milkymist-files/data/m1/files/etc/config/firewall |
1 | | |
2 | | config 'defaults' |
3 | | option 'syn_flood' '1' |
4 | | option 'input' 'ACCEPT' |
5 | | option 'output' 'ACCEPT' |
6 | | option 'forward' 'REJECT' |
7 | | |
8 | | config 'zone' |
9 | | option 'name' 'lan' |
10 | | option 'network' 'lan' |
11 | | option 'input' 'ACCEPT' |
12 | | option 'output' 'ACCEPT' |
13 | | option 'forward' 'REJECT' |
14 | | |
15 | | config 'zone' |
16 | | option 'name' 'wan' |
17 | | option 'input' 'REJECT' |
18 | | option 'output' 'ACCEPT' |
19 | | option 'forward' 'REJECT' |
20 | | option 'masq' '1' |
21 | | option 'mtu_fix' '1' |
22 | | option 'network' 'wan wwan' |
23 | | |
24 | | config 'forwarding' |
25 | | option 'src' 'lan' |
26 | | option 'dest' 'wan' |
27 | | |
28 | | config 'rule' |
29 | | option 'name' 'Allow-DHCP-Renew' |
30 | | option 'src' 'wan' |
31 | | option 'proto' 'udp' |
32 | | option 'dest_port' '68' |
33 | | option 'target' 'ACCEPT' |
34 | | option 'family' 'ipv4' |
35 | | |
36 | | config 'rule' |
37 | | option 'name' 'Allow-Ping' |
38 | | option 'src' 'wan' |
39 | | option 'proto' 'icmp' |
40 | | option 'icmp_type' 'echo-request' |
41 | | option 'family' 'ipv4' |
42 | | option 'target' 'ACCEPT' |
43 | | |
44 | | config 'rule' |
45 | | option 'name' 'Allow-DHCPv6' |
46 | | option 'src' 'wan' |
47 | | option 'proto' 'udp' |
48 | | option 'src_ip' 'fe80::/10' |
49 | | option 'src_port' '547' |
50 | | option 'dest_ip' 'fe80::/10' |
51 | | option 'dest_port' '546' |
52 | | option 'family' 'ipv6' |
53 | | option 'target' 'ACCEPT' |
54 | | |
55 | | config 'rule' |
56 | | option 'name' 'Allow-ICMPv6-Input' |
57 | | option 'src' 'wan' |
58 | | option 'proto' 'icmp' |
59 | | list 'icmp_type' 'echo-request' |
60 | | list 'icmp_type' 'destination-unreachable' |
61 | | list 'icmp_type' 'packet-too-big' |
62 | | list 'icmp_type' 'time-exceeded' |
63 | | list 'icmp_type' 'bad-header' |
64 | | list 'icmp_type' 'unknown-header-type' |
65 | | list 'icmp_type' 'router-solicitation' |
66 | | list 'icmp_type' 'neighbour-solicitation' |
67 | | option 'limit' '1000/sec' |
68 | | option 'family' 'ipv6' |
69 | | option 'target' 'ACCEPT' |
70 | | |
71 | | config 'rule' |
72 | | option 'name' 'Allow-ICMPv6-Forward' |
73 | | option 'src' 'wan' |
74 | | option 'dest' '*' |
75 | | option 'proto' 'icmp' |
76 | | list 'icmp_type' 'echo-request' |
77 | | list 'icmp_type' 'destination-unreachable' |
78 | | list 'icmp_type' 'packet-too-big' |
79 | | list 'icmp_type' 'time-exceeded' |
80 | | list 'icmp_type' 'bad-header' |
81 | | list 'icmp_type' 'unknown-header-type' |
82 | | option 'limit' '1000/sec' |
83 | | option 'family' 'ipv6' |
84 | | option 'target' 'ACCEPT' |
85 | | |
86 | | config 'include' |
87 | | option 'path' '/etc/firewall.user' |
88 | | |
89 | | config 'zone' |
90 | | option 'name' 'newzone' |
91 | | option 'input' 'ACCEPT' |
92 | | option 'forward' 'REJECT' |
93 | | option 'network' ' ' |
94 | | option 'output' 'ACCEPT' |
95 | | |
