Created
August 29, 2022 00:47
-
-
Save michael-pisman/c18080f684d31595a39f61beebbc4301 to your computer and use it in GitHub Desktop.
Vyos config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firewall { | |
| all-ping enable | |
| name LAN-LOCAL { | |
| default-action accept | |
| } | |
| name LAN-WAN { | |
| default-action accept | |
| } | |
| name LOCAL-LAN { | |
| default-action accept | |
| } | |
| name LOCAL-WAN { | |
| default-action accept | |
| } | |
| name WAN-LAN { | |
| default-action drop | |
| rule 5 { | |
| action accept | |
| description "Allow EST/Related Traffic" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action accept | |
| protocol icmp | |
| state { | |
| new enable | |
| } | |
| } | |
| } | |
| name WAN-LOCAL { | |
| default-action drop | |
| rule 5 { | |
| action accept | |
| description "Allow EST/Related Traffic" | |
| state { | |
| established enable | |
| related enable | |
| } | |
| } | |
| rule 20 { | |
| action accept | |
| protocol icmp | |
| state { | |
| new enable | |
| } | |
| } | |
| } | |
| } | |
| interfaces { | |
| ethernet eth1 { | |
| hw-id a0:36:9f:b2:4a:50 | |
| } | |
| ethernet eth2 { | |
| address 10.0.0.1/24 | |
| description LAN | |
| hw-id a0:36:9f:b2:4a:52 | |
| } | |
| ethernet eth3 { | |
| address dhcp | |
| address dhcpv6 | |
| description WAN | |
| firewall { | |
| } | |
| hw-id 2c:f0:5d:76:50:0e | |
| } | |
| loopback lo { | |
| } | |
| wireless wlan0 { | |
| hw-id c8:58:c0:26:8a:6d | |
| physical-device phy0 | |
| } | |
| } | |
| nat { | |
| source { | |
| rule 100 { | |
| outbound-interface eth3 | |
| source { | |
| address 10.0.0.0/24 | |
| } | |
| translation { | |
| address masquerade | |
| } | |
| } | |
| } | |
| } | |
| service { | |
| dhcp-server { | |
| shared-network-name LAN { | |
| subnet 10.0.0.0/24 { | |
| default-router 10.0.0.1 | |
| domain-name vyos.net | |
| lease 86400 | |
| name-server 10.0.0.1 | |
| range 0 { | |
| start 10.0.0.100 | |
| stop 10.0.0.254 | |
| } | |
| } | |
| } | |
| } | |
| dns { | |
| forwarding { | |
| allow-from 10.0.0.0/24 | |
| cache-size 0 | |
| listen-address 10.0.0.1 | |
| name-server 1.1.1.1 | |
| name-server 1.0.0.1 | |
| name-server 8.8.8.8 | |
| name-server 8.8.4.4 | |
| } | |
| } | |
| ssh { | |
| port 22 | |
| } | |
| } | |
| system { | |
| config-management { | |
| commit-revisions 100 | |
| } | |
| conntrack { | |
| modules { | |
| ftp | |
| h323 | |
| nfs | |
| pptp | |
| sip | |
| sqlnet | |
| tftp | |
| } | |
| } | |
| console { | |
| device ttyS0 { | |
| speed 115200 | |
| } | |
| } | |
| host-name vyos | |
| login { ... } | |
| name-server 10.0.0.1 | |
| ntp { | |
| server time1.vyos.net { | |
| } | |
| server time2.vyos.net { | |
| } | |
| server time3.vyos.net { | |
| } | |
| } | |
| syslog { | |
| global { | |
| facility all { | |
| level info | |
| } | |
| facility protocols { | |
| level debug | |
| } | |
| } | |
| } | |
| } | |
| zone-policy { | |
| zone LAN { | |
| default-action drop | |
| from LOCAL { | |
| firewall { | |
| name LOCAL-LAN | |
| } | |
| } | |
| from WAN { | |
| firewall { | |
| name WAN-LAN | |
| } | |
| } | |
| interface eth2 | |
| } | |
| zone LOCAL { | |
| default-action drop | |
| from LAN { | |
| firewall { | |
| name LAN-LOCAL | |
| } | |
| } | |
| from WAN { | |
| firewall { | |
| name WAN-LOCAL | |
| } | |
| } | |
| local-zone | |
| } | |
| zone WAN { | |
| default-action drop | |
| from LAN { | |
| firewall { | |
| name LAN-WAN | |
| } | |
| } | |
| from LOCAL { | |
| firewall { | |
| name LOCAL-WAN | |
| } | |
| } | |
| interface eth3 | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment