rlerdorf · October 28, 2022 20:38
diff --git a/config.boot b/config.boot
 set firewall interface eth0 in ipv6-name 'WAN-IN'
 set firewall interface eth0 in name 'WAN-IN'
 set firewall interface eth0 local ipv6-name 'WAN-LOCAL'
 set firewall interface eth0 local name 'WAN-LOCAL'
 set firewall ipv6-name WAN-IN default-action 'drop'
 set firewall ipv6-name WAN-IN rule 10 action 'accept'
 set firewall ipv6-name WAN-IN rule 10 state established 'enable'
 set firewall ipv6-name WAN-IN rule 10 state related 'enable'
 set firewall ipv6-name WAN-IN rule 20 action 'accept'
 set firewall ipv6-name WAN-IN rule 20 protocol 'icmpv6'
 set firewall ipv6-name WAN-LOCAL default-action 'drop'
 set firewall ipv6-name WAN-LOCAL rule 10 action 'accept'
 set firewall ipv6-name WAN-LOCAL rule 10 state established 'enable'
 set firewall ipv6-name WAN-LOCAL rule 10 state related 'enable'
 set firewall ipv6-name WAN-LOCAL rule 20 action 'accept'
 set firewall ipv6-name WAN-LOCAL rule 20 protocol 'icmpv6'
 set firewall ipv6-name WAN-LOCAL rule 30 action 'accept'
 set firewall ipv6-name WAN-LOCAL rule 30 destination port '546'
 set firewall ipv6-name WAN-LOCAL rule 30 protocol 'udp'
 set firewall ipv6-name WAN-LOCAL rule 30 source port '547'
 set firewall name WAN-IN default-action 'drop'
 set firewall name WAN-IN rule 10 action 'accept'
 set firewall name WAN-IN rule 10 state established 'enable'
 set firewall name WAN-IN rule 10 state related 'enable'
 set firewall name WAN-LOCAL default-action 'drop'
 set firewall name WAN-LOCAL rule 10 action 'accept'
 set firewall name WAN-LOCAL rule 10 state established 'enable'
 set firewall name WAN-LOCAL rule 10 state related 'enable'
 set firewall name WAN-LOCAL rule 20 action 'accept'
 set firewall name WAN-LOCAL rule 20 icmp type-name 'echo-request'
 set firewall name WAN-LOCAL rule 20 protocol 'icmp'
 set firewall name WAN-LOCAL rule 20 state new 'enable'
 set interfaces ethernet eth0 address 'dhcp'
 set interfaces ethernet eth0 address 'dhcpv6'
 set interfaces ethernet eth0 description 'WAN'
 set interfaces ethernet eth0 dhcpv6-options duid '0f:10:03:71:00:a1:27:71:db:f0:fa:f1:56:bf:67:02'
 set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0'
 set interfaces ethernet eth0 dhcpv6-options pd 0 length '63'
 set interfaces ethernet eth0 hw-id '7c:2b:e1:13:14:51'
 set interfaces ethernet eth0 ipv6 address autoconf
 set interfaces ethernet eth1 address '192.168.200.1/24'
 set interfaces ethernet eth1 description 'LAN'
 set interfaces ethernet eth1 hw-id '7c:2b:e1:13:14:52'
 set interfaces ethernet eth2 hw-id '7c:2b:e1:13:14:53'
 set interfaces ethernet eth3 hw-id '7c:2b:e1:13:14:54'
 set interfaces loopback lo
 set nat source rule 100 outbound-interface 'eth0'
 set nat source rule 100 source address '192.168.200.0/24'
 set nat source rule 100 translation address 'masquerade'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 default-router '192.168.200.1'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 domain-name 'lerdorf.com'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 lease '86400'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 name-server '192.168.200.1'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 range 0 start '192.168.200.50'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 range 0 stop '192.168.200.254'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping debry ip-address '192.168.200.4'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping debry mac-address '80:61:5f:10:f4:6e'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping key ip-address '192.168.200.3'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping key mac-address '78:45:58:dc:ee:15'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas ip-address '192.168.200.2'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas mac-address '80:61:5f:15:47:76'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas-ipmi ip-address '192.168.200.39'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas-ipmi mac-address '00:25:90:d5:48:75'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping sprinkle ip-address '192.168.200.7'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping sprinkle mac-address '00:04:a3:03:9e:5a'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping switch ip-address '192.168.200.10'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping switch mac-address 'd8:ec:e5:8a:69:56'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping syslog ip-address '192.168.200.6'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping syslog mac-address '82:61:5f:84:9c:5e'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping thinkpad ip-address '192.168.200.5'
 set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping thinkpad mac-address '50:7b:9d:eb:8c:d4'
 set service dns dynamic interface eth0 service easydns host-name 'home.lerdorf.com'
 set service dns dynamic interface eth0 service easydns login 'rasmus'
