fwcmd/fwcmd-rules.conf at master · aehparta/fwcmd · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# wan interface
#wan eth0

# enable nat on wan interface
# you need to add forward rules or define lan interface for nat to work properly
#nat

# lan interface, allow everything from there if defined
#lan eth1

# do not allow ssh, default is to force allow ssh
#nossh

#
# Rules format:
#  <accept|drop> [tcp|udp|icmp] <[!]source-ip[:[!]source-port]> [<[!]destination-ip[:[!]destination-port]>]
#

# allow http from anywhere
#accept tcp any any:80

# allow external address 1.2.3.4 from port 8008 to access port 9009
#accept tcp 1.2.3.4:8008 any:9009

# allow external address 2.3.4.5 to access port 222
#accept tcp 2.3.4.5 any:222

# drop DNS queries, default is allow
#drop udp any:53 any:53

# drop icmp packets, default is allow
#drop icmp

# do not allow forward from local address 192.168.1.8 to anywhere else than 66.66.66.66
#forward_drop tcp 192.168.1.8 !66.66.66.66

# trust hosts 5.4.3.2 and 7.8.9.1 which means allowing everything from them
#trust 5.4.3.2 7.8.9.1

# drop all traffic from given address
#drop 192.168.1.19

wan enp3s0

drop tcp any:666 any:666
accept udp !any !any:!777
forward 192.168.1.8 46.246.123.49
dnat tcp any:322 192.168.1.253:22