96 | | config 'rule' |
97 | | option 'target' 'ACCEPT' |
98 | | option 'src' 'wan' |
99 | | option 'dest_port' '22' |
100 | | option 'name' 'ssh' |
101 | | option 'family' 'ipv4' |
102 | | option 'proto' 'tcp udp' |
103 | | |
104 | | config 'rule' |
105 | | option 'target' 'ACCEPT' |
106 | | option 'src' 'wan' |
107 | | option 'dest_port' '80' |
108 | | option 'name' 'web' |
109 | | option 'family' 'ipv4' |
110 | | option 'proto' 'tcp udp' |
111 | | |
112 | | config 'redirect' |
113 | | option 'target' 'DNAT' |
114 | | option 'src' 'wan' |
115 | | option 'dest' 'lan' |
116 | | option 'proto' 'tcp udp' |
117 | | option 'src_dport' '4444' |
118 | | option 'dest_ip' '192.168.42.100' |
119 | | option 'dest_port' '4444' |
120 | | option 'name' 'osc' |
121 | | |
122 | | config 'redirect' |
123 | | option 'target' 'DNAT' |
124 | | option 'src' 'wan' |
125 | | option 'dest' 'lan' |
126 | | option 'proto' 'tcp' |
127 | | option 'src_dport' '21' |
128 | | option 'dest_ip' '192.168.42.100' |
129 | | option 'dest_port' '21' |
130 | | option 'name' 'ftp' |
131 | | |
132 | | config 'redirect' |
133 | | option 'target' 'DNAT' |
134 | | option 'src' 'wan' |
135 | | option 'dest' 'lan' |
136 | | option 'proto' 'tcp udp' |
137 | | option 'src_dport' '23' |
138 | | option 'dest_ip' '192.168.42.100' |
139 | | option 'dest_port' '23' |
140 | | option 'name' 'telnet' |
141 | | |
142 | | config rule |
143 | | option target 'ACCEPT' |
144 | | option src 'wan' |
145 | | option proto 'tcp udp' |
146 | | option dest_port '8080' |
147 | | option name 'mjpg' |
milkymist-files/data/m1/files/etc/config/uhttpd |
1 | | # Server configuration |
2 | | config uhttpd main |
3 | | |
4 | | # HTTP listen addresses, multiple allowed |
5 | | list listen_http 0.0.0.0:80 |
6 | | # list listen_http [::]:80 |
7 | | |
8 | | # HTTPS listen addresses, multiple allowed |
9 | | list listen_https 0.0.0.0:443 |
10 | | # list listen_https [::]:443 |
11 | | |
12 | | # Server document root |
13 | | option home /www |
14 | | |
15 | | # Reject requests from RFC1918 IP addresses |
16 | | # directed to the servers public IP(s). |
17 | | # This is a DNS rebinding countermeasure. |
18 | | option rfc1918_filter 1 |
19 | | |
20 | | # Certificate and private key for HTTPS. |
21 | | # If no listen_https addresses are given, |
22 | | # the key options are ignored. |
23 | | option cert /etc/uhttpd.crt |
24 | | option key /etc/uhttpd.key |
25 | | |
26 | | # CGI url prefix, will be searched in docroot. |
27 | | # Default is /cgi-bin |
28 | | option cgi_prefix /cgi-bin |
29 | | |
30 | | # List of extension->interpreter mappings. |
31 | | # Files with an associated interpreter can |
32 | | # be called outside of the CGI prefix and do |
33 | | # not need to be executable. |
34 | | # list interpreter ".php=/usr/bin/php-cgi" |
35 | | # list interpreter ".cgi=/usr/bin/perl" |
36 | | |
37 | | # Lua url prefix and handler script. |
38 | | # Lua support is disabled if no prefix given. |
39 | | # option lua_prefix /luci |
