opentechinstitute · dismantl · Jan 22, 2015 · Mar 18, 2014 · Mar 18, 2014 · Mar 18, 2014
diff --git a/default-files/etc/config/firewall b/default-files/etc/config/firewall
@@ -1,4 +1,3 @@
-
 config defaults
 	option syn_flood '1'
 	option input 'DROP'
@@ -61,6 +60,17 @@ config forwarding
 config rule
 	option src 'wan'
 	option dest_port '22'
+	option proto 'tcp'
+	option state 'NEW'
+	option limit '3/min'
+	option limit_burst '2'
+	option target 'LOG'
+
+config rule
+	option src 'wan'
+	option dest_port '22'
+	option state 'RELATED'
+	option state 'ESTABLISHED'
 	option target 'ACCEPT'
 	option proto 'tcp'
 
@@ -167,3 +177,6 @@ config rule
 	option src 'vpn'
 	option proto 'icmp'
 	option target 'ACCEPT'
+
+config include
+	option path '/etc/firewall.user'