Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity
97e4cc547a
Jafner.net/active projects/homelab/wizard/config/firewall.sh
Joey Hafner 97e4cc547a
Init Jafner.net monorepo from constituent repos: 
1. homelab [Gitea](https://gitea.jafner.tools/Jafner/homelab), [Github (docker_config)](https://github.com/Jafner/docker_config), [Github (wiki)](https://github.com/Jafner/wiki), [Github (cloud_tools)](https://github.com/Jafner/cloud_tools), [Github (self-hosting)](https://github.com/Jafner/self-hosting).
   - Rename? Jafner.net? Wouldn't that be `Jafner/Jafner.net/Jafner.net`?
2. Jafner.dev [Github](https://github.com/Jafner/Jafner.dev).
3. dotfiles [Gitea](https://gitea.jafner.tools/Jafner/dotfiles), [Github](https://github.com/Jafner/dotfiles).
4. nvgm [Gitea](https://gitea.jafner.tools/Jafner/nvgm)
5. pamidi [Gitea](https://gitea.jafner.tools/Jafner/pamidi), [Github](https://github.com/Jafner/pamidi)
6. docker-llm-amd [Gitea](https://gitea.jafner.tools/Jafner/docker-llm-amd)
7. doradash [Gitea](https://gitea.jafner.tools/Jafner/doradash)
8. clip-it-and-ship-it [Gitea (PyClipIt)](https://gitea.jafner.tools/Jafner/PyClipIt), [Github](https://github.com/Jafner/clip-it-and-ship-it).
9. razer battery led [Github](https://github.com/Jafner/Razer-BatteryLevelRGB)
10. 5etools-docker [Github](https://github.com/Jafner/5etools-docker)
11. jafner-homebrew [Github](https://github.com/Jafner/jafner-homebrew)
2024-07-15 15:35:16 -07:00

123 lines
7.3 KiB
Bash
Raw Blame History

set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
set firewall global-options ipv6-receive-redirects 'disable'
set firewall global-options ipv6-src-route 'disable'
set firewall global-options log-martians 'enable'
set firewall global-options receive-redirects 'disable'
set firewall global-options send-redirects 'enable'
set firewall global-options source-validation 'disable'
set firewall global-options syn-cookies 'enable'
set firewall group interface-group IG_LAN interface 'eth6'
set firewall group interface-group IG_WAN interface 'pppoe1'
set firewall ipv4 forward filter default-action 'accept'
set firewall ipv4 forward filter rule 5 action 'jump'
set firewall ipv4 forward filter rule 5 inbound-interface name 'pppoe1'
set firewall ipv4 forward filter rule 5 jump-target 'WAN_IN'
set firewall ipv4 forward filter rule 101 action 'accept'
set firewall ipv4 forward filter rule 101 inbound-interface group 'IG_LAN'
set firewall ipv4 forward filter rule 101 outbound-interface group 'IG_LAN'
set firewall ipv4 forward filter rule 106 action 'jump'
set firewall ipv4 forward filter rule 106 inbound-interface group 'IG_WAN'
set firewall ipv4 forward filter rule 106 jump-target 'WAN_IN'
set firewall ipv4 forward filter rule 106 outbound-interface group 'IG_LAN'
set firewall ipv4 forward filter rule 111 action 'drop'
set firewall ipv4 forward filter rule 111 description 'zone_LAN default-action'
set firewall ipv4 forward filter rule 111 outbound-interface group 'IG_LAN'
set firewall ipv4 forward filter rule 116 action 'accept'
set firewall ipv4 forward filter rule 116 inbound-interface group 'IG_WAN'
set firewall ipv4 forward filter rule 116 outbound-interface group 'IG_WAN'
set firewall ipv4 forward filter rule 121 action 'jump'
set firewall ipv4 forward filter rule 121 inbound-interface group 'IG_LAN'
set firewall ipv4 forward filter rule 121 jump-target 'IN_WAN'
set firewall ipv4 forward filter rule 121 outbound-interface group 'IG_WAN'
set firewall ipv4 forward filter rule 126 action 'drop'
set firewall ipv4 forward filter rule 126 description 'zone_WAN default-action'
set firewall ipv4 forward filter rule 126 outbound-interface group 'IG_WAN'
set firewall ipv4 input filter default-action 'accept'
set firewall ipv4 input filter rule 5 action 'jump'
set firewall ipv4 input filter rule 5 inbound-interface name 'pppoe1'
set firewall ipv4 input filter rule 5 jump-target 'WAN_LOCAL'
set firewall ipv4 input filter rule 101 action 'jump'
set firewall ipv4 input filter rule 101 inbound-interface group 'IG_LAN'
set firewall ipv4 input filter rule 101 jump-target 'IN_LOCAL'
set firewall ipv4 input filter rule 106 action 'jump'
set firewall ipv4 input filter rule 106 inbound-interface group 'IG_WAN'
set firewall ipv4 input filter rule 106 jump-target 'WAN_LOCAL'
set firewall ipv4 input filter rule 111 action 'drop'
set firewall ipv4 name IN_LOCAL default-action 'accept'
set firewall ipv4 name IN_WAN default-action 'accept'
