update configs
This commit is contained in:
parent
840f5e1b6e
commit
120dd31c44
|
@ -28,6 +28,7 @@ config dhcp 'lan'
|
|||
option ra 'server'
|
||||
list ra_flags 'managed-config'
|
||||
list ra_flags 'other-config'
|
||||
option ignore '1'
|
||||
|
||||
config odhcpd 'odhcpd'
|
||||
option maindhcp '0'
|
|
@ -0,0 +1,42 @@
|
|||
|
||||
config dnsmasq
|
||||
option domainneeded '1'
|
||||
option boguspriv '1'
|
||||
option filterwin2k '0'
|
||||
option localise_queries '1'
|
||||
option rebind_protection '1'
|
||||
option rebind_localhost '1'
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts '1'
|
||||
option nonegcache '0'
|
||||
option authoritative '1'
|
||||
option readethers '1'
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
|
||||
option nonwildcard '1'
|
||||
option localservice '1'
|
||||
option ednspacket_max '1232'
|
||||
|
||||
config dhcp 'lan'
|
||||
option interface 'lan'
|
||||
option start '100'
|
||||
option limit '150'
|
||||
option leasetime '12h'
|
||||
option dhcpv4 'server'
|
||||
option dhcpv6 'server'
|
||||
option ra 'server'
|
||||
list ra_flags 'managed-config'
|
||||
list ra_flags 'other-config'
|
||||
option ignore '1'
|
||||
|
||||
config dhcp 'wan'
|
||||
option interface 'wan'
|
||||
option ignore '1'
|
||||
|
||||
config odhcpd 'odhcpd'
|
||||
option maindhcp '0'
|
||||
option leasefile '/tmp/hosts/odhcpd'
|
||||
option leasetrigger '/usr/sbin/odhcpd-update'
|
||||
option loglevel '4'
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option RootPasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,189 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
# Uncomment this line to disable ipv6 rules
|
||||
# option disable_ipv6 1
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
list network 'lan'
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward ACCEPT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
list network 'wan'
|
||||
list network 'wan6'
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option name Allow-DHCP-Renew
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
option family ipv4
|
||||
|
||||
# Allow IPv4 ping
|
||||
config rule
|
||||
option name Allow-Ping
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option family ipv4
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-IGMP
|
||||
option src wan
|
||||
option proto igmp
|
||||
option family ipv4
|
||||
option target ACCEPT
|
||||
|
||||
# Allow DHCPv6 replies
|
||||
# see https://github.com/openwrt/openwrt/issues/5066
|
||||
config rule
|
||||
option name Allow-DHCPv6
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 546
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-MLD
|
||||
option src wan
|
||||
option proto icmp
|
||||
option src_ip fe80::/10
|
||||
list icmp_type '130/0'
|
||||
list icmp_type '131/0'
|
||||
list icmp_type '132/0'
|
||||
list icmp_type '143/0'
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Allow essential incoming IPv6 ICMP traffic
|
||||
config rule
|
||||
option name Allow-ICMPv6-Input
|
||||
option src wan
|
||||
option proto icmp
|
||||
list icmp_type echo-request
|
||||
list icmp_type echo-reply
|
||||
list icmp_type destination-unreachable
|
||||
list icmp_type packet-too-big
|
||||
list icmp_type time-exceeded
|
||||
list icmp_type bad-header
|
||||
list icmp_type unknown-header-type
|
||||
list icmp_type router-solicitation
|
||||
list icmp_type neighbour-solicitation
|
||||
list icmp_type router-advertisement
|
||||
list icmp_type neighbour-advertisement
|
||||
option limit 1000/sec
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Allow essential forwarded IPv6 ICMP traffic
|
||||
config rule
|
||||
option name Allow-ICMPv6-Forward
|
||||
option src wan
|
||||
option dest *
|
||||
option proto icmp
|
||||
list icmp_type echo-request
|
||||
list icmp_type echo-reply
|
||||
list icmp_type destination-unreachable
|
||||
list icmp_type packet-too-big
|
||||
list icmp_type time-exceeded
|
||||
list icmp_type bad-header
|
||||
list icmp_type unknown-header-type
|
||||
option limit 1000/sec
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-IPSec-ESP
|
||||
option src wan
|
||||
option dest lan
|
||||
option proto esp
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-ISAKMP
|
||||
option src wan
|
||||
option dest lan
|
||||
option dest_port 500
|
||||
option proto udp
|
||||
option target ACCEPT
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
# port redirect of remapped ssh port (22001) on wan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 22001
|
||||
# option dest lan
|
||||
# option dest_port 22
|
||||
# option proto tcp
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
|
@ -0,0 +1,41 @@
|
|||
|
||||
config core 'main'
|
||||
option lang 'auto'
|
||||
option mediaurlbase '/luci-static/bootstrap'
|
||||
option resourcebase '/luci-static/resources'
|
||||
option ubuspath '/ubus/'
|
||||
|
||||
config extern 'flash_keep'
|
||||
option uci '/etc/config/'
|
||||
option dropbear '/etc/dropbear/'
|
||||
option openvpn '/etc/openvpn/'
|
||||
option passwd '/etc/passwd'
|
||||
option opkg '/etc/opkg.conf'
|
||||
option firewall '/etc/firewall.user'
|
||||
option uploads '/lib/uci/upload/'
|
||||
|
||||
config internal 'languages'
|
||||
|
||||
config internal 'sauth'
|
||||
option sessionpath '/tmp/luci-sessions'
|
||||
option sessiontime '3600'
|
||||
|
||||
config internal 'ccache'
|
||||
option enable '1'
|
||||
|
||||
config internal 'themes'
|
||||
option Bootstrap '/luci-static/bootstrap'
|
||||
option BootstrapDark '/luci-static/bootstrap-dark'
|
||||
option BootstrapLight '/luci-static/bootstrap-light'
|
||||
|
||||
config internal 'apply'
|
||||
option rollback '90'
|
||||
option holdoff '4'
|
||||
option timeout '5'
|
||||
option display '1.5'
|
||||
|
||||
config internal 'diag'
|
||||
option dns 'openwrt.org'
|
||||
option ping 'openwrt.org'
|
||||
option route 'openwrt.org'
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
|
||||
config interface 'loopback'
|
||||
option device 'lo'
|
||||
option proto 'static'
|
||||
option ipaddr '127.0.0.1'
|
||||
option netmask '255.0.0.0'
|
||||
|
||||
config globals 'globals'
|
||||
option packet_steering '1'
|
||||
option ula_prefix 'fdfa:5bcd:c72e::/48'
|
||||
|
||||
config device
|
||||
option name 'br-lan'
|
||||
option type 'bridge'
|
||||
option ipv6 '0'
|
||||
list ports 'lan1'
|
||||
|
||||
config interface 'lan'
|
||||
option proto 'static'
|
||||
option device 'br-lan.1'
|
||||
option ipaddr '192.168.1.1'
|
||||
option netmask '255.255.255.0'
|
||||
option gateway '192.168.1.20'
|
||||
list dns '8.8.8.8'
|
||||
option delegate '0'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '1'
|
||||
list ports 'lan1'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '20'
|
||||
list ports 'lan1:t'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '21'
|
||||
list ports 'lan1:t'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '23'
|
||||
list ports 'lan1:t'
