package firewall config package option title 'Firewall configuration' config section option name 'zone' option title 'Firewall zones' option package 'firewall' config variable option name 'name' option title 'Name' option section 'firewall.zone' option required true config variable option name 'network' option title 'Networks belonging to this zone' option section 'firewall.zone' option valueof 'network.interface' option multival true config variable option name 'forward' option title 'Zone specific action for forwarded traffic' option section 'firewall.zone' option required true config variable option name 'input' option title 'Zone specific action for incoming traffic' option section 'firewall.zone' option required true config variable option name 'output' option title 'Zone specific action for outgoing traffic' option section 'firewall.zone' option required true config variable option name 'masq' option title 'Enable masquerading for outgoing zone traffic' option section 'firewall.zone' option datatype 'boolean' config section option name 'defaults' option title 'Global firewall defaults' option package 'firewall' option unique true option required true config variable option name 'forward' option title 'Action for forwarded traffic' option section 'firewall.defaults' option required true config variable option name 'input' option title 'Action for incoming traffic' option section 'firewall.defaults' option required true config variable option name 'output' option title 'Action for outgoing traffic' option section 'firewall.defaults' option required true config variable option name 'syn_flood' option title 'Enable syn-flood protection' option section 'firewall.defaults' option datatype 'boolean' config variable option name 'drop_invalid' option title 'Do not drop packages with state invalid' option section 'firewall.defaults' option datatype 'boolean' config section option name 'forwarding' option title 'Forwarding rules' option package 'firewall' config variable option name 'src' option title 'Source zone' option section 'firewall.forwarding' option valueof 'firewall.zone.name' option required true config variable option name 'dest' option title 'Destination zone' option section 'firewall.forwarding' option valueof 'firewall.zone.name' option required true config variable option name 'mtu_fix' option title 'Fixup MTU of outgoing packages' option section 'firewall.forwarding' option datatype 'boolean' config section option name 'rule' option title 'Custom rules' option package 'firewall' list depends 'target, src' list depends 'target, dest' list depends 'target, src_ip' list depends 'target, src_port' list depends 'target, src_mac' list depends 'target, dest_ip' list depends 'target, dest_port' list depends 'target, proto' config variable option name 'src' option title 'Source zone' option section 'firewall.rule' option valueof 'firewall.zone.name' config variable option name 'src_ip' option title 'Source IP address' option section 'firewall.rule' option datatype 'ipaddr' config variable option name 'src_port' option title 'Source port' option section 'firewall.rule' option datatype 'portrange' config variable option name 'src_mac' option title 'Source MAC address' option section 'firewall.rule' option datatype 'macaddr' config variable option name 'dest' option title 'Destination zone' option section 'firewall.rule' option valueof 'firewall.zone.name' config variable option name 'dest_ip' option title 'Destination IP address' option section 'firewall.rule' option datatype 'ipaddr' config variable option name 'dest_port' option title 'Destination port' option section 'firewall.rule' option datatype 'portrange' config variable option name 'proto' option title 'Protocol' option section 'firewall.rule' option datatype 'string' config variable option name 'target' option title 'Option target' option section 'firewall.rule' option datatype 'string' config section option name 'redirect' option title 'Redirection rules' option package 'firewall' config variable option name 'src' option title 'Source zone' option section 'firewall.redirect' option valueof 'firewall.zone.name' config variable option name 'src_ip' option title 'Source IP address' option section 'firewall.redirect' option datatype 'ipaddr' config variable option name 'src_port' option title 'Source port' option section 'firewall.redirect' option datatype 'portrange' config variable option name 'src_dport' option title 'Source destination port' option section 'firewall.redirect' option datatype 'portrange' config variable option name 'src_mac' option title 'Option src_mac' option section 'firewall.redirect' option datatype 'macaddr' config variable option name 'dest' option title 'Destination zone' option section 'firewall.redirect' option valueof 'firewall.zone.name' config variable option name 'dest_ip' option title 'Destination IP address' option section 'firewall.redirect' option datatype 'ipaddr' config variable option name 'dest_port' option title 'Destination port' option section 'firewall.redirect' option datatype 'portrange' config variable option name 'proto' option title 'Protocol' option section 'firewall.redirect' option datatype 'string' config section option name 'include' option title 'User defined config includes' option package 'firewall' config variable option name 'path' option title 'Path to the include file' option section 'firewall.include' option datatype 'file'