 set service dns dynamic interface eth0 service easydns password 'xxxx'
 set service dns forwarding allow-from '192.168.0.0/16'
 set service dns forwarding cache-size '50000'
 set service dns forwarding dhcp 'eth0'
 set service dns forwarding listen-address '192.168.200.1'
 set service dns forwarding system
 set service router-advert interface eth1 prefix ::/64 valid-lifetime '172800'
 set service ssh port '22'
 set system config-management commit-revisions '100'
 set system conntrack modules ftp
 set system conntrack modules h323
 set system conntrack modules nfs
 set system conntrack modules pptp
 set system conntrack modules sip
 set system conntrack modules sqlnet
 set system conntrack modules tftp
 set system console device ttyS0 speed '115200'
 set system domain-name 'lerdorf.com'
 set system domain-search domain 'lerdorf.com'
 set system host-name 'vyos'
 set system login banner post-login ''
 set system login user rasmus authentication public-keys [email protected] key 'AAAAC3NzaC1lZDI1NTE5AAAAIEP/RctKuP6lYcicM68E9hfcjRQx+dyHACDJYHoKAy1N [email protected]'
 set system login user rasmus authentication public-keys [email protected] type 'ssh-ed25519'
 set system name-server '9.9.9.9'
 set system name-server '149.112.112.112'
 set system name-server '2620:fe::fe'
 set system name-server '2620:fe::9'
 set system ntp server time1.vyos.net
 set system ntp server time2.vyos.net
 set system ntp server time3.vyos.net
 set system static-host-mapping host-name debry.lerdorf.com inet '192.168.200.4'
 set system static-host-mapping host-name key.lerdorf.com inet '192.168.200.3'
 set system static-host-mapping host-name nas-ipmi.lerdorf.com inet '192.168.200.39'
 set system static-host-mapping host-name nas.lerdorf.com inet '192.168.200.2'
 set system static-host-mapping host-name router.lerdorf.com inet '192.168.200.1'
 set system static-host-mapping host-name sprinkle.lerdorf.com inet '192.168.200.7'
 set system static-host-mapping host-name switch.lerdorf.com inet '192.168.200.10'
 set system static-host-mapping host-name syslog.lerdorf.com inet '192.168.200.6'
 set system static-host-mapping host-name thinkpad.lerdorf.com inet '192.168.200.5'
 set system syslog global facility all level 'info'
 set system syslog global facility protocols level 'debug'
 set system syslog host 192.168.200.6 facility all level 'all'
 set system syslog host 192.168.200.6 facility all protocol 'tcp'
 set system syslog host 192.168.200.6 port '514'
	set firewall interface eth0 in ipv6-name 'WAN-IN'
	set firewall interface eth0 in name 'WAN-IN'
	set firewall interface eth0 local ipv6-name 'WAN-LOCAL'
	set firewall interface eth0 local name 'WAN-LOCAL'
	set firewall ipv6-name WAN-IN default-action 'drop'
	set firewall ipv6-name WAN-IN rule 10 action 'accept'
	set firewall ipv6-name WAN-IN rule 10 state established 'enable'
	set firewall ipv6-name WAN-IN rule 10 state related 'enable'
	set firewall ipv6-name WAN-IN rule 20 action 'accept'
	set firewall ipv6-name WAN-IN rule 20 protocol 'icmpv6'
	set firewall ipv6-name WAN-LOCAL default-action 'drop'
	set firewall ipv6-name WAN-LOCAL rule 10 action 'accept'
	set firewall ipv6-name WAN-LOCAL rule 10 state established 'enable'
	set firewall ipv6-name WAN-LOCAL rule 10 state related 'enable'
	set firewall ipv6-name WAN-LOCAL rule 20 action 'accept'
	set firewall ipv6-name WAN-LOCAL rule 20 protocol 'icmpv6'
	set firewall ipv6-name WAN-LOCAL rule 30 action 'accept'
	set firewall ipv6-name WAN-LOCAL rule 30 destination port '546'
	set firewall ipv6-name WAN-LOCAL rule 30 protocol 'udp'
	set firewall ipv6-name WAN-LOCAL rule 30 source port '547'
	set firewall name WAN-IN default-action 'drop'
	set firewall name WAN-IN rule 10 action 'accept'
	set firewall name WAN-IN rule 10 state established 'enable'
	set firewall name WAN-IN rule 10 state related 'enable'
	set firewall name WAN-LOCAL default-action 'drop'
	set firewall name WAN-LOCAL rule 10 action 'accept'
	set firewall name WAN-LOCAL rule 10 state established 'enable'
	set firewall name WAN-LOCAL rule 10 state related 'enable'
	set firewall name WAN-LOCAL rule 20 action 'accept'
	set firewall name WAN-LOCAL rule 20 icmp type-name 'echo-request'
	set firewall name WAN-LOCAL rule 20 protocol 'icmp'
	set firewall name WAN-LOCAL rule 20 state new 'enable'
	set interfaces ethernet eth0 address 'dhcp'
	set interfaces ethernet eth0 address 'dhcpv6'
	set interfaces ethernet eth0 description 'WAN'
	set interfaces ethernet eth0 dhcpv6-options duid '0f:10:03:71:00:a1:27:71:db:f0:fa:f1:56:bf:67:02'
	set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0'
	set interfaces ethernet eth0 dhcpv6-options pd 0 length '63'
	set interfaces ethernet eth0 hw-id '7c:2b:e1:13:14:51'
	set interfaces ethernet eth0 ipv6 address autoconf
	set interfaces ethernet eth1 address '192.168.200.1/24'
	set interfaces ethernet eth1 description 'LAN'
	set interfaces ethernet eth1 hw-id '7c:2b:e1:13:14:52'
