config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
# list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
root@OpenWrt:/# /etc/init.d/firewall restart
Warning: Unable to locate ipset utility, disabling ipset support
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Forward 'lan' -> 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
Warning: iptc_commit(): No chain/target/match by that name
* Set tcp_ecn to off
* Set tcp_syncookies to on
! Unable to write value: No such file or directory
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
root@OpenWrt:/# iptables -L -nv
Chain INPUT (policy ACCEPT 9 packets, 897 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10 packets, 2785 bytes)
pkts bytes target prot opt in out source destination