Routers/gpt-2741gnac_root_files
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
gpt-2741gnac_root_files/_mtdblock5.img.extracted/squashfs-root/usr/script/fw_low.sh
Fijxu f6f53a3ba5 Add files
2023-11-26 03:26:24 -03:00

39 lines
2.4 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
iptables -F FIREWALL_FORWARD
iptables -Z FIREWALL_FORWARD
ip6tables -F FIREWALL_FORWARD
ip6tables -Z FIREWALL_FORWARD
iptables -t filter -A FIREWALL_FORWARD -i br+ -j RETURN
ip6tables -t filter -A FIREWALL_FORWARD -i br+ -j RETURN
iptables -t filter -A FIREWALL_FORWARD -i ! br+ -p udp -m iprange --dst-range 224.0.0.0-239.255.255.255 -j RETURN
iptables -t filter -A FIREWALL_FORWARD -j UPNP_PRE
iptables -t filter -A FIREWALL_FORWARD -j PORT_FORWARDING
iptables -t filter -A FIREWALL_FORWARD -j DEFAULT_SERVER
iptables -t filter -A FIREWALL_FORWARD -i ! br+ -j RETURN
ip6tables -t filter -A FIREWALL_FORWARD -i ! br+ -j Drop
iptables -F FIREWALL_INPUT
iptables -Z FIREWALL_INPUT
iptables -t filter -A FIREWALL_INPUT -p all -i lo -j ACCEPT
iptables -t filter -A FIREWALL_INPUT -p UDP -m multiport --dport 520 -j ACCEPT
ip6tables -F FIREWALL_INPUT
ip6tables -Z FIREWALL_INPUT
ip6tables -t filter -A FIREWALL_INPUT -p all -i lo -j ACCEPT
iptables -t filter -A FIREWALL_INPUT -i br+ -j RETURN
ip6tables -t filter -A FIREWALL_INPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
ip6tables -t filter -A FIREWALL_INPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
ip6tables -t filter -A FIREWALL_INPUT -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
ip6tables -t filter -A FIREWALL_INPUT -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
ip6tables -t filter -A FIREWALL_INPUT -i br+ -j RETURN
iptables -t filter -A FIREWALL_INPUT -i ! br+ -p UDP -m multiport --dport 67,68,500 -j RETURN
ip6tables -t filter -A FIREWALL_INPUT -i ! br+ -p UDP -m multiport --dport 546,547,500 -j RETURN
iptables -t filter -A FIREWALL_INPUT -i ! br+ -p TCP -m multiport --dport ftp,telnet,http,snmp,domain,ssh -j RETURN
iptables -t filter -A FIREWALL_INPUT -i ! br+ -p UDP -m multiport --dport ftp,telnet,http,snmp,domain,ssh -j RETURN
iptables -t filter -A FIREWALL_INPUT -i ! br+ -p ICMP --icmp-type 8 -j RETURN
ip6tables -t filter -A FIREWALL_INPUT -i ! br+ -p TCP -m multiport --dport ftp,telnet,http,snmp,domain,ssh -j RETURN
ip6tables -t filter -A FIREWALL_INPUT -i ! br+ -p UDP -m multiport --dport ftp,telnet,http,snmp,domain,ssh -j RETURN
ip6tables -t filter -A FIREWALL_INPUT -i ! br+ -p icmpv6 --icmpv6-type echo-request -j RETURN
iptables -t filter -A FIREWALL_INPUT -i ! br+ -m state --state NEW,INVALID -j DROP
ip6tables -t filter -A FIREWALL_INPUT -i ! br+ -m state --state NEW,INVALID -j DROP
Reference in a new issue View git blame Copy permalink