set firewall ipv4 name LOCAL_IN default-action 'accept'
set firewall ipv4 name LOCAL_WAN default-action 'accept'
set firewall ipv4 name WAN_IN default-action 'drop'
set firewall ipv4 name WAN_IN description 'WAN to internal'
set firewall ipv4 name WAN_IN rule 10 action 'accept'
set firewall ipv4 name WAN_IN rule 10 description 'Allow established/related'
set firewall ipv4 name WAN_IN rule 10 state 'established'
set firewall ipv4 name WAN_IN rule 10 state 'related'
set firewall ipv4 name WAN_IN rule 20 action 'drop'
set firewall ipv4 name WAN_IN rule 20 description 'Drop invalid state'
set firewall ipv4 name WAN_IN rule 20 state 'invalid'
set firewall ipv4 name WAN_IN rule 1000 action 'accept'
set firewall ipv4 name WAN_IN rule 1000 description 'Plex'
set firewall ipv4 name WAN_IN rule 1000 destination port '32400'
set firewall ipv4 name WAN_IN rule 1000 protocol 'tcp_udp'
set firewall ipv4 name WAN_IN rule 1000 state 'new'
set firewall ipv4 name WAN_IN rule 1001 action 'accept'
set firewall ipv4 name WAN_IN rule 1001 description 'BitTorrent'
set firewall ipv4 name WAN_IN rule 1001 destination port '49500'
set firewall ipv4 name WAN_IN rule 1001 protocol 'tcp_udp'
set firewall ipv4 name WAN_IN rule 1001 state 'new'
set firewall ipv4 name WAN_IN rule 1002 action 'accept'
set firewall ipv4 name WAN_IN rule 1002 description 'WireGuard'
set firewall ipv4 name WAN_IN rule 1002 destination port '53820-53829'
set firewall ipv4 name WAN_IN rule 1002 protocol 'tcp_udp'
set firewall ipv4 name WAN_IN rule 1002 state 'new'
set firewall ipv4 name WAN_IN rule 1003 action 'accept'
set firewall ipv4 name WAN_IN rule 1003 description 'Minecraft'
set firewall ipv4 name WAN_IN rule 1003 destination port '25565'
set firewall ipv4 name WAN_IN rule 1003 protocol 'tcp_udp'
set firewall ipv4 name WAN_IN rule 1003 state 'new'
set firewall ipv4 name WAN_IN rule 1005 action 'accept'
set firewall ipv4 name WAN_IN rule 1005 description 'Web'
set firewall ipv4 name WAN_IN rule 1005 destination port '443,80'
set firewall ipv4 name WAN_IN rule 1005 protocol 'tcp_udp'
set firewall ipv4 name WAN_IN rule 1005 state 'new'
set firewall ipv4 name WAN_LOCAL default-action 'drop'
set firewall ipv4 name WAN_LOCAL description 'WAN to router'
set firewall ipv4 name WAN_LOCAL rule 10 action 'accept'
set firewall ipv4 name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall ipv4 name WAN_LOCAL rule 10 state 'established'
set firewall ipv4 name WAN_LOCAL rule 10 state 'related'
set firewall ipv4 name WAN_LOCAL rule 20 action 'accept'
set firewall ipv4 name WAN_LOCAL rule 20 protocol 'icmp'
set firewall ipv4 name WAN_LOCAL rule 20 state 'new'
set firewall ipv4 name WAN_LOCAL rule 30 action 'drop'
set firewall ipv4 name WAN_LOCAL rule 30 description 'Drop invalid state'
set firewall ipv4 name WAN_LOCAL rule 30 state 'invalid'
set firewall ipv4 output filter default-action 'accept'
set firewall ipv4 output filter rule 101 action 'jump'
set firewall ipv4 output filter rule 101 jump-target 'LOCAL_IN'
set firewall ipv4 output filter rule 101 outbound-interface group 'IG_LAN'
set firewall ipv4 output filter rule 106 action 'jump'
set firewall ipv4 output filter rule 106 jump-target 'LOCAL_WAN'
set firewall ipv4 output filter rule 106 outbound-interface group 'IG_WAN'
set firewall ipv4 output filter rule 111 action 'drop'
set firewall ipv6 forward filter default-action 'accept'
set firewall ipv6 forward filter rule 101 action 'accept'
set firewall ipv6 forward filter rule 101 inbound-interface group 'IG_LAN'
set firewall ipv6 forward filter rule 101 outbound-interface group 'IG_LAN'
set firewall ipv6 forward filter rule 106 action 'drop'
set firewall ipv6 forward filter rule 106 description 'zone_LAN default-action'
set firewall ipv6 forward filter rule 106 outbound-interface group 'IG_LAN'
set firewall ipv6 forward filter rule 111 action 'accept'
set firewall ipv6 forward filter rule 111 inbound-interface group 'IG_WAN'
set firewall ipv6 forward filter rule 111 outbound-interface group 'IG_WAN'
set firewall ipv6 forward filter rule 116 action 'drop'
set firewall ipv6 forward filter rule 116 description 'zone_WAN default-action'
set firewall ipv6 forward filter rule 116 outbound-interface group 'IG_WAN'
set firewall ipv6 input filter default-action 'accept'
set firewall ipv6 input filter rule 101 action 'drop'
set firewall ipv6 output filter default-action 'accept'
set firewall ipv6 output filter rule 101 action 'drop'
Reference in New Issue View Git Blame Copy Permalink