From 001bfd5f2b6890cafd209de4ea360927d4dd8a55 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 23 Feb 2013 15:55:49 +0100 Subject: minikrebs is now a submodule --- minikrebs | 1 + .../customfiles/etc/config/firewall | 112 --------------------- 2 files changed, 1 insertion(+), 112 deletions(-) create mode 160000 minikrebs delete mode 100644 minikrebs/profiles/rickroller_advanced/customfiles/etc/config/firewall (limited to 'minikrebs/profiles/rickroller_advanced/customfiles/etc/config/firewall') diff --git a/minikrebs b/minikrebs new file mode 160000 index 00000000..8fd46a7e --- /dev/null +++ b/minikrebs @@ -0,0 +1 @@ +Subproject commit 8fd46a7e3258bff753c42dc43fecfbbc853a685c diff --git a/minikrebs/profiles/rickroller_advanced/customfiles/etc/config/firewall b/minikrebs/profiles/rickroller_advanced/customfiles/etc/config/firewall deleted file mode 100644 index 56f20aa7..00000000 --- a/minikrebs/profiles/rickroller_advanced/customfiles/etc/config/firewall +++ /dev/null @@ -1,112 +0,0 @@ -config defaults - option syn_flood 1 - option input ACCEPT - option output ACCEPT - option forward REJECT - -config zone - option name lan - option network 'lan' - option input ACCEPT - option output ACCEPT - option forward REJECT - -config zone - option name wan - option network 'wan' - option input ACCEPT - option output ACCEPT - option forward REJECT - option masq 1 - option mtu_fix 1 - -config forwarding - option src lan - option dest wan - -# We need to accept udp packets on port 68, -# see https://dev.openwrt.org/ticket/4108 -config rule - option name Allow-DHCP-Renew - option src wan - option proto udp - option dest_port 68 - option target ACCEPT - option family ipv4 - -# Allow IPv4 ping -config rule - option name Allow-Ping - option src wan - option proto icmp - option icmp_type echo-request - option family ipv4 - option target ACCEPT - -# Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 -config rule - option name Allow-DHCPv6 - option src wan - option proto udp - option src_ip fe80::/10 - option src_port 547 - option dest_ip fe80::/10 - option dest_port 546 - option family ipv6 - option target ACCEPT - -# Allow essential incoming IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Input - option src wan - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - list icmp_type router-solicitation - list icmp_type neighbour-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-advertisement - option limit 1000/sec - option family ipv6 - option target ACCEPT - -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src wan - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT - -config redirect - option src lan - option proto tcp - option src_dport 80 - option src_ip !192.168.23.1 - option dest_port 80 - option dest_ip 192.168.23.1 - option target DNAT - -config redirect - option src lan - option proto tcp - option src_dport 443 - option src_ip !192.168.23.1 - option dest_port 443 - option dest_ip 192.168.23.1 - option target DNAT -- cgit v1.2.3