diff --git a/inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_5g_down/firewall b/inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_5g_down/firewall deleted file mode 100644 index a98cb4f85..000000000 --- a/inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_5g_down/firewall +++ /dev/null @@ -1,123 +0,0 @@ -config settings 'settings' - option disabled '0' - -config defaults - option syn_flood 1 - option input ACCEPT - option output ACCEPT - option forward REJECT -# Uncomment this line to disable ipv6 rules -# option disable_ipv6 1 - -config zone - option name lan - option input ACCEPT - option output ACCEPT - option forward ACCEPT - -config zone - option name wan - list network 'wan' - option input REJECT - option output ACCEPT - option forward REJECT - option masq 1 - option mtu_fix 1 - -config forwarding - option src lan - option dest wan - -# We need to accept udp packets on port 68, -# see https://dev.openwrt.org/ticket/4108 -config rule - option name Allow-DHCP-Renew - option src wan - option proto udp - option dest_port 68 - option target ACCEPT - option family ipv4 - option hidden 1 - -config rule - option name Repeater-Management - option src wan - option proto tcp - option dest_port '22 80 8080 8181 9875' - option target ACCEPT - option family ipv4 - option hidden 1 - -# Allow IPv4 ping -config rule - option name Allow-Ping - option src wan - option proto icmp - option icmp_type echo-request - option family ipv4 - option target ACCEPT - option hidden 1 - -# Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 -config rule - option name Allow-DHCPv6 - option src wan - option proto udp - option src_ip fe80::/10 - option src_port 547 - option dest_ip fe80::/10 - option dest_port 546 - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential incoming IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Input - option src wan - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - list icmp_type router-solicitation - list icmp_type neighbour-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-advertisement - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src wan - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# include a file with users custom iptables rules -config include - option path /etc/firewall.user - option reload 1 - -# include a file with rules for SIP and RTP traffic -config include - option path /etc/firewall.sip - option reload 1 - diff --git a/inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_dual_down/firewall b/inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_dual_down/firewall deleted file mode 100644 index a98cb4f85..000000000 --- a/inteno-netmodes/files/etc/netmodes/repeater_brcm_2g_up_dual_down/firewall +++ /dev/null @@ -1,123 +0,0 @@ -config settings 'settings' - option disabled '0' - -config defaults - option syn_flood 1 - option input ACCEPT - option output ACCEPT - option forward REJECT -# Uncomment this line to disable ipv6 rules -# option disable_ipv6 1 - -config zone - option name lan - option input ACCEPT - option output ACCEPT - option forward ACCEPT - -config zone - option name wan - list network 'wan' - option input REJECT - option output ACCEPT - option forward REJECT - option masq 1 - option mtu_fix 1 - -config forwarding - option src lan - option dest wan - -# We need to accept udp packets on port 68, -# see https://dev.openwrt.org/ticket/4108 -config rule - option name Allow-DHCP-Renew - option src wan - option proto udp - option dest_port 68 - option target ACCEPT - option family ipv4 - option hidden 1 - -config rule - option name Repeater-Management - option src wan - option proto tcp - option dest_port '22 80 8080 8181 9875' - option target ACCEPT - option family ipv4 - option hidden 1 - -# Allow IPv4 ping -config rule - option name Allow-Ping - option src wan - option proto icmp - option icmp_type echo-request - option family ipv4 - option target ACCEPT - option hidden 1 - -# Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 -config rule - option name Allow-DHCPv6 - option src wan - option proto udp - option src_ip fe80::/10 - option src_port 547 - option dest_ip fe80::/10 - option dest_port 546 - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential incoming IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Input - option src wan - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - list icmp_type router-solicitation - list icmp_type neighbour-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-advertisement - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src wan - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# include a file with users custom iptables rules -config include - option path /etc/firewall.user - option reload 1 - -# include a file with rules for SIP and RTP traffic -config include - option path /etc/firewall.sip - option reload 1 - diff --git