Created
July 14, 2019 20:33
-
-
Save Taubin/4401be999df639bd674403c11f0e9142 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| broadcast-ping disable | |
| ipv6-name WANv6_IN { | |
| default-action drop | |
| description "WAN inbound traffic forwarded to LAN" | |
| enable-default-log | |
| rule 10 { | |
| action accept | |
| description "Allow established/related sessions" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| ipv6-name WANv6_LOCAL { | |
| default-action drop | |
| description "WAN inbound traffic to the router" | |
| enable-default-log | |
| rule 10 { | |
| action accept | |
| description "Allow established/related sessions" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| rule 30 { | |
| action accept | |
| description "Allow IPv6 icmp" | |
| protocol ipv6-icmp | |
| } | |
| rule 40 { | |
| action accept | |
| description "allow dhcpv6" | |
| destination { | |
| port 546 | |
| } | |
| protocol udp | |
| source { | |
| port 547 | |
| } | |
| } | |
| } | |
| ipv6-receive-redirects disable | |
| ipv6-src-route disable | |
| ip-src-route disable | |
| log-martians enable | |
| name WAN_IN { | |
| default-action drop | |
| description "WAN to internal" | |
| rule 10 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| name WAN_LOCAL { | |
| default-action drop | |
| description "WAN to router" | |
| rule 10 { | |
| action accept | |
| description "Allow established/related" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action drop | |
| description "Drop invalid state" | |
| state { | |
| invalid enable | |
| } | |
| } | |
| } | |
| options { | |
| mss-clamp { | |
| mss 1412 | |
| } | |
| } | |
| receive-redirects disable | |
| send-redirects enable | |
| source-validation disable | |
| syn-cookies enable | |
| } | |
| interfaces { | |
| ethernet eth0 { | |
| duplex auto | |
| pppoe 0 { | |
| default-route auto | |
| dhcpv6-pd { | |
| prefix-only | |
| rapid-commit enable | |
| } | |
| mtu 1492 | |
| name-server auto | |
| password redacted | |
| user-id [email protected] | |
| } | |
| speed auto | |
| vif 10 { | |
| description "Internet (PPPoE)" | |
| firewall { | |
| in { | |
| name WAN_IN | |
| } | |
| local { | |
| name WAN_LOCAL | |
| } | |
| } | |
| pppoe 0 { | |
| default-route auto | |
| dhcpv6-pd { | |
| pd 0 { | |
| interface eth1 { | |
| host-address ::1 | |
| prefix-id :0 | |
| service slaac | |
| } | |
| interface eth2 { | |
| host-address ::1 | |
| prefix-id :2 | |
| service slaac | |
| } | |
| prefix-length /56 | |
| } | |
| rapid-commit enable | |
| } | |
| firewall { | |
| in { | |
| ipv6-name WANv6_IN | |
| } | |
| local { | |
| ipv6-name WANv6_LOCAL | |
| } | |
| } | |
| mtu 1492 | |
| name-server auto | |
| password redacted | |
| user-id [email protected] | |
| } | |
| } | |
| } | |
| ethernet eth1 { | |
| address 192.168.0.1/24 | |
| description Local | |
| duplex auto | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| address 192.168.2.1/24 | |
| description "Local 2" | |
| duplex auto | |
| speed auto | |
| } | |
| loopback lo { | |
| } | |
| } | |
| service { | |
| dhcp-server { | |
| disabled false | |
| hostfile-update disable | |
| shared-network-name LAN1 { | |
| authoritative enable | |
| subnet 192.168.0.0/24 { | |
| default-router 192.168.0.1 | |
| dns-server 1.1.1.1 | |
| dns-server 8.8.8.8 | |
| lease 86400 | |
| start 192.168.0.100 { | |
| stop 192.168.0.243 | |
| } | |
| static-mapping Taubin-Desktop { | |
| ip-address 192.168.0.11 | |
| mac-address e0:d5:5e:20:b0:92 | |
| } | |
| } | |
| } | |
| shared-network-name LAN2 { | |
| authoritative enable | |
| subnet 192.168.2.0/24 { | |
| default-router 192.168.2.1 | |
| dns-server 192.168.2.1 | |
| lease 86400 | |
| start 192.168.2.38 { | |
| stop 192.168.2.243 | |
| } | |
| } | |
| } | |
| static-arp disable | |
| use-dnsmasq disable | |
| } | |
| dns { | |
| forwarding { | |
| cache-size 150 | |
| listen-on eth1 | |
| listen-on eth2 | |
| } | |
| } | |
| gui { | |
| http-port 80 | |
| https-port 443 | |
| older-ciphers enable | |
| } | |
| nat { | |
| rule 5010 { | |
| description "masquerade for WAN" | |
| outbound-interface pppoe0 | |
| type masquerade | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| protocol-version v2 | |
| } | |
| unms { | |
| disable | |
| } | |
| } | |
| system { | |
| host-name ubnt | |
| login { | |
| user taubin { | |
| authentication { | |
| encrypted-password redacted | |
| } | |
| level admin | |
| } | |
| } | |
| ntp { | |
| server 0.ubnt.pool.ntp.org { | |
| } | |
| server 1.ubnt.pool.ntp.org { | |
| } | |
| server 2.ubnt.pool.ntp.org { | |
| } | |
| server 3.ubnt.pool.ntp.org { | |
| } | |
| } | |
| offload { | |
| hwnat disable | |
| ipv4 { | |
| forwarding enable | |
| pppoe enable | |
| vlan enable | |
| } | |
| ipv6 { | |
| forwarding enable | |
| vlan enable | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level notice | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| time-zone Pacific/Auckland | |
| } | |
| /* Warning: Do not remove the following line. */ | |
| /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ | |
| /* Release version: v1.10.9.5166937.190213.1810 */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment