iptables -N forwarding_rule
iptables -N forwarding_wan
+iptables -t nat -N NEW
iptables -t nat -N prerouting_wan
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
# uses the default -P DROP
### MASQ
+ iptables -t nat -A PREROUTING -m state --state NEW -j NEW
iptables -t nat -A PREROUTING -j prerouting_rule
iptables -t nat -A PREROUTING -i $WAN -j prerouting_wan
iptables -t nat -A POSTROUTING -j postrouting_rule
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+ iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \
+ iptables -t nat -A NEW -j DROP
+
## USER RULES
[ -f /etc/firewall.user ] && . /etc/firewall.user
[ -e /etc/config/firewall ] && {
CONFIG_IP_NF_RTSP=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=y
-CONFIG_IP_NF_MATCH_LIMIT=m
+CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=y