40 | | # option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua |
41 | | |
42 | | # CGI/Lua timeout, if the called script does not |
43 | | # write data within the given amount of seconds, |
44 | | # the server will terminate the request with |
45 | | # 504 Gateway Timeout response. |
46 | | option script_timeout 60 |
47 | | |
48 | | # Network timeout, if the current connection is |
49 | | # blocked for the specified amount of seconds, |
50 | | # the server will terminate the associated |
51 | | # request process. |
52 | | option network_timeout 30 |
53 | | |
54 | | # TCP Keep-Alive, send periodic keep-alive probes |
55 | | # over established connections to detect dead peers. |
56 | | # The value is given in seconds to specify the |
57 | | # interval between subsequent probes. |
58 | | # Setting this to 0 will disable TCP keep-alive. |
59 | | option tcp_keepalive 1 |
60 | | |
61 | | # Basic auth realm, defaults to local hostname |
62 | | # option realm OpenWrt |
63 | | |
64 | | # Configuration file in busybox httpd format |
65 | | # option config /etc/httpd.conf |
66 | | |
67 | | |
68 | | # Certificate defaults for px5g key generator |
69 | | config cert px5g |
70 | | |
71 | | # Validity time |
72 | | option days 730 |
73 | | |
74 | | # RSA key size |
75 | | option bits 1024 |
76 | | |
77 | | # Location |
78 | | option country DE |
79 | | option state Berlin |
80 | | option location Berlin |
81 | | |
82 | | # Common name |
83 | | option commonname OpenWrt |
84 | | |
milkymist-files/files/etc/config/firewall |
| 1 | |
| 2 | config 'defaults' |
| 3 | option 'syn_flood' '1' |
| 4 | option 'input' 'ACCEPT' |
| 5 | option 'output' 'ACCEPT' |
| 6 | option 'forward' 'REJECT' |
| 7 | |
| 8 | config 'zone' |
| 9 | option 'name' 'lan' |
| 10 | option 'network' 'lan' |
| 11 | option 'input' 'ACCEPT' |
| 12 | option 'output' 'ACCEPT' |
| 13 | option 'forward' 'REJECT' |
| 14 | |
| 15 | config 'zone' |
| 16 | option 'name' 'wan' |
| 17 | option 'input' 'REJECT' |
| 18 | option 'output' 'ACCEPT' |
| 19 | option 'forward' 'REJECT' |
| 20 | option 'masq' '1' |
| 21 | option 'mtu_fix' '1' |
| 22 | option 'network' 'wan wwan' |
| 23 | |
| 24 | config 'forwarding' |
| 25 | option 'src' 'lan' |
| 26 | option 'dest' 'wan' |
| 27 | |
| 28 | config 'rule' |
| 29 | option 'name' 'Allow-DHCP-Renew' |
| 30 | option 'src' 'wan' |
| 31 | option 'proto' 'udp' |
| 32 | option 'dest_port' '68' |
| 33 | option 'target' 'ACCEPT' |
| 34 | option 'family' 'ipv4' |
| 35 | |
| 36 | config 'rule' |
| 37 | option 'name' 'Allow-Ping' |
| 38 | option 'src' 'wan' |
| 39 | option 'proto' 'icmp' |
| 40 | option 'icmp_type' 'echo-request' |
| 41 | option 'family' 'ipv4' |
| 42 | option 'target' 'ACCEPT' |
| 43 | |
| 44 | config 'rule' |
| 45 | option 'name' 'Allow-DHCPv6' |
| 46 | option 'src' 'wan' |
| 47 | option 'proto' 'udp' |
| 48 | option 'src_ip' 'fe80::/10' |
| 49 | option 'src_port' '547' |
| 50 | option 'dest_ip' 'fe80::/10' |
| 51 | option 'dest_port' '546' |
