
config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option synflood_protect '1'

config zone 'wan'
	option name 'wan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option mtu_fix '1'
	option family 'ipv4'
	option masq '1'
	list device 'eth0'
	list device 'wireguard'
	list network 'geust_vlan40'
	list network 'lo'
	list network 'vlan10'
	list network 'vlan20'
	list network 'vlan30'
	list network 'wan'
	list network 'vxlanwan'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'HTTP'
	option src 'wan'
	option src_port '80'
	option dest 'wan'
	list dest_ip '217.160.255.254'
	option dest_port '80'
	option target 'ACCEPT'
	option family 'ipv4'
	list src_ip '217.160.255.254'
	option direction 'out'
	option device 'eth0.10'

config rule
	option name 'FTP'
	option src 'wan'
	list src_ip '217.160.255.254'
	option src_port '21'
	list dest_ip '217.160.255.254'
	option dest_port '21'
	option target 'ACCEPT'
	option dest 'wan'
	option family 'ipv4'
	list src_mac '02:01:6F:F8:42:77'
	option helper 'ftp'
	option direction 'in'
	option device 'eth0.20'

config rule
	option name 'Luci-webinterface'
	option family 'ipv4'
	option src 'wan'
	list src_ip '217.160.255.254'
	option src_port '8081'
	option dest 'wan'
	list dest_ip '217.160.255.254'
	option dest_port '8081'
	option target 'ACCEPT'
	option direction 'in'
	option device 'eth0.20'

config rule
	option name 'HttpFileServer'
	option src 'wan'
	list src_ip '217.160.255.254'
	option src_port '8000'
	option dest 'wan'
	list dest_ip '217.160.255.254'
	option dest_port '8000'
	option target 'ACCEPT'
	option family 'ipv4'
	list src_mac '02:01:6F:F8:42:77'
	option direction 'in'
	option device 'eth0.20'

config rule
	option name 'LAN-Server'
	option family 'ipv4'
	option src 'wan'
	list src_ip '217.160.255.254'
	option src_port '8443'
	option dest 'wan'
	list dest_ip '217.160.255.254'
	option dest_port '8443'
	option target 'ACCEPT'
	option direction 'in'
	option device 'eth0.20'

config rule
	option name 'derbydb'
	option direction 'in'
	option device 'eth0.20'
	option family 'ipv4'
	option src 'wan'
	list src_ip '217.160.255.254'
	option src_port '1527'
	option dest 'wan'
	list dest_ip '217.160.255.254'
	option dest_port '1527'
	option target 'ACCEPT'

config forwarding
	option src 'wan'
	option dest 'docker'

config forwarding
	option src 'docker'
	option dest 'wan'

config zone 'docker'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option name 'docker'
	list network 'docker'

config zone
	option name 'lan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option mtu_fix '1'
	list network 'wireguard'
	list network 'DMZ'
	list network 'vxlanwireguard'
	list network 'vxlanforipfire'

config rule 'wg'
	option name 'Allow-WireGuard'
	option src 'wan'
	option proto 'udp'
	option target 'ACCEPT'
	option direction 'in'
	option device 'eth0.30'
	list src_ip '217.160.255.254'
	option src_port '51820'
	option dest 'lan'
	list dest_ip '10.8.0.1'
	option dest_port '51820'

config forwarding
	option src 'wan'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'wan'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'wireguard'
	option family 'ipv4'
	list proto 'udp'
	option src 'wan'
	option src_dport '51820'
	option dest_ip '192.168.10.56'
	option dest_port '51820'