|
||||
|
||||
config interface 'userwifi'
|
||||
option proto 'none'
|
||||
option device 'br-lan.21'
|
||||
option defaultroute '0'
|
||||
option peerdns '0'
|
||||
option delegate '0'
|
||||
|
||||
config interface 'videowifi'
|
||||
option proto 'none'
|
||||
option device 'br-lan.23'
|
||||
option defaultroute '0'
|
||||
option peerdns '0'
|
||||
option delegate '0'
|
||||
|
||||
config device
|
||||
option name 'br-lan.1'
|
||||
option type '8021q'
|
||||
option ifname 'br-lan'
|
||||
option vid '1'
|
||||
|
||||
config device
|
||||
option name 'br-lan.20'
|
||||
option type '8021q'
|
||||
option ifname 'br-lan'
|
||||
option vid '20'
|
||||
|
||||
config device
|
||||
option name 'br-lan.21'
|
||||
option type '8021q'
|
||||
option ifname 'br-lan'
|
||||
option vid '21'
|
||||
|
||||
config device
|
||||
option name 'br-lan.23'
|
||||
option type '8021q'
|
||||
option ifname 'br-lan'
|
||||
option vid '23'
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
config rpcd
|
||||
option socket /var/run/ubus/ubus.sock
|
||||
option timeout 30
|
||||
|
||||
config login
|
||||
option username 'root'
|
||||
option password '$p$root'
|
||||
list read '*'
|
||||
list write '*'
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
|
||||
config system
|
||||
option hostname 'OpenWrt'
|
||||
option timezone 'UTC'
|
||||
option ttylogin '0'
|
||||
option log_size '64'
|
||||
option urandom_seed '0'
|
||||
option compat_version '1.1'
|
||||
|
||||
config timeserver 'ntp'
|
||||
option enabled '1'
|
||||
option enable_server '0'
|
||||
list server '0.openwrt.pool.ntp.org'
|
||||
list server '1.openwrt.pool.ntp.org'
|
||||
list server '2.openwrt.pool.ntp.org'
|
||||
list server '3.openwrt.pool.ntp.org'
|
||||
|
||||
config led 'led_wan'
|
||||
option name 'WAN'
|
||||
option sysfs 'pca963x:shelby:white:wan'
|
||||
option trigger 'netdev'
|
||||
option mode 'link tx rx'
|
||||
option dev 'wan'
|
||||
|
||||
config led 'led_usb1'
|
||||
option name 'USB 1'
|
||||
option sysfs 'pca963x:shelby:white:usb2'
|
||||
option trigger 'usbport'
|
||||
list port 'usb1-port1'
|
||||
|
||||
config led 'led_usb2'
|
||||
option name 'USB 2'
|
||||
option sysfs 'pca963x:shelby:white:usb3_1'
|
||||
option trigger 'usbport'
|
||||
list port 'usb2-port1'
|
||||
list port 'usb3-port1'
|
||||
|
||||
config led 'led_usb2_ss'
|
||||
option name 'USB 2 SS'
|
||||
option sysfs 'pca963x:shelby:white:usb3_2'
|
||||
option trigger 'usbport'
|
||||
list port 'usb3-port1'
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
|
||||
config ubootenv
|
||||
option dev '/dev/mtd1'
|
||||
option offset '0x0'
|
||||
option envsize '0x20000'
|
||||
option secsize '0x40000'
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
config network
|
||||
option init network
|
||||
list affects dhcp
|
||||
|
||||
config wireless
|
||||
list affects network
|
||||
|
||||
config firewall
|
||||
option init firewall
|
||||
list affects luci-splash
|
||||
list affects qos
|
||||
list affects miniupnpd
|
||||
|
||||
config olsr
|
||||
option init olsrd
|
||||
|
||||
config dhcp
|
||||
option init dnsmasq
|
||||
list affects odhcpd
|
||||
|
||||
config odhcpd
|
||||
option init odhcpd
|
||||
|
||||
config dropbear
|
||||
option init dropbear
|
||||
|
||||
config httpd
|
||||
option init httpd
|
||||
|
||||
config fstab
|
||||
option exec '/sbin/block mount'
|
||||
|
||||
config qos
|
||||
option init qos
|
||||
|
||||
config system
|
||||
option init led
|
||||
option exec '/etc/init.d/log reload'
|
||||
list affects luci_statistics
|
||||
list affects dhcp
|
||||
|
||||
config luci_splash
|
||||
option init luci_splash
|
||||
|
||||
config upnpd
|
||||
option init miniupnpd
|
||||
|
||||
config ntpclient
|
||||
option init ntpclient
|
||||
|
||||
config samba
|
||||
option init samba
|
||||
|
||||
config tinyproxy
|
||||
option init tinyproxy
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
|
||||
config uhttpd 'main'
|
||||
list listen_http '0.0.0.0:80'
|
||||
list listen_http '[::]:80'
|
||||
list listen_https '0.0.0.0:443'
|
||||
list listen_https '[::]:443'
|
||||
option redirect_https '0'
|
||||
option home '/www'
|
||||
option rfc1918_filter '1'
|
||||
option max_requests '3'
|
||||
option max_connections '100'
|
||||
option cert '/etc/uhttpd.crt'
|
||||
option key '/etc/uhttpd.key'
|
||||
option cgi_prefix '/cgi-bin'
|
||||
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
|
||||
option script_timeout '60'
|
||||
option network_timeout '30'
|
||||
option http_keepalive '20'
|
||||
option tcp_keepalive '1'
|
||||
option ubus_prefix '/ubus'
|
||||
|
||||
config cert 'defaults'
|
||||
option days '730'
|
||||
option key_type 'ec'
|
||||
option bits '2048'
|
||||
option ec_curve 'P-256'
|
||||
option country 'ZZ'
|
||||
option state 'Somewhere'
|
||||
option location 'Unknown'
|
||||
option commonname 'OpenWrt'
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
config wifi-device 'radio0'
|
||||
option type 'mac80211'
|
||||
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
|
||||
option channel '36'
|
||||
option band '5g'
|
||||
option htmode 'VHT80'
|
||||
option txpower '10'
|
||||
option country 'BG'
|
||||
option cell_density '0'
|
||||
|
||||
config wifi-iface 'default_radio0'
|
||||
option device 'radio0'
|
||||
option mode 'ap'
|
||||
option encryption 'none'
|
||||
option ssid 'OpenFest'
|
||||
option isolate '1'
|
||||
option macaddr '00:50:00:00:00:01'
|
||||
option network 'userwifi'
|
||||
|
||||
config wifi-device 'radio1'
|
||||
option type 'mac80211'
|
||||
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
|
||||
option channel '1'
|
||||
option band '2g'
|
||||
option htmode 'HT20'
|
||||
option txpower '10'
|
||||
option country 'BG'
|
||||
option cell_density '0'
|
||||
|
||||
config wifi-iface 'default_radio1'
|
||||
option device 'radio1'
|
||||
option mode 'ap'
|
||||
option encryption 'none'
|
||||
option ssid 'OpenFest-Legacy'
|
||||
option isolate '1'
|
||||
option macaddr '02:24:00:00:00:01'
|
||||
option network 'userwifi'
|
||||
|
||||
config wifi-iface 'wifinet2'
|
||||
option device 'radio0'
|
||||
option mode 'ap'
|
||||
option ssid 'ofvideo'
|
||||
option encryption 'sae-mixed'
|
||||
option macaddr '02:50:FF:00:00:01'
|
||||
option key 'openfest'
|
||||
option network 'videowifi'
|
||||
|
||||
config wifi-iface 'wifinet3'
|
||||
option device 'radio1'
|
||||
option mode 'ap'
|
||||
option ssid 'ofvideo'
|
||||
option encryption 'sae-mixed'
|
||||
option macaddr '02:50:FF:00:00:01'
|
||||
option key 'openfest'
|
||||
option network 'videowifi'
|
|
@ -0,0 +1,15 @@
|
|||
# OpenWRT config
|
||||
This is minimalistic config that is proven to work on each of the listed devices.
|
||||
IP: 192.168.1.1/24
|
||||
Gateway: 192.168.1.20
|
||||
DHCP server: Off
|
||||
Wi-Fi: 2.4G and 5G
|
||||
|
||||
# VLANs
|
||||
* 1:u
|
||||
* 20:t
|
||||
* 21:t
|
||||
* 23:t
|
||||
|
||||
## WARNING
|
||||
BSSIDs are not changed accordingly!!
