Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Sun Feb 21, 2016 2:51 pm
Hallo! Need instruction how to do this with Putty and SSH port 1333! Step by step, please.
Gargoyle Forum
A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/
Gargoyle - Failed Stealth test @ grc.com
Page 2 of 2
Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Mon Feb 22, 2016 1:43 am
why?
Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Mon Feb 22, 2016 5:12 am
Stanislav Z wrote:Hallo! Need instruction how to do this with Putty and SSH port 1333! Step by step, please.
Hi some info here:
http://www.techrapid.co.uk/openwrt/hard ... dsup-test/
You do not need to use putty you can open the firewall file using winscp
Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Mon Feb 22, 2016 12:43 pm
Can you give step-by-step instruction for Gargoyle? There is for OpenWRT link...tapper wrote:Stanislav Z wrote:Hallo! Need instruction how to do this with Putty and SSH port 1333! Step by step, please.
Hi some info here:
http://www.techrapid.co.uk/openwrt/hard ... dsup-test/
You do not need to use putty you can open the firewall file using winscp
Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Tue Feb 23, 2016 2:31 am
Hi install WinScp
Log on to your router at 192.168.1.1
Tipe password
Go to /etc/config/firewall
It will open in the WinScp editor make your changes and then save
Mine looks like this.
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
option block_static_ip_mismatches '1'
option enforce_dhcp_assignments '1'
option force_router_dns '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'DROP'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'openvpn_include_file'
option path '/etc/openvpn.firewall'
option reload '1'
config include 'tor_include_file'
option path '/etc/tor.firewall'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
Log on to your router at 192.168.1.1
Tipe password
Go to /etc/config/firewall
It will open in the WinScp editor make your changes and then save
Mine looks like this.
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
option block_static_ip_mismatches '1'
option enforce_dhcp_assignments '1'
option force_router_dns '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'DROP'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'openvpn_include_file'
option path '/etc/openvpn.firewall'
option reload '1'
config include 'tor_include_file'
option path '/etc/tor.firewall'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Tue Feb 23, 2016 7:32 am
Great! Thank you very much, friend!
Re: Gargoyle - Failed Stealth test @ grc.com
Posted: Sat Feb 27, 2016 8:28 am
How to disable SPI (stateful packet inspection) in Gargoyle and how safe is this?