a/inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/firewall b/inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/firewall deleted file mode 100644 index b7f3cef0e..000000000 --- a/inteno-netmodes/files/etc/netmodes/repeater_mtk_2g_up_dual_down/firewall +++ /dev/null @@ -1,113 +0,0 @@ -config settings 'settings' - option disabled '0' - -config defaults - option syn_flood 1 - option input ACCEPT - option output ACCEPT - option forward REJECT -# Uncomment this line to disable ipv6 rules -# option disable_ipv6 1 - -config zone - option name wan - list network 'wan' - option input REJECT - option output ACCEPT - option forward REJECT - option masq 1 - option mtu_fix 1 - -# We need to accept udp packets on port 68, -# see https://dev.openwrt.org/ticket/4108 -config rule - option name Allow-DHCP-Renew - option src wan - option proto udp - option dest_port 68 - option target ACCEPT - option family ipv4 - option hidden 1 - -config rule - option name Repeater-Management - option src wan - option proto tcp - option dest_port '22 80 8080 8181 9875' - option target ACCEPT - option family ipv4 - option hidden 1 - -# Allow IPv4 ping -config rule - option name Allow-Ping - option src wan - option proto icmp - option icmp_type echo-request - option family ipv4 - option target ACCEPT - option hidden 1 - -# Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 -config rule - option name Allow-DHCPv6 - option src wan - option proto udp - option src_ip fe80::/10 - option src_port 547 - option dest_ip fe80::/10 - option dest_port 546 - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential incoming IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Input - option src wan - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - list icmp_type router-solicitation - list icmp_type neighbour-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-advertisement - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src wan - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# include a file with users custom iptables rules -config include - option path /etc/firewall.user - option reload 1 - -# include a file with rules for SIP and RTP traffic -config include - option path /etc/firewall.sip - option reload 1 - diff --git a/inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/firewall b/inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/firewall deleted file mode 100644 index b7f3cef0e..000000000 --- a/inteno-netmodes/files/etc/netmodes/repeater_mtk_5g_up_dual_down/firewall +++ /dev/null @@ -1,113 +0,0 @@ -config settings 'settings' - option disabled '0' - -config defaults - option syn_flood 1 - option input ACCEPT - option output ACCEPT - option forward REJECT -# Uncomment this line to disable ipv6 rules -# option disable_ipv6 1 - -config zone - option name wan - list network 'wan' - option input REJECT - option output ACCEPT - option forward REJECT - option masq 1 - option mtu_fix 1 - -# We need to accept udp packets on port 68, -# see https://dev.openwrt.org/ticket/4108 -config rule - option name Allow-DHCP-Renew - option src wan - option proto udp - option dest_port 68 - option target ACCEPT - option family ipv4 - option hidden 1 - -config rule - option name Repeater-Management - option src wan - option proto tcp - option dest_port '22 80 8080 8181 9875' - option target ACCEPT - option family ipv4 - option hidden 1 - -# Allow IPv4 ping -config rule - option name Allow-Ping - option src wan - option proto icmp - option icmp_type echo-request - option family ipv4 - option target ACCEPT - option hidden 1 - -# Allow DHCPv6 replies -# see https://dev.openwrt.org/ticket/10381 -config rule - option name Allow-DHCPv6 - option src wan - option proto udp - option src_ip fe80::/10 - option src_port 547 - option dest_ip fe80::/10 - option dest_port 546 - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential incoming IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Input - option src wan - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - list icmp_type router-solicitation - list icmp_type neighbour-solicitation - list icmp_type router-advertisement - list icmp_type neighbour-advertisement - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# Allow essential forwarded IPv6 ICMP traffic -config rule - option name Allow-ICMPv6-Forward - option src wan - option dest * - option proto icmp - list icmp_type echo-request - list icmp_type echo-reply - list icmp_type destination-unreachable - list icmp_type packet-too-big - list icmp_type time-exceeded - list icmp_type bad-header - list icmp_type unknown-header-type - option limit 1000/sec - option family ipv6 - option target ACCEPT - option hidden 1 - -# include a file with users custom iptables rules -config include - option path /etc/firewall.user - option reload 1 - -# include a file with rules for SIP and RTP traffic -config include - option path /etc/firewall.sip - option reload 1 -