|
|
@ -0,0 +1,42 @@
|
|||
|
||||
config dnsmasq
|
||||
option domainneeded '1'
|
||||
option boguspriv '1'
|
||||
option filterwin2k '0'
|
||||
option localise_queries '1'
|
||||
option rebind_protection '1'
|
||||
option rebind_localhost '1'
|
||||
option local '/lan/'
|
||||
option domain 'lan'
|
||||
option expandhosts '1'
|
||||
option nonegcache '0'
|
||||
option authoritative '1'
|
||||
option readethers '1'
|
||||
option leasefile '/tmp/dhcp.leases'
|
||||
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
|
||||
option nonwildcard '1'
|
||||
option localservice '1'
|
||||
option ednspacket_max '1232'
|
||||
|
||||
config dhcp 'lan'
|
||||
option interface 'lan'
|
||||
option start '100'
|
||||
option limit '150'
|
||||
option leasetime '12h'
|
||||
option dhcpv4 'server'
|
||||
list ra_flags 'managed-config'
|
||||
list ra_flags 'other-config'
|
||||
option ra 'hybrid'
|
||||
option dhcpv6 'hybrid'
|
||||
option ignore '1'
|
||||
|
||||
config dhcp 'wan'
|
||||
option interface 'wan'
|
||||
option ignore '1'
|
||||
|
||||
config odhcpd 'odhcpd'
|
||||
option maindhcp '0'
|
||||
option leasefile '/tmp/hosts/odhcpd'
|
||||
option leasetrigger '/usr/sbin/odhcpd-update'
|
||||
option loglevel '4'
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
config dropbear
|
||||
option PasswordAuth 'on'
|
||||
option RootPasswordAuth 'on'
|
||||
option Port '22'
|
||||
# option BannerFile '/etc/banner'
|
|
@ -0,0 +1,189 @@
|
|||
config defaults
|
||||
option syn_flood 1
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
# Uncomment this line to disable ipv6 rules
|
||||
# option disable_ipv6 1
|
||||
|
||||
config zone
|
||||
option name lan
|
||||
list network 'lan'
|
||||
option input ACCEPT
|
||||
option output ACCEPT
|
||||
option forward ACCEPT
|
||||
|
||||
config zone
|
||||
option name wan
|
||||
list network 'wan'
|
||||
list network 'wan6'
|
||||
option input REJECT
|
||||
option output ACCEPT
|
||||
option forward REJECT
|
||||
option masq 1
|
||||
option mtu_fix 1
|
||||
|
||||
config forwarding
|
||||
option src lan
|
||||
option dest wan
|
||||
|
||||
# We need to accept udp packets on port 68,
|
||||
# see https://dev.openwrt.org/ticket/4108
|
||||
config rule
|
||||
option name Allow-DHCP-Renew
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 68
|
||||
option target ACCEPT
|
||||
option family ipv4
|
||||
|
||||
# Allow IPv4 ping
|
||||
config rule
|
||||
option name Allow-Ping
|
||||
option src wan
|
||||
option proto icmp
|
||||
option icmp_type echo-request
|
||||
option family ipv4
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-IGMP
|
||||
option src wan
|
||||
option proto igmp
|
||||
option family ipv4
|
||||
option target ACCEPT
|
||||
|
||||
# Allow DHCPv6 replies
|
||||
# see https://github.com/openwrt/openwrt/issues/5066
|
||||
config rule
|
||||
option name Allow-DHCPv6
|
||||
option src wan
|
||||
option proto udp
|
||||
option dest_port 546
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-MLD
|
||||
option src wan
|
||||
option proto icmp
|
||||
option src_ip fe80::/10
|
||||
list icmp_type '130/0'
|
||||
list icmp_type '131/0'
|
||||
list icmp_type '132/0'
|
||||
list icmp_type '143/0'
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Allow essential incoming IPv6 ICMP traffic
|
||||
config rule
|
||||
option name Allow-ICMPv6-Input
|
||||
option src wan
|
||||
option proto icmp
|
||||
list icmp_type echo-request
