Re: Restiriction and white list not working good
Posted: Sat Jan 12, 2019 2:15 am
by iincitr
1.11.x
1.11.X (Built 20181210-0904 git@477ea871)
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option block_static_ip_mismatches '1'
option force_router_dns '1'
option enforce_dhcp_assignments '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option src 'wan'
option proto 'igmp'
option target 'ACCEPT'
config rule
option src 'wan'
option proto 'udp'
option dest 'lan'
option dest_ip '224.0.0.0/4'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'openvpn_include_file'
option path '/etc/openvpn.firewall'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config remote_accept 'ra_443_443'
option local_port '443'
option remote_port '443'
option proto 'tcp'
option zone 'wan'
config remote_accept 'ra_80_80'
option local_port '80'
option remote_port '80'
option proto 'tcp'
option zone 'wan'
config remote_accept 'ra_22_22'
option local_port '22'
option remote_port '22'
option proto 'tcp'
option zone 'wan'
config restriction_rule 'rule_3'
option is_ingress '0'
option description 'Cuma gunu'
option not_local_addr 'd0:a6:37:92:19:2b,2C:8A:72:B8:7D:17'
option active_weekdays 'fri'
option active_hours '10:00-15:00,20:00-21:30,22:00-00'
option enabled '0'
config restriction_rule 'rule_4'
option is_ingress '0'
option description 'Gece Yasak 0:30 06:00'
option active_hours '00:30-06:00'
option enabled '0'
config restriction_rule 'rule_6'
option is_ingress '0'
option description 'herzaman internet yok'
option local_addr '88:51:FB:20:2B:88'
option enabled '1'
config restriction_rule 'rule_7'
option is_ingress '0'
option description 'GECE 02 :00 --- 06:00 ARASI ACIK'
option local_addr '04:F1:3E:7E:0B:32'
option active_weekdays 'sun,mon,tue,wed,thu,fri,sat'
option active_hours '08:00-00:00,00:01-02:00'
option enabled '0'
config restriction_rule 'rule_8'
option is_ingress '0'
option description 'apple update block'
option local_addr '04:F1:3E:7E:0B:32'
option active_hours '00:00-02:10,08:00-23:59'
option proto 'both'
option url_exact '"mesu.apple.com","appldnld.apple.com"'
option enabled '0'
config restriction_rule 'rule_5'
option is_ingress '0'
option description 'cumartesi pazar'
option local_addr '60:36:DD:63:E1:83,88:9B:39:D9:84:21'
option active_weekdays 'sun,sat'
option active_hours '10:00-15:00,17:00-22:00'
option enabled '0'
config restriction_rule 'rule_2'
option is_ingress '0'
option description 'pazar gunu'
option local_addr '60:36:DD:63:E1:83,88:9B:39:D9:84:21'
option active_weekdays 'sun'
option active_hours '10:30-16:00,17:00-22:30'
option enabled '0'
config restriction_rule 'rule_10'
option is_ingress '0'
option description 'tabletler'
option local_addr '192.168.5.177'
option enabled '0'
config restriction_rule 'rule_1'
option is_ingress '0'
option description 'genel yasak'
option local_addr '60:36:DD:63:E1:83,88:9B:39:D9:84:21,192.168.5.177'
option active_weekdays 'mon,tue,wed,thu'
option active_hours '17:30-19:00,20:30-23:45'
option enabled '1'
config whitelist_rule 'exception_1'
option is_ingress '0'
option description 'herzaman'
option local_addr '88:51:FB:20:2B:88,60:45:BD:DF:EE:CC,00:1B:77:41:9C:AA,D0:A6:37:92:19:2B'
option enabled '1'
config whitelist_rule 'exception_2'
option is_ingress '0'
option description 'All device'