| 52 | option 'family' 'ipv6' |
| 53 | option 'target' 'ACCEPT' |
| 54 | |
| 55 | config 'rule' |
| 56 | option 'name' 'Allow-ICMPv6-Input' |
| 57 | option 'src' 'wan' |
| 58 | option 'proto' 'icmp' |
| 59 | list 'icmp_type' 'echo-request' |
| 60 | list 'icmp_type' 'destination-unreachable' |
| 61 | list 'icmp_type' 'packet-too-big' |
| 62 | list 'icmp_type' 'time-exceeded' |
| 63 | list 'icmp_type' 'bad-header' |
| 64 | list 'icmp_type' 'unknown-header-type' |
| 65 | list 'icmp_type' 'router-solicitation' |
| 66 | list 'icmp_type' 'neighbour-solicitation' |
| 67 | option 'limit' '1000/sec' |
| 68 | option 'family' 'ipv6' |
| 69 | option 'target' 'ACCEPT' |
| 70 | |
| 71 | config 'rule' |
| 72 | option 'name' 'Allow-ICMPv6-Forward' |
| 73 | option 'src' 'wan' |
| 74 | option 'dest' '*' |
| 75 | option 'proto' 'icmp' |
| 76 | list 'icmp_type' 'echo-request' |
| 77 | list 'icmp_type' 'destination-unreachable' |
| 78 | list 'icmp_type' 'packet-too-big' |
| 79 | list 'icmp_type' 'time-exceeded' |
| 80 | list 'icmp_type' 'bad-header' |
| 81 | list 'icmp_type' 'unknown-header-type' |
| 82 | option 'limit' '1000/sec' |
| 83 | option 'family' 'ipv6' |
| 84 | option 'target' 'ACCEPT' |
| 85 | |
| 86 | config 'include' |
| 87 | option 'path' '/etc/firewall.user' |
| 88 | |
| 89 | config 'zone' |
| 90 | option 'name' 'newzone' |
| 91 | option 'input' 'ACCEPT' |
| 92 | option 'forward' 'REJECT' |
| 93 | option 'network' ' ' |
| 94 | option 'output' 'ACCEPT' |
| 95 | |
| 96 | config 'rule' |
| 97 | option 'target' 'ACCEPT' |
| 98 | option 'src' 'wan' |
| 99 | option 'dest_port' '22' |
| 100 | option 'name' 'ssh' |
| 101 | option 'family' 'ipv4' |
| 102 | option 'proto' 'tcp udp' |
| 103 | |
| 104 | config 'rule' |
| 105 | option 'target' 'ACCEPT' |
| 106 | option 'src' 'wan' |
| 107 | option 'dest_port' '80' |
| 108 | option 'name' 'web' |
| 109 | option 'family' 'ipv4' |
| 110 | option 'proto' 'tcp udp' |
| 111 | |
| 112 | config 'redirect' |
| 113 | option 'target' 'DNAT' |
| 114 | option 'src' 'wan' |
| 115 | option 'dest' 'lan' |
| 116 | option 'proto' 'tcp udp' |
| 117 | option 'src_dport' '4444' |
| 118 | option 'dest_ip' '192.168.42.100' |
| 119 | option 'dest_port' '4444' |
| 120 | option 'name' 'osc' |
| 121 | |
| 122 | config 'redirect' |
| 123 | option 'target' 'DNAT' |
| 124 | option 'src' 'wan' |
| 125 | option 'dest' 'lan' |
| 126 | option 'proto' 'tcp' |
| 127 | option 'src_dport' '21' |
| 128 | option 'dest_ip' '192.168.42.100' |
| 129 | option 'dest_port' '21' |
| 130 | option 'name' 'ftp' |
| 131 | |
| 132 | config 'redirect' |
| 133 | option 'target' 'DNAT' |
| 134 | option 'src' 'wan' |
| 135 | option 'dest' 'lan' |
| 136 | option 'proto' 'tcp udp' |
| 137 | option 'src_dport' '23' |
| 138 | option 'dest_ip' '192.168.42.100' |
| 139 | option 'dest_port' '23' |
| 140 | option 'name' 'telnet' |
| 141 | |
| 142 | config rule |
| 143 | option target 'ACCEPT' |
| 144 | option src 'wan' |
| 145 | option proto 'tcp udp' |
