Config files:
Main router
root@router-squashfs:~# ubus call system board
{
"kernel": "6.1.82",
"hostname": "router",
"system": "ARMv8 Processor rev 0",
"model": "FriendlyElec NanoPi R5S",
"board_name": "friendlyarm,nanopi-r5s",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r25676-2feedab805",
"target": "rockchip/armv8",
"description": "OpenWrt SNAPSHOT r25676-2feedab805"
}
}
$ cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option fullcone '1'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
config rule
option name 'Reject-IPv6'
option family 'ipv6'
option src 'wan'
option dest '*'
option target 'REJECT'
option enabled '0'
config zone
option name 'lan'
option output 'ACCEPT'
option forward 'ACCEPT'
option input 'ACCEPT'
list network 'lan'
list network 'vpn'
list network 'dmz'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option fullcone4 '1'
option fullcone6 '1'
option masq '1'
option mtu_fix '1'
list network 'wan'
config zone
option name 'iot'
option output 'ACCEPT'
list network 'iot'
option input 'REJECT'
option forward 'REJECT'
config zone 'docker'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option name 'docker'
list network 'docker'
config forwarding
option src 'lan'
option dest 'iot'
config forwarding
option src 'iot'
option dest 'wan'
config rule
option name 'IOT DHCP and DNS'
option src 'iot'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'wireguard'
list proto 'udp'
option src 'wan'
option src_dport '51820'
option dest_ip '192.168.10.1'
option dest_port '51820'
config rule
option name 'guest DHCP & DNS'
option src 'guest'
option dest_port '53 67 68'
option target 'ACCEPT'
config zone
option name 'guest'
option output 'ACCEPT'
list network 'guest'
list network 'caseta'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'guest'
config rule
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
option name 'mDNS-iot'
list proto 'udp'
option src '*'
config zone
option name 'cam'
option output 'ACCEPT'
option forward 'REJECT'
list network 'cam'
option input 'REJECT'
config forwarding
option src 'lan'
option dest 'cam'
config rule
option src 'cam'
option target 'ACCEPT'
option name 'cam NTP'
list proto 'udp'
list dest_ip '192.168.10.1'
option dest_port '123'
config rule
option name 'cam DHCP & DNS'
option src 'cam'
option dest_port '53 67 68'
option target 'ACCEPT'
config rule
option name 'mqtt IOT'
list proto 'tcp'
option src 'iot'
option dest 'lan'
list dest_ip '192.168.10.226'
option dest_port '1883'
option target 'ACCEPT'
config rule
option name 'mqtt CAM'
option src 'cam'
option dest 'lan'
list dest_ip '192.168.10.226'
option dest_port '1883'
option target 'ACCEPT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/firewall.include'
config redirect 'adblock_guest53'
option name 'Adblock DNS (guest, 53)'
option src 'guest'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
option family 'any'
config redirect 'adblock_iot53'
option name 'Adblock DNS (iot, 53)'
option src 'iot'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
option family 'any'
config redirect 'adblock_lan53'
option name 'Adblock DNS (lan, 53)'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
option family 'any'
$ cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '0'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
option port '53'
option logdhcp '1'
#option quietdhcp '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config dhcp 'wan'
option interface 'wan'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'iot'
option interface 'iot'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
config domain
option name 'ap'
option ip '192.168.10.2'
config dhcp 'caseta'
option interface 'caseta'
option limit '150'
option leasetime '12h'
option start '0'
config dhcp 'dmz'
option interface 'dmz'
option leasetime '12h'
option start '0'
option limit '100'
config dhcp 'cam'
option interface 'cam'
option start '100'
option limit '150'
option leasetime '12h'
config domain
option name 'router'
option ip '192.168.10.1'
$ cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00:ab:cd::/48'
option packet_steering '1'
config device
option name 'eth0'
option macaddr REDACTED
config interface 'wan'
option proto 'pppoe'
option device 'eth0.100'
option username REDACTED
option password REDACTED
option ipv6 'auto'
option peerdns '0'
list dns '8.8.8.8'
list dns '8.8.4.4'
option delegate '0'
option mtu '1436'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
option ipv6 '0'
config device
option name 'eth1'
option macaddr REDACTED
option ipv6 '0'
config device
option name 'eth2'
option macaddr REDACTED
option ipv6 '0'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.1'
option device 'br-lan.10'
option delegate '0'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
config interface 'iot'
option proto 'static'
option netmask '255.255.255.0'
option device 'br-lan.20'
option ipaddr '192.168.20.1'
config bridge-vlan
option device 'br-lan'
option vlan '10'
list ports 'eth1'
list ports 'eth2:t'
config bridge-vlan
option device 'br-lan'
option vlan '20'
list ports 'eth2:t'
config device
option name 'br-lan.10'
option type '8021q'
option ifname 'br-lan'
option vid '10'
config device
option name 'br-lan.20'
option type '8021q'
option ifname 'br-lan'
option vid '20'
config device
option type '8021q'
option ifname 'br-lan'
option vid '30'
option name 'br-lan.30'
config interface 'guest'
option proto 'static'
option device 'br-lan.30'
option ipaddr '192.168.30.1'
list dns '8.8.8.8'
list dns '8.8.4.4'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '30'
list ports 'eth2:t'
config device
option type '8021q'
option ifname 'br-lan'
option vid '60'
option name 'br-lan.60'
option ipv6 '0'
config interface 'caseta'
option proto 'static'
option device 'br-lan.60'
option ipaddr '192.168.60.1'
list dns '8.8.8.8'
list dns '8.8.4.4'
option netmask '255.255.255.247'
config bridge-vlan
option device 'br-lan'
list ports 'eth2:t'
option vlan '40'
config device
option type '8021q'
option ifname 'br-lan'
option vid '40'
option name 'br-lan.40'
option ipv6 '0'
config device
option type '8021q'
option ifname 'br-lan'
option vid '50'
option name 'br-lan.50'
option ipv6 '0'
config interface 'dmz'
option proto 'static'
option device 'br-lan.40'
option ipaddr '192.168.40.1'
option netmask '255.255.255.248'
config interface 'cam'
option proto 'static'
option device 'br-lan.50'
option ipaddr '192.168.50.1'
option netmask '255.255.255.0'
config bridge-vlan
option device 'br-lan'
option vlan '50'
list ports 'eth2:t'
config bridge-vlan
option device 'br-lan'
option vlan '60'
list ports 'eth2:t'
b1300 AP
$ ubus call system board
{
"kernel": "5.15.150",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "GL.iNet GL-B1300",
"board_name": "glinet,gl-b1300",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "ipq40xx/generic",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}
$ cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda1:db0a:380b::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
config interface 'lan'
option device 'br-eth'
option proto 'static'
option ipaddr '192.168.10.2'
option netmask '255.255.255.0'
option type 'bridge'
config device
option type 'bridge'
option name 'br-eth'
list ports 'eth0'
list ports 'wan.10'
$ cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/a000000.wifi'
option channel '1'
option band '2g'
option htmode 'HT20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key REDACTED
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/a800000.wifi'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'test'
option encryption 'psk2'
option key REDACTED
option network 'lan'
$ cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'hybrid'
option ra 'hybrid'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
$ cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option synflood_protect '1'