diff options
Diffstat (limited to 'package/iptables/files/firewall6.conf')
| -rw-r--r-- | package/iptables/files/firewall6.conf | 98 |
1 files changed, 0 insertions, 98 deletions
diff --git a/package/iptables/files/firewall6.conf b/package/iptables/files/firewall6.conf deleted file mode 100644 index 2e86138b2..000000000 --- a/package/iptables/files/firewall6.conf +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -echo "configure /etc/firewall6.conf first." -exit 1 - -### Interfaces -WAN=sixxs -LAN=br0 -WLAN=wlan0 - -###################################################################### -### Default ruleset -###################################################################### - -### Create chains -ip6tables -N input_rule -ip6tables -N forwarding_rule - -### Default policy -ip6tables -P INPUT DROP -ip6tables -P FORWARD DROP -ip6tables -P OUTPUT DROP - -### INPUT -### (connections with the router as destination) - -# base case -ip6tables -A INPUT -m state --state INVALID -j DROP -ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -ip6tables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP - -# custom rules -ip6tables -A INPUT -j input_rule - -# allow access from anything but WAN -ip6tables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT -# allow icmp messages -ip6tables -A INPUT -p icmp6 -j ACCEPT - -# reject -ip6tables -A INPUT -p tcp -j REJECT --reject-with tcp-reset -ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable - -### OUTPUT -### (connections with the router as source) - -# base case -ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT -ip6tables -A OUTPUT -p icmp6 -j ACCEPT - -### FORWARD -### (connections routed through the router) - -# base case -ip6tables -A FORWARD -m state --state INVALID -j DROP -ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - -# fix for broken ISPs blocking ICMPv6 "packet too big" packets -#ip6tables -t mangle -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - -# custom rules -ip6tables -A FORWARD -j forwarding_rule - -# allow LAN -ip6tables -A FORWARD -i $LAN -o $WAN -j ACCEPT - -###################################################################### -### Default ruleset end -###################################################################### - -### -### Connections to the router -### - -# ssh -#ip6tables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT - -# IPSec -#ip6tables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT -#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT - -# OpenVPN -#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT - -# PPTP -#ip6tables -A input_rule -i $WAN -p gre -j ACCEPT -#ip6tables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT - -### -### VPN traffic -### - -# IPSec -#ip6tables -A forwarding_rule -o ipsec+ -j ACCEPT -#ip6tables -A forwarding_rule -i ipsec+ -j ACCEPT - -# OpenVPN -#ip6tables -A forwarding_rule -o tun+ -j ACCEPT -#ip6tables -A forwarding_rule -i tun+ -j ACCEPT |