|
||||
list icmp_type echo-reply
|
||||
list icmp_type destination-unreachable
|
||||
list icmp_type packet-too-big
|
||||
list icmp_type time-exceeded
|
||||
list icmp_type bad-header
|
||||
list icmp_type unknown-header-type
|
||||
list icmp_type router-solicitation
|
||||
list icmp_type neighbour-solicitation
|
||||
list icmp_type router-advertisement
|
||||
list icmp_type neighbour-advertisement
|
||||
option limit 1000/sec
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
# Allow essential forwarded IPv6 ICMP traffic
|
||||
config rule
|
||||
option name Allow-ICMPv6-Forward
|
||||
option src wan
|
||||
option dest *
|
||||
option proto icmp
|
||||
list icmp_type echo-request
|
||||
list icmp_type echo-reply
|
||||
list icmp_type destination-unreachable
|
||||
list icmp_type packet-too-big
|
||||
list icmp_type time-exceeded
|
||||
list icmp_type bad-header
|
||||
list icmp_type unknown-header-type
|
||||
option limit 1000/sec
|
||||
option family ipv6
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-IPSec-ESP
|
||||
option src wan
|
||||
option dest lan
|
||||
option proto esp
|
||||
option target ACCEPT
|
||||
|
||||
config rule
|
||||
option name Allow-ISAKMP
|
||||
option src wan
|
||||
option dest lan
|
||||
option dest_port 500
|
||||
option proto udp
|
||||
option target ACCEPT
|
||||
|
||||
|
||||
### EXAMPLE CONFIG SECTIONS
|
||||
# do not allow a specific ip to access wan
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option dest wan
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
# block a specific mac on wan
|
||||
#config rule
|
||||
# option dest wan
|
||||
# option src_mac 00:11:22:33:44:66
|
||||
# option target REJECT
|
||||
|
||||
# block incoming ICMP traffic on a zone
|
||||
#config rule
|
||||
# option src lan
|
||||
# option proto ICMP
|
||||
# option target DROP
|
||||
|
||||
# port redirect port coming in on wan to lan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 80
|
||||
# option dest lan
|
||||
# option dest_ip 192.168.16.235
|
||||
# option dest_port 80
|
||||
# option proto tcp
|
||||
|
||||
# port redirect of remapped ssh port (22001) on wan
|
||||
#config redirect
|
||||
# option src wan
|
||||
# option src_dport 22001
|
||||
# option dest lan
|
||||
# option dest_port 22
|
||||
# option proto tcp
|
||||
|
||||
### FULL CONFIG SECTIONS
|
||||
#config rule
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 80
|
||||
# option dest wan
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
||||
# option target REJECT
|
||||
|
||||
#config redirect
|
||||
# option src lan
|
||||
# option src_ip 192.168.45.2
|
||||
# option src_mac 00:11:22:33:44:55
|
||||
# option src_port 1024
|
||||
# option src_dport 80
|
||||
# option dest_ip 194.25.2.129
|
||||
# option dest_port 120
|
||||
# option proto tcp
|
|
@ -0,0 +1,41 @@
|
|||
|
||||
config core 'main'
|
||||
option lang 'auto'
|
||||
option mediaurlbase '/luci-static/bootstrap'
|
||||
option resourcebase '/luci-static/resources'
|
||||
option ubuspath '/ubus/'
|
||||
|
||||
config extern 'flash_keep'
|
||||
option uci '/etc/config/'
|
||||
option dropbear '/etc/dropbear/'
|
||||
option openvpn '/etc/openvpn/'
|
||||
option passwd '/etc/passwd'
|
||||
option opkg '/etc/opkg.conf'
|
||||
option firewall '/etc/firewall.user'
|
||||
option uploads '/lib/uci/upload/'
|
||||
|
||||
config internal 'languages'
|
||||
|
||||
config internal 'sauth'
