option name Allow-DHCPv6
option src wan
option proto udp
- option src_ip fe80::/10
- option src_port 547
- option dest_ip fe80::/10
+ option src_ip fc00::/6
+ option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
option family ipv6
option target ACCEPT
+config rule
+ option name Allow-IPSec-ESP
+ option src wan
+ option dest lan
+ option proto esp
+ option target ACCEPT
+
+config rule
+ option name Allow-ISAKMP
+ option src wan
+ option dest lan
+ option dest_port 500
+ option proto udp
+ option target ACCEPT
+
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
# option dest_port 22
# option proto tcp
-# allow IPsec/ESP and ISAKMP passthrough
-#config rule
-# option src wan
-# option dest lan
-# option protocol esp
-# option target ACCEPT
-
-#config rule
-# option src wan
-# option dest lan
-# option src_port 500
-# option dest_port 500
-# option proto udp
-# option target ACCEPT
-
### FULL CONFIG SECTIONS
#config rule
# option src lan
projects / openwrt / staging / florian.git / blobdiff