tests/mocks/uci/firewall.json

   1 {
   2         "defaults": {
   3                 "flow_offloading": "1",
   4                 "flow_offloading_hw": "1",
   5                 "forward": "REJECT",
   6                 "input": "REJECT",
   7                 "output": "ACCEPT",
   8                 "syn_flood": "1",
   9                 "unknown_defaults_option": "foo"
  10         },
  11         "zone": [
  12                 {
  13                         "name": "lan",
  14                         "input": "ACCEPT",
  15                         "output": "ACCEPT",
  16                         "forward": "ACCEPT",
  17                         "network": [ "lan" ]
  18                 },
  19                 {
  20                         "input": "REJECT",
  21                         "output": "ACCEPT",
  22                         "forward": "REJECT",
  23                         "masq": "1",
  24                         "mtu_fix": "1",
  25                         "name": "wan",
  26                         "network": [ "wan", "wan6" ]
  27                 }
  28         ],
  29         "forwarding": {
  30                 "dest": "wan",
  31                 "src": "lan"
  32         },
  33         "rule": [
  34                 {
  35                         "name": "Allow-DHCP-Renew",
  36                         "family": "ipv4",
  37                         "proto": "udp",
  38                         "src": "wan",
  39                         "dest_port": "68",
  40                         "target": "ACCEPT"
  41                 },
  42                 {
  43                         "name": "Allow-Ping",
  44                         "family": "ipv4",
  45                         "proto": "icmp",
  46                         "src": "wan",
  47                         "icmp_type": "echo-request",
  48                         "target": "ACCEPT"
  49                 },
  50                 {
  51                         "name": "Allow-IGMP",
  52                         "family": "ipv4",
  53                         "proto": "igmp",
  54                         "src": "wan",
  55                         "target": "ACCEPT"
  56                 },
  57                 {
  58                         "name": "Allow-DHCPv6",
  59                         "family": "ipv6",
  60                         "proto": "udp",
  61                         "src": "wan",
  62                         "src_ip": "fc00::/6",
  63                         "dest_ip": "fc00::/6",
  64                         "dest_port": "546",
  65                         "target": "ACCEPT"
  66                 },
  67                 {
  68                         "name": "Allow-MLD",
  69                         "family": "ipv6",
  70                         "proto": "icmp",
  71                         "src": "wan",
  72                         "src_ip": "fe80::/10",
  73                         "icmp_type": [ "130/0", "131/0", "132/0", "143/0" ],
  74                         "target": "ACCEPT"
  75                 },
  76                 {
  77                         "name": "Allow-ICMPv6-Input",
  78                         "family": "ipv6",
  79                         "proto": "icmp",
  80                         "src": "wan",
  81                         "icmp_type": [
  82                                 "echo-request", "echo-reply", "destination-unreachable",
  83                                 "packet-too-big", "time-exceeded", "bad-header", "unknown-header-type",
  84                                 "router-solicitation", "neighbour-solicitation", "router-advertisement",
  85                                 "neighbour-advertisement"
  86                         ],
  87                         "limit": "1000/sec",
  88                         "target": "ACCEPT"
  89                 },
  90                 {
  91                         "name": "Allow-ICMPv6-Forward",
  92                         "family": "ipv6",
  93                         "proto": "icmp",
  94                         "src": "wan",
  95                         "dest": "*",
  96                         "icmp_type": [
  97                                 "echo-request", "echo-reply", "destination-unreachable",
  98                                 "packet-too-big", "time-exceeded", "bad-header", "unknown-header-type"
  99                         ],
 100                         "limit": "1000/sec",
 101                         "target": "ACCEPT"
 102                 },
 103                 {
 104                         "name": "Allow-IPSec-ESP",
 105                         "proto": "esp",
 106                         "src": "wan",
 107                         "dest": "lan",
 108                         "target": "ACCEPT"
 109                 },
 110                 {
 111                         "name": "Allow-ISAKMP",
 112                         "proto": "udp",
 113                         "src": "wan",
 114                         "dest": "lan",
 115                         "dest_port": "500",
 116                         "target": "ACCEPT"
 117                 },
 118                 {
 119                         "name": "Test-Deprecated-Rule-Option",
 120                         "_name": "Test-Deprecated-Rule-Option",
 121                         "proto": "tcp",
 122                         "unknown_rule_option": "foo"
 123                 }
 124         ]
 125 }