|
||||
option sessionpath '/tmp/luci-sessions'
|
||||
option sessiontime '3600'
|
||||
|
||||
config internal 'ccache'
|
||||
option enable '1'
|
||||
|
||||
config internal 'themes'
|
||||
option Bootstrap '/luci-static/bootstrap'
|
||||
option BootstrapDark '/luci-static/bootstrap-dark'
|
||||
option BootstrapLight '/luci-static/bootstrap-light'
|
||||
|
||||
config internal 'apply'
|
||||
option rollback '90'
|
||||
option holdoff '4'
|
||||
option timeout '5'
|
||||
option display '1.5'
|
||||
|
||||
config internal 'diag'
|
||||
option dns 'openwrt.org'
|
||||
option ping 'openwrt.org'
|
||||
option route 'openwrt.org'
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
|
||||
config interface 'loopback'
|
||||
option device 'lo'
|
||||
option proto 'static'
|
||||
option ipaddr '127.0.0.1'
|
||||
option netmask '255.0.0.0'
|
||||
|
||||
config globals 'globals'
|
||||
option packet_steering '1'
|
||||
option ula_prefix 'fdfa:5bcd:c72e::/48'
|
||||
|
||||
config device
|
||||
option name 'br-lan'
|
||||
option type 'bridge'
|
||||
option ipv6 '0'
|
||||
list ports 'lan0'
|
||||
|
||||
config interface 'lan'
|
||||
option proto 'static'
|
||||
option device 'br-lan.1'
|
||||
option ipaddr '192.168.1.1'
|
||||
option netmask '255.255.255.0'
|
||||
option gateway '192.168.1.20'
|
||||
list dns '8.8.8.8'
|
||||
option delegate '0'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '1'
|
||||
list ports 'lan0'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '20'
|
||||
list ports 'lan0:t'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '21'
|
||||
list ports 'lan0:t'
|
||||
|
||||
config bridge-vlan
|
||||
option device 'br-lan'
|
||||
option vlan '23'
|
||||
list ports 'lan0:t'
|
||||
|
||||
config interface 'userwifi'
|
||||
option proto 'none'
|
||||
option device 'br-lan.21'
|
||||
option defaultroute '0'
|
||||
option peerdns '0'
|
||||
option delegate '0'
|
||||
|
||||
config interface 'videowifi'
|
||||
option proto 'none'
|
||||
option device 'br-lan.23'
|
||||
option defaultroute '0'
|
||||
option peerdns '0'
|
||||
option delegate '0'
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
config rpcd
|
||||
option socket /var/run/ubus/ubus.sock
|
||||
option timeout 30
|
||||
|
||||
config login
|
||||
option username 'root'
|
||||
option password '$p$root'
|
||||
list read '*'
|
||||
list write '*'
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
|
||||
config system
|
||||
option hostname 'OpenWrt'
|
||||
option timezone 'UTC'
|
||||
option ttylogin '0'
|
||||
option log_size '64'
|
||||
option urandom_seed '0'
|
||||
option compat_version '1.1'
|
||||
|
||||
config timeserver 'ntp'
|
||||
option enabled '1'
|
||||
option enable_server '0'
|
||||
list server '0.openwrt.pool.ntp.org'
|
||||
list server '1.openwrt.pool.ntp.org'
|
||||
list server '2.openwrt.pool.ntp.org'
|
||||
list server '3.openwrt.pool.ntp.org'
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
config network
|
||||
option init network
|
||||
list affects dhcp
|
||||
|
||||
config wireless
|
||||
list affects network
|
||||
|
||||
config firewall
|
||||
option init firewall
|
||||
list affects luci-splash
|
||||
list affects qos
|
||||
list affects miniupnpd
|
||||
|
||||
config olsr
|
||||
option init olsrd
|
||||
|
||||
config dhcp
|
||||
option init dnsmasq
|
||||
list affects odhcpd
|
||||
|
||||
config odhcpd
|
||||
option init odhcpd
|
||||
|
||||
