Sajnos Openwrt alatt csak ilyen rule-k vannak, nem látok sateful (output)-ot.
config rule
option src 'lan'
option dest 'guest'
option family 'ipv6'
option proto 'all'
option target 'DROP'
option name 'Lan-Guest Ipv6'
#ezzel tiltom a Lan-ról gzestbe menő ipv6-ot.
config rule
option src 'guest'
option dest 'lan'
option name 'Guest-Lan Ipv6'
option family 'ipv6'
option proto 'all'
option target 'DROP'
#Gest-Lan ipv6 tiltás
config rule
option target 'ACCEPT'
option name 'Tunnel41'
option proto '41'
option src '*'
#Tunnelhez kell egy 41-es protokoll
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
#Dhcp renew
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
#ping
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
#Igmp
config rule
option name 'Allow-DHCPv6'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option src '*'
#Dhcpv6 engedélyezés
config rule
option name 'Allow-MLD'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option src '*'
#MLD engedélyezés
config rule
option name 'Allow-ICMPv6-Input'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option family 'ipv6'
option target 'ACCEPT'
option src '*'
#Icmpv6 engedélyezés input
config rule
option name 'Allow-ICMPv6-Forward'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option family 'ipv6'
option target 'ACCEPT'
option src '*'
#Icmmpv6 továbbítás engedélyezése
config rule
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '4443'
option name 'DlinkIpv6 4443'
option src '*'
option dest '*'
#Dlink router elérése
config rule
option target 'ACCEPT'
option proto 'tcp'
option dest_port '443'
option src '*'
option name 'Luci 443 Ipv6 Lan'
#Tunnel router ipv6 ssl luci elérés
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option network 'wan henet'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'guest'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
config forwarding
option dest 'wan'
option src 'guest'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'lan'
option src 'guest'
Egy példával esetleg letudnád írni, hogy egy stateless szabályt hogyan tudnék létrehozni?