OpenWrt's built-in Firewall is a bit complicated. You can reconfigure iptables as needed to meet general user requirements.
#/Bin/bash
# OpenWrt firewall, applicable to RG100AA
Iptables-F
Iptables-X
Iptables-Z
Iptables-P INPUT DROP
Iptables-P OUTPUT ACCEPT
Iptables-P FORWARD DROP
Iptables-a input-I lo-j ACCEPT
Iptables-a input-I br-lan-j ACCEPT
# Iptables-a input-m string -- algo bm -- string "sex"-j DROP
Iptables-a input-m state -- state RELATED, ESTABLISHED-j ACCEPT
# Iptables-a forward-m string -- algo bm -- string "sex"-j DROP
Iptables-a forward-I br-lan-o pppoe-wan-j ACCEPT
Iptables-a forward-m state -- state RELATED, ESTABLISHED-j ACCEPT
# Iptables-a forward-p tcp -- dport 12488-j ACCEPT
# Iptables-a forward-p udp -- dport 12488-j ACCEPT
Iptables-t nat-F
Iptables-t nat-X
Iptables-t nat-Z
Iptables-t nat-P PREROUTING ACCEPT
Iptables-t nat-P POSTROUTING ACCEPT
Iptables-t nat-P OUTPUT ACCEPT
Iptables-t nat-a postrouting-I br-lan-o pppoe-wan-j MASQUERADE
# Iptables-t nat-a prerouting-p tcp -- dport 12488-j DNAT -- to-destination 192.168.1.6
# Iptables-t nat-a prerouting-p udp -- dport 12488-j DNAT -- to-destination 192.168.1.6
# Iptables-t mangle-F
# Iptables-t mangle-X
# Iptables-t mangle-Z
# Iptables-t mangle-a prerouting-I pppoe-wan-j TTL -- ttl-inc 1
# Iptables-t mangle-a postrouting-o pppoe-wan-j TTL -- ttl-set 128
# Iptables-t mangle-a postrouting-o pppoe-wan-j IPID -- ipid-pace 1
# Iptables-I FORWARD-p tcp -- tcp-flags RST-j DROP
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