| 146 | option dest_port '8080' |
| 147 | option name 'mjpg' |
milkymist-files/files/etc/config/uhttpd |
| 1 | # Server configuration |
| 2 | config uhttpd main |
| 3 | |
| 4 | # HTTP listen addresses, multiple allowed |
| 5 | list listen_http 0.0.0.0:80 |
| 6 | # list listen_http [::]:80 |
| 7 | |
| 8 | # HTTPS listen addresses, multiple allowed |
| 9 | list listen_https 0.0.0.0:443 |
| 10 | # list listen_https [::]:443 |
| 11 | |
| 12 | # Server document root |
| 13 | option home /www |
| 14 | |
| 15 | # Reject requests from RFC1918 IP addresses |
| 16 | # directed to the servers public IP(s). |
| 17 | # This is a DNS rebinding countermeasure. |
| 18 | option rfc1918_filter 1 |
| 19 | |
| 20 | # Certificate and private key for HTTPS. |
| 21 | # If no listen_https addresses are given, |
| 22 | # the key options are ignored. |
| 23 | option cert /etc/uhttpd.crt |
| 24 | option key /etc/uhttpd.key |
| 25 | |
| 26 | # CGI url prefix, will be searched in docroot. |
| 27 | # Default is /cgi-bin |
| 28 | option cgi_prefix /cgi-bin |
| 29 | |
| 30 | # List of extension->interpreter mappings. |
| 31 | # Files with an associated interpreter can |
| 32 | # be called outside of the CGI prefix and do |
| 33 | # not need to be executable. |
| 34 | # list interpreter ".php=/usr/bin/php-cgi" |
| 35 | # list interpreter ".cgi=/usr/bin/perl" |
| 36 | |
| 37 | # Lua url prefix and handler script. |
| 38 | # Lua support is disabled if no prefix given. |
| 39 | # option lua_prefix /luci |
| 40 | # option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua |
| 41 | |
| 42 | # CGI/Lua timeout, if the called script does not |
| 43 | # write data within the given amount of seconds, |
| 44 | # the server will terminate the request with |
| 45 | # 504 Gateway Timeout response. |
| 46 | option script_timeout 60 |
| 47 | |
| 48 | # Network timeout, if the current connection is |
| 49 | # blocked for the specified amount of seconds, |
| 50 | # the server will terminate the associated |
| 51 | # request process. |
| 52 | option network_timeout 30 |
| 53 | |
| 54 | # TCP Keep-Alive, send periodic keep-alive probes |
| 55 | # over established connections to detect dead peers. |
| 56 | # The value is given in seconds to specify the |
| 57 | # interval between subsequent probes. |
| 58 | # Setting this to 0 will disable TCP keep-alive. |
| 59 | option tcp_keepalive 1 |
| 60 | |
| 61 | # Basic auth realm, defaults to local hostname |
| 62 | # option realm OpenWrt |
| 63 | |
| 64 | # Configuration file in busybox httpd format |
| 65 | # option config /etc/httpd.conf |
| 66 | |
| 67 | |
| 68 | # Certificate defaults for px5g key generator |
| 69 | config cert px5g |
| 70 | |
| 71 | # Validity time |
| 72 | option days 730 |
| 73 | |
| 74 | # RSA key size |
| 75 | option bits 1024 |
| 76 | |
| 77 | # Location |
| 78 | option country DE |
| 79 | option state Berlin |
| 80 | option location Berlin |
| 81 | |
| 82 | # Common name |
| 83 | option commonname OpenWrt |
| 84 | |