09.OpenWrt-防火墙_openwrt防火墙

作者：繁依Fanyi0 | 2024-07-20 20:35:19

踩

openwrt防火墙

09.OpenWrt-防火墙

防火墙是OPenWrt非常重要的一部分,基础篇只说防火墙的配置和一些常用的命令.

9.1 防火墙配置文件


    root@Togetek:/# cat /etc/config/firewall
    config defaults
            option syn_flood        1
            option input            REJECT
            option output           ACCEPT
            option forward          REJECT
    # Uncomment this line to disable ipv6 rules
    #       option disable_ipv6     1

    config zone
            option name             lan
            list   network          'lan'
            option input            ACCEPT
            option output           ACCEPT
            option forward          ACCEPT

    config zone
            option name             wan
            list   network          'wan'
            list   network          'wan6'
            option input            ACCEPT
            option output           ACCEPT
            option forward          REJECT
            option masq             1
            option mtu_fix          1

    config forwarding
            option src              lan
            option dest             wan

    # We need to accept udp packets on port 68,
    # see https://dev.openwrt.org/ticket/4108
    config rule
            option name             Allow-DHCP-Renew
            option src              wan
            option proto            udp
            option dest_port        68
            option target           ACCEPT
            option family           ipv4

    # Allow IPv4 ping
    config rule
            option name             Allow-Ping
            option src              wan
            option proto            icmp
            option icmp_type        echo-reque
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/繁依Fanyi0/article/detail/858292