Build Coastguard Worker option limit '1000/sec' 111*d6f4f085SAndroid Build Coastguard Worker option family 'ipv6' 112*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 113*d6f4f085SAndroid Build Coastguard Worker 114*d6f4f085SAndroid Build Coastguard Workerconfig rule 115*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-ICMPv6-Forward' 116*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 117*d6f4f085SAndroid Build Coastguard Worker option dest '*' 118*d6f4f085SAndroid Build Coastguard Worker option proto 'icmp' 119*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'echo-request' 120*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'echo-reply' 121*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'destination-unreachable' 122*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'packet-too-big' 123*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'time-exceeded' 124*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'bad-header' 125*d6f4f085SAndroid Build Coastguard Worker list icmp_type 'unknown-header-type' 126*d6f4f085SAndroid Build Coastguard Worker option limit '1000/sec' 127*d6f4f085SAndroid Build Coastguard Worker option family 'ipv6' 128*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 129*d6f4f085SAndroid Build Coastguard Worker 130*d6f4f085SAndroid Build Coastguard Workerconfig rule 131*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-IPSec-ESP' 132*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 133*d6f4f085SAndroid Build Coastguard Worker option dest 'lan' 134*d6f4f085SAndroid Build Coastguard Worker option proto 'esp' 135*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 136*d6f4f085SAndroid Build Coastguard Worker 137*d6f4f085SAndroid Build Coastguard Workerconfig rule 138*d6f4f085SAndroid Build Coastguard Worker option name 'Allow-ISAKMP' 139*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 140*d6f4f085SAndroid Build Coastguard Worker option dest 'lan' 141*d6f4f085SAndroid Build Coastguard Worker option dest_port '500' 142*d6f4f085SAndroid Build Coastguard Worker option proto 'udp' 143*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 144*d6f4f085SAndroid Build Coastguard Worker 145*d6f4f085SAndroid Build Coastguard Workerconfig rule 146*d6f4f085SAndroid Build Coastguard Worker option name 'Support-UDP-Traceroute' 147*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 148*d6f4f085SAndroid Build Coastguard Worker option dest_port '33434:33689' 149*d6f4f085SAndroid Build Coastguard Worker option proto 'udp' 150*d6f4f085SAndroid Build Coastguard Worker option family 'ipv4' 151*d6f4f085SAndroid Build Coastguard Worker option target 'REJECT' 152*d6f4f085SAndroid Build Coastguard Worker option enabled 'false' 153*d6f4f085SAndroid Build Coastguard Worker 154*d6f4f085SAndroid Build Coastguard Workerconfig include 155*d6f4f085SAndroid Build Coastguard Worker option path '/etc/firewall.user' 156*d6f4f085SAndroid Build Coastguard Worker 157*d6f4f085SAndroid Build Coastguard Workerconfig rule 158*d6f4f085SAndroid Build Coastguard Worker option name 'Allow SSH' 159*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 160*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 161*d6f4f085SAndroid Build Coastguard Worker option proto 'tcp' 162*d6f4f085SAndroid Build Coastguard Worker option dest_port '22' 163*d6f4f085SAndroid Build Coastguard Worker 164*d6f4f085SAndroid Build Coastguard Workerconfig rule 165*d6f4f085SAndroid Build Coastguard Worker option name 'Allow LuCI' 166*d6f4f085SAndroid Build Coastguard Worker option src 'wan' 167*d6f4f085SAndroid Build Coastguard Worker option target 'ACCEPT' 168*d6f4f085SAndroid Build Coastguard Worker option proto 'tcp' 169*d6f4f085SAndroid Build Coastguard Worker option dest_port '80 443' 170