1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
{
"defaults": {
"flow_offloading": "1",
"flow_offloading_hw": "1",
"forward": "REJECT",
"input": "REJECT",
"output": "ACCEPT",
"syn_flood": "1",
"unknown_defaults_option": "foo"
},
"zone": [
{
"name": "lan",
"input": "ACCEPT",
"output": "ACCEPT",
"forward": "ACCEPT",
"network": [ "lan" ]
},
{
"input": "REJECT",
"output": "ACCEPT",
"forward": "REJECT",
"masq": "1",
"mtu_fix": "1",
"name": "wan",
"network": [ "wan", "wan6" ]
}
],
"forwarding": {
"dest": "wan",
"src": "lan"
},
"rule": [
{
"name": "Allow-DHCP-Renew",
"family": "ipv4",
"proto": "udp",
"src": "wan",
"dest_port": "68",
"target": "ACCEPT"
},
{
"name": "Allow-Ping",
"family": "ipv4",
"proto": "icmp",
"src": "wan",
"icmp_type": "echo-request",
"target": "ACCEPT"
},
{
"name": "Allow-IGMP",
"family": "ipv4",
"proto": "igmp",
"src": "wan",
"target": "ACCEPT"
},
{
"name": "Allow-DHCPv6",
"family": "ipv6",
"proto": "udp",
"src": "wan",
"src_ip": "fc00::/6",
"dest_ip": "fc00::/6",
"dest_port": "546",
"target": "ACCEPT"
},
{
"name": "Allow-MLD",
"family": "ipv6",
"proto": "icmp",
"src": "wan",
"src_ip": "fe80::/10",
"icmp_type": [ "130/0", "131/0", "132/0", "143/0" ],
"target": "ACCEPT"
},
{
"name": "Allow-ICMPv6-Input",
"family": "ipv6",
"proto": "icmp",
"src": "wan",
"icmp_type": [
"echo-request", "echo-reply", "destination-unreachable",
"packet-too-big", "time-exceeded", "bad-header", "unknown-header-type",
"router-solicitation", "neighbour-solicitation", "router-advertisement",
"neighbour-advertisement"
],
"limit": "1000/sec",
"target": "ACCEPT"
},
{
"name": "Allow-ICMPv6-Forward",
"family": "ipv6",
"proto": "icmp",
"src": "wan",
"dest": "*",
"icmp_type": [
"echo-request", "echo-reply", "destination-unreachable",
"packet-too-big", "time-exceeded", "bad-header", "unknown-header-type"
],
"limit": "1000/sec",
"target": "ACCEPT"
},
{
"name": "Allow-IPSec-ESP",
"proto": "esp",
"src": "wan",
"dest": "lan",
"target": "ACCEPT"
},
{
"name": "Allow-ISAKMP",
"proto": "udp",
"src": "wan",
"dest": "lan",
"dest_port": "500",
"target": "ACCEPT"
},
{
"name": "Test-Deprecated-Rule-Option",
"_name": "Test-Deprecated-Rule-Option",
"proto": "tcp",
"unknown_rule_option": "foo"
}
]
}
|