config dropbear
|
||||
option init dropbear
|
||||
|
||||
config httpd
|
||||
option init httpd
|
||||
|
||||
config fstab
|
||||
option exec '/sbin/block mount'
|
||||
|
||||
config qos
|
||||
option init qos
|
||||
|
||||
config system
|
||||
option init led
|
||||
option exec '/etc/init.d/log reload'
|
||||
list affects luci_statistics
|
||||
list affects dhcp
|
||||
|
||||
config luci_splash
|
||||
option init luci_splash
|
||||
|
||||
config upnpd
|
||||
option init miniupnpd
|
||||
|
||||
config ntpclient
|
||||
option init ntpclient
|
||||
|
||||
config samba
|
||||
option init samba
|
||||
|
||||
config tinyproxy
|
||||
option init tinyproxy
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
|
||||
config uhttpd 'main'
|
||||
list listen_http '0.0.0.0:80'
|
||||
list listen_http '[::]:80'
|
||||
list listen_https '0.0.0.0:443'
|
||||
list listen_https '[::]:443'
|
||||
option redirect_https '0'
|
||||
option home '/www'
|
||||
option rfc1918_filter '1'
|
||||
option max_requests '3'
|
||||
option max_connections '100'
|
||||
option cert '/etc/uhttpd.crt'
|
||||
option key '/etc/uhttpd.key'
|
||||
option cgi_prefix '/cgi-bin'
|
||||
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
|
||||
option script_timeout '60'
|
||||
option network_timeout '30'
|
||||
option http_keepalive '20'
|
||||
option tcp_keepalive '1'
|
||||
option ubus_prefix '/ubus'
|
||||
|
||||
config cert 'defaults'
|
||||
option days '730'
|
||||
option key_type 'ec'
|
||||
option bits '2048'
|
||||
option ec_curve 'P-256'
|
||||
option country 'ZZ'
|
||||
option state 'Somewhere'
|
||||
option location 'Unknown'
|
||||
option commonname 'OpenWrt'
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
|
||||
config wifi-device 'radio0'
|
||||
option type 'mac80211'
|
||||
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
|
||||
option country 'BG'
|
||||
option cell_density '0'
|
||||
option channel 'auto'
|
||||
option htmode 'HT20'
|
||||
option band '2g'
|
||||
option txpower '20'
|
||||
|
||||
config wifi-iface 'default_radio0'
|
||||
option device 'radio0'
|
||||
option mode 'ap'
|
||||
option encryption 'none'
|
||||
option ssid 'OpenFest-Legacy'
|
||||
option isolate '1'
|
||||
option macaddr '02:24:00:00:00:01'
|
||||
option network 'userwifi'
|
||||
|
||||
config wifi-device 'radio1'
|
||||
option type 'mac80211'
|
||||
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
|
||||
option country 'BG'
|
||||
option cell_density '0'
|
||||
option htmode 'VHT40'
|
||||
option band '5g'
|
||||
option channel 'auto'
|
||||
option txpower '20'
|
||||
|
||||
config wifi-iface 'default_radio1'
|
||||
option device 'radio1'
|
||||
option mode 'ap'
|
||||
option encryption 'none'
|
||||
option ssid 'OpenFest'
|
||||
option isolate '1'
|
||||
option macaddr '00:50:00:00:00:01'
|
||||
option network 'userwifi'
|
||||
|
||||
config wifi-iface 'wifinet2'
|
||||
option device 'radio0'
|
||||
option mode 'ap'
|
||||
option ssid 'ofvideo'
|
||||
option encryption 'sae-mixed'
|
||||
option macaddr '02:50:FF:00:00:01'
|
||||
option key 'openfest'
|
||||
option network 'videowifi'
|
||||
|
||||
config wifi-iface 'wifinet3'
|
||||
option device 'radio1'
|
||||
option mode 'ap'
|
||||
option ssid 'ofvideo'
|
||||
option encryption 'sae-mixed'
|
||||
option macaddr '02:50:FF:00:00:01'
|
||||
option key 'openfest'
|
||||
option network 'videowifi'
|
||||
|
Loading…
Reference in New Issue