1 files changed, 80 insertions, 0 deletions

diff --git a/package/firewall/files/firewall.config b/package/firewall/files/firewall.config
new file mode 100755
index 000000000..073169013
--- /dev/null
+++ b/package/firewall/files/firewall.config
@@ -0,0 +1,80 @@
+config defaults
+	option syn_flood	1
+	option input		DROP 
+	option output		ACCEPT 
+	option forward		DROP 
+
+config zone
+	option name		lan
+	option input	ACCEPT 
+	option output	ACCEPT 
+	option forward	DROP 
+
+config zone
+	option name		wan
+	option input	DROP 
+	option output	ACCEPT 
+	option forward	DROP 
+	option masq		1 
+
+config forwarding 
+	option src      lan
+	option dest     wan
+
+
+### EXAMPLE CONFIG SECTIONS
+# do not allow a specific ip to access wan
+#config rule
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option dest		wan
+#	option proto	tcp
+#	option target	REJECT 
+
+# block a specific mac on wan
+#config rule
+#	option dest		wan
+#	option src_mac	00:11:22:33:44:66
+#	option target	REJECT 
+
+# block incoming ICMP traffic on a zone
+#config rule
+#	option src		lan
+#	option proto	ICMP
+#	option target	DROP
+
+# port redirect port coming in on wan to lan
+#config redirect
+#	option src			wan
+#	option src_dport	80
+#	option dest			lan
+#	option dest_ip		192.168.16.235
+#	option dest_port	80 
+#	option protocol		tcp
+
+# include a file with users custom iptables rules
+#config include
+#	option path /etc/firewall.user
+
+
+### FULL CONFIG SECTIONS
+#config rule
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option src_mac	00:11:22:33:44:55
+#	option src_port	80
+#	option dest		wan
+#	option dest_ip	194.25.2.129
+#	option dest_port	120
+#	option proto	tcp
+#	option target	REJECT 
+
+#config redirect
+#	option src		lan
+#	option src_ip	192.168.45.2
+#	option src_mac	00:11:22:33:44:55
+#	option src_port		1024
+#	option src_dport	80
+#	option dest_ip	194.25.2.129
+#	option dest_port	120
+#	option proto	tcp