	set interfaces ethernet eth2 hw-id '7c:2b:e1:13:14:53'
	set interfaces ethernet eth3 hw-id '7c:2b:e1:13:14:54'
	set interfaces loopback lo
	set nat source rule 100 outbound-interface 'eth0'
	set nat source rule 100 source address '192.168.200.0/24'
	set nat source rule 100 translation address 'masquerade'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 default-router '192.168.200.1'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 domain-name 'lerdorf.com'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 lease '86400'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 name-server '192.168.200.1'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 range 0 start '192.168.200.50'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 range 0 stop '192.168.200.254'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping debry ip-address '192.168.200.4'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping debry mac-address '80:61:5f:10:f4:6e'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping key ip-address '192.168.200.3'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping key mac-address '78:45:58:dc:ee:15'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas ip-address '192.168.200.2'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas mac-address '80:61:5f:15:47:76'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas-ipmi ip-address '192.168.200.39'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping nas-ipmi mac-address '00:25:90:d5:48:75'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping sprinkle ip-address '192.168.200.7'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping sprinkle mac-address '00:04:a3:03:9e:5a'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping switch ip-address '192.168.200.10'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping switch mac-address 'd8:ec:e5:8a:69:56'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping syslog ip-address '192.168.200.6'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping syslog mac-address '82:61:5f:84:9c:5e'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping thinkpad ip-address '192.168.200.5'
	set service dhcp-server shared-network-name LAN subnet 192.168.200.0/24 static-mapping thinkpad mac-address '50:7b:9d:eb:8c:d4'
	set service dns dynamic interface eth0 service easydns host-name 'home.lerdorf.com'
	set service dns dynamic interface eth0 service easydns login 'rasmus'
	set service dns dynamic interface eth0 service easydns password 'xxxx'
	set service dns forwarding allow-from '192.168.0.0/16'
	set service dns forwarding cache-size '50000'
	set service dns forwarding dhcp 'eth0'
	set service dns forwarding listen-address '192.168.200.1'
	set service dns forwarding system
	set service router-advert interface eth1 prefix ::/64 valid-lifetime '172800'
	set service ssh port '22'
	set system config-management commit-revisions '100'
	set system conntrack modules ftp
	set system conntrack modules h323
	set system conntrack modules nfs
	set system conntrack modules pptp
	set system conntrack modules sip
	set system conntrack modules sqlnet
	set system conntrack modules tftp
	set system console device ttyS0 speed '115200'
	set system domain-name 'lerdorf.com'
	set system domain-search domain 'lerdorf.com'
	set system host-name 'vyos'
	set system login banner post-login ''
	set system login user rasmus authentication public-keys [email protected] key 'AAAAC3NzaC1lZDI1NTE5AAAAIEP/RctKuP6lYcicM68E9hfcjRQx+dyHACDJYHoKAy1N [email protected]'
	set system login user rasmus authentication public-keys [email protected] type 'ssh-ed25519'
	set system name-server '9.9.9.9'
	set system name-server '149.112.112.112'
	set system name-server '2620:fe::fe'
	set system name-server '2620:fe::9'
	set system ntp server time1.vyos.net
	set system ntp server time2.vyos.net
	set system ntp server time3.vyos.net
	set system static-host-mapping host-name debry.lerdorf.com inet '192.168.200.4'
	set system static-host-mapping host-name key.lerdorf.com inet '192.168.200.3'
	set system static-host-mapping host-name nas-ipmi.lerdorf.com inet '192.168.200.39'
	set system static-host-mapping host-name nas.lerdorf.com inet '192.168.200.2'
	set system static-host-mapping host-name router.lerdorf.com inet '192.168.200.1'
	set system static-host-mapping host-name sprinkle.lerdorf.com inet '192.168.200.7'
	set system static-host-mapping host-name switch.lerdorf.com inet '192.168.200.10'
	set system static-host-mapping host-name syslog.lerdorf.com inet '192.168.200.6'
	set system static-host-mapping host-name thinkpad.lerdorf.com inet '192.168.200.5'
	set system syslog global facility all level 'info'
	set system syslog global facility protocols level 'debug'
	set system syslog host 192.168.200.6 facility all level 'all'
	set system syslog host 192.168.200.6 facility all protocol 'tcp'
	set system syslog host 192.168.200.6 port '514'