Keresés: - OpenWRT topic - PROHARDVER! Hozzászólások

Hirdetés

Legfrissebb anyagok

PROHARDVER! témák

Mobilarena témák

IT café témák

GAMEPOD témák

LOGOUT témák

Keresés

Téma összefoglaló

Utoljára frissítve: 2023-12-13 05:19

PROHARDVER!

OpenWrt topic

Új hozzászólás Aktív témák

#20192 KergeTomi csendes újonc vargalex #20191

Új Válasz 2024-09-13 12:46:10 #20192
Új hozzászólás
Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
Privát üzenet küldése

KergeTomi

csendes újonc

válasz vargalex #20191 üzenetére

Tudom, hogy OpenWRT, csak ott nem kell kézzel hegeszteni a tűzfalszabályokat, emiatt írtam, illetve már nem tudtam mit kezdeni a Luci alatt.
Firewall:
config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' list network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'wan' list network 'wan' list network 'wan6' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config rule option name 'Support-UDP-Traceroute' option src 'wan' option dest_port '33434:33689' option proto 'udp' option family 'ipv4' option target 'REJECT' option enabled 'false' config include option path '/etc/firewall.user' option reload '1' config include option type 'script' option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall' option family 'any' option reload '1' config include 'wireguard_include_file' option path '/etc/wireguard.firewall' option reload '1' config zone 'wg_zone' option name 'wg' option device 'wg0' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option mtu_fix '1' option masq '1' config forwarding 'wg_lan_forwarding' option src 'lan' option dest 'wg' config forwarding 'lan_wg_forwarding' option src 'wg' option dest 'lan' config remote_accept 'ra_wireguard' option zone 'wan' option local_port '1194' option remote_port '1194' option proto 'udp' config forwarding 'wg_wan_forwarding' option src 'wg' option dest 'wan'
Network:
config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fdb::/48' config device 'brlan_dev' option name 'br-lan' option type 'bridge' list ports 'eth0.1' config interface 'lan' option device 'br-lan' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '192.168.10.1' option ip6ifaceid '::1' option dns '192.168.10.1' config device 'wan_eth0_2_dev' option name 'eth0.2' option macaddr '' config interface 'wan' option device 'eth0.2' option proto 'dhcp' option ipv6 '0' config interface 'wan6' option device 'eth0.2' option proto 'none' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '1 2 3 4 6t' config switch_vlan option device 'switch0' option vlan '2' option ports '0 6t' config interface 'wg0' option proto 'wireguard' option private_key '' option listen_port '1194' list addresses '192.168.11.1/24' config wireguard_wg0 'phone' option public_key '' list allowed_ips '192.168.11.10/32' list allowed_ips '192.168.2.0/24' option route_allowed_ips '1'
wireguard_gargoyle:
config server 'server' option submask '255.255.255.0' option lan_access 'true' option all_client_traffic 'true' option enabled '1' option ip '192.168.11.1' option port '1194' option c2c 'true' option private_key '' option public_key '' config client 'client' option enabled '0' option ip '10.64.0.2' option allow_nonwg_traffic 'true' config allowed_client 'phone' option id 'phone' option name 'phone' option ip '192.168.11.10' option remote 'valami.ddnsfree.com' option subnet_ip '192.168.2.0' option subnet_mask '255.255.255.0' option public_key '' option enabled '1'