
config 'defaults'
	option 'syn_flood' '1'
	option 'input' 'ACCEPT'
	option 'output' 'ACCEPT'
	option 'forward' 'REJECT'

config 'zone'
	option 'name' 'lan'
	option 'network' 'lan'
	option 'input' 'ACCEPT'
	option 'output' 'ACCEPT'
	option 'forward' 'REJECT'

config 'zone'
	option 'name' 'wan'
	option 'network' 'wan'
	option 'input' 'REJECT'
	option 'output' 'ACCEPT'
	option 'forward' 'REJECT'
	option 'masq' '1'
	option 'mtu_fix' '1'

config 'forwarding'
	option 'src' 'lan'
	option 'dest' 'wan'

config 'rule'
	option 'src' 'wan'
	option 'proto' 'udp'
	option 'dest_port' '68'
	option 'target' 'ACCEPT'
	option 'family' 'ipv4'

config 'rule'
	option 'src' 'wan'
	option 'proto' 'icmp'
	option 'icmp_type' 'echo-request'
	option 'family' 'ipv4'
	option 'target' 'ACCEPT'

config 'rule'
	option 'src' 'wan'
	option 'proto' 'udp'
	option 'src_ip' 'fe80::/10'
	option 'src_port' '547'
	option 'dest_ip' 'fe80::/10'
	option 'dest_port' '546'
	option 'family' 'ipv6'
	option 'target' 'ACCEPT'

config 'rule'
	option 'src' 'wan'
	option 'proto' 'icmp'
	option 'limit' '1000/sec'
	option 'family' 'ipv6'
	option 'target' 'ACCEPT'
	list 'icmp_type' 'echo-request'
	list 'icmp_type' 'destination-unreachable'
	list 'icmp_type' 'packet-too-big'
	list 'icmp_type' 'time-exceeded'
	list 'icmp_type' 'bad-header'
	list 'icmp_type' 'unknown-header-type'
	list 'icmp_type' 'router-solicitation'
	list 'icmp_type' 'neighbour-solicitation'

config 'rule'
	option 'src' 'wan'
	option 'dest' '*'
	option 'proto' 'icmp'
	option 'limit' '1000/sec'
	option 'family' 'ipv6'
	option 'target' 'ACCEPT'
	list 'icmp_type' 'echo-request'
	list 'icmp_type' 'destination-unreachable'
	list 'icmp_type' 'packet-too-big'
	list 'icmp_type' 'time-exceeded'
	list 'icmp_type' 'bad-header'
	list 'icmp_type' 'unknown-header-type'

config 'include'
	option 'path' '/etc/firewall.user'

config 'include'
	option 'path' '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'

config 'include' 'tor_include_file'
	option 'path' '/etc/tor.firewall'

config 'dmz' 'dmz'
	option 'from' 'wan'
	option 'to_ip' '192.168.1.108'

config 'remote_accept' 'ra_223_223'
	option 'local_port' '223'
	option 'remote_port' '223'
	option 'proto' 'tcp'
	option 'zone' 'wan'

