config defaults
	option syn_flood	0
	option drop_invalid	1
	option input		ACCEPT
	option output		ACCEPT 
	option forward		REJECT

config zone
	option name		lan
	option input		ACCEPT 
	option output		ACCEPT 
	option forward		REJECT

#config zone
#	option name		wan
#	option input		REJECT
#	option output		ACCEPT 
#	option forward		REJECT
#	option masq		1 
#	option mtu_fix		1

#config forwarding 
#	option src      	lan
#	option dest     	wan

config zone
	option name		guest
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT

config rule
	option src		guest
	option proto		icmp
	option target		ACCEPT

config rule
	option src		guest
	option dest_port	53
	option proto		tcpudp
	option target		ACCEPT

config rule
	option src		guest
	option dest_port	67
	option proto		udp
	option target		ACCEPT

config rule
	option src		guest
	option dest		lan
	option proto		all
	option dest_ip		192.168.0.0/16
	option target		REJECT

config rule
	option src		guest
	option dest		lan
	option proto		all
	option src_ip		192.168.2.0/24
	option target		ACCEPT

# include a file with users custom iptables rules
config include
	option path /etc/firewall.user