option remote_addr '31.13.64.50/31,31.13.65.48/31,31.13.66.48/31,31.13.67.51/32,31.13.67.52/32,31.13.68.50/32,31.13.68.52/32,31.13.69.240/32,31.13.69.242/32,31.13.70.48/31,31.13.71.48/31,31.13.72.49/32,31.13.72.52/32,31.13.73.48/31,31.13.74.48/31,31.13.75.49/32,31.13.75.52/32,31.13.76.80/31,31.13.77.48/31,31.13.78.51/32,31.13.78.53/32,31.13.80.50/32,31.13.80.53/32,31.13.81.50/32,31.13.81.53/32,31.13.82.48/32,31.13.82.51/32,31.13.83.48/32,31.13.83.51/32,31.13.84.48/32,31.13.84.51/32,31.13.85.48/32,31.13.85.51/32,31.13.86.48/32,31.13.86.51/32,31.13.87.50/31,31.13.88.49/32,31.13.90.48/32,31.13.90.51/32,31.13.91.48/32,31.13.91.51/32,31.13.92.50/32,31.13.92.52/32,31.13.93.48/32,31.13.93.51/32,31.13.94.50/32,31.13.94.52/32,31.13.95.63/32,50.22.198.204/30,50.22.210.32/30,50.22.210.128/27,50.22.225.64/27,50.22.235.248/30,50.22.240.160/27,50.23.90.128/27,50.97.57.128/27,75.126.39.32/27,108.168.174.0/27,108.168.176.192/26,108.168.177.0/27,108.168.180.96/27,108.168.254.65/32,108.168.255.224/32,108.168.255.227/32,157.240.0.48/32,157.240.0.53/32,157.240.1.51/32,157.240.1.53/32,157.240.2.51/32,157.240.2.53/32,157.240.3.51/32,157.240.3.53/32,157.240.6.51/32,157.240.6.53/32,157.240.7.51/32,157.240.7.54/32,157.240.8.51/32,157.240.8.53/32,157.240.9.51/32,157.240.9.53/32,157.240.10.51/32,157.240.10.53/32,157.240.11.51/32,157.240.11.53/32,157.240.12.51/32,157.240.12.53/32,157.240.13.51/32,157.240.13.54/32,157.240.14.51/32,157.240.14.52/32,157.240.15.53/32,157.240.16.51/32,157.240.16.52/32,157.240.17.51/32,157.240.17.53/32,157.240.18.51/32,157.240.18.52/32,157.240.20.51/32,157.240.20.52/32,157.240.21.51/32,157.240.21.52/32,158.85.0.96/27,158.85.5.192/27,158.85.46.128/27,158.85.48.224/27,158.85.58.0/25,158.85.61.192/27,158.85.224.160/27,158.85.233.32/27,158.85.249.128/27,158.85.254.64/27,169.44.23.192/27,169.44.36.0/25,169.44.57.64/27,169.44.58.64/27,169.44.80.0/26,169.44.82.96/27,169.44.82.128/27,169.44.82.192/26,169.44.83.0/26,169.44.83.96/27,169.44.83.128/27,169.44.83.192/26,169.44.84.0/24,169.44.85.64/27,169.44.87.160/27,169.44.167.0/27,169.45.71.32/27,169.45.71.96/27,169.45.87.128/26,169.45.169.192/27,169.45.182.96/27,169.45.210.64/27,169.45.214.224/27,169.45.219.224/27,169.45.237.192/27,169.45.238.32/27,169.45.248.96/27,169.45.248.160/27,169.46.52.224/27,169.46.111.144/28,169.47.5.192/26,169.47.6.64/27,169.47.33.128/27,169.47.35.32/27,169.47.37.128/27,169.47.40.128/27,169.47.42.96/27,169.47.42.160/27,169.47.42.192/26,169.47.47.160/27,169.47.130.96/27,169.47.145.0/26,169.47.192.192/27,169.47.194.128/27,169.47.198.128/27,169.47.212.160/27,169.53.29.128/27,169.53.48.32/27,169.53.71.224/27,169.53.81.64/27,169.53.250.128/26,169.53.252.64/27,169.53.255.64/27,169.54.2.160/27,169.54.44.224/27,169.54.51.32/27,169.54.55.192/27,169.54.193.160/27,169.54.210.0/27,169.54.222.128/27,169.55.60.148/32,169.55.60.170/32,169.55.67.224/27,169.55.69.128/26,169.55.74.32/27,169.55.75.96/27,169.55.100.160/27,169.55.126.64/26,169.55.210.96/27,169.55.235.160/27,169.63.64.128/28,173.192.162.32/27,173.192.219.128/27,173.192.222.160/27,173.192.231.32/27,173.193.205.0/27,173.193.230.96/27,173.193.230.128/27,173.193.230.192/27,173.193.239.0/27,174.36.208.128/27,174.36.210.32/27,174.36.251.192/27,174.37.199.192/27,174.37.217.64/27,174.37.243.64/27,174.37.251.0/27,179.60.192.48/32,179.60.192.51/32,179.60.193.51/32,179.60.193.52/32,179.60.195.48/32,179.60.195.51/32,184.173.136.64/27,184.173.147.32/27,184.173.161.64/32,184.173.173.116/32,184.173.179.32/27,185.60.216.51/32,185.60.216.53/32,185.60.218.51/32,185.60.218.53/32,185.60.219.51/32,185.60.219.53/32,192.155.212.192/27,198.11.193.182/31,198.11.251.32/27,198.23.80.0/27,208.43.115.192/27,208.43.117.79/32,208.43.122.128/27'
option remote_port '53'
option proto 'both'
option url_domain_contains '"eba.gov.tr","whatsapp.net","whatsapp.com","google.com"'
option enabled '1'