Last active
December 27, 2018 22:11
-
-
Save aalmada/a76ab421855e3d52d179db7911cf1b7a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
group { | |
network-group UDP_MULTICAST { | |
description "" | |
network 232.0.0.0/8 | |
network 235.0.0.0/8 | |
network 239.0.0.0/8 | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name WAN_IN { | |
default-action drop | |
description "WAN to internal" | |
rule 10 { | |
action accept | |
description "Allow IGMP" | |
log disable | |
protocol igmp | |
} | |
rule 20 { | |
action accept | |
description "Allow UDP multicast" | |
destination { | |
group { | |
network-group UDP_MULTICAST | |
} | |
} | |
log disable | |
protocol udp | |
source { | |
address 10.0.0.0/8 | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 40 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to router" | |
rule 20 { | |
action accept | |
description "Allow IGMP" | |
log disable | |
protocol igmp | |
} | |
rule 30 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 40 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
description WAN | |
duplex auto | |
speed auto | |
vif 12 { | |
address dhcp | |
description "MEO Fibra" | |
firewall { | |
in { | |
name WAN_IN | |
} | |
local { | |
name WAN_LOCAL | |
} | |
} | |
} | |
} | |
ethernet eth1 { | |
address 192.168.100.1/24 | |
description LAN | |
duplex auto | |
speed auto | |
} | |
ethernet eth2 { | |
address 192.168.200.1/24 | |
description IPTV | |
duplex auto | |
speed auto | |
} | |
loopback lo { | |
} | |
} | |
protocols { | |
igmp-proxy { | |
interface eth0 { | |
alt-subnet 0.0.0.0/0 | |
role upstream | |
threshold 1 | |
} | |
interface eth1 { | |
role disabled | |
threshold 1 | |
} | |
interface eth2 { | |
alt-subnet 0.0.0.0/0 | |
role downstream | |
threshold 1 | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name LAN1 { | |
authoritative enable | |
subnet 192.168.100.0/24 { | |
default-router 192.168.100.1 | |
dns-server 192.168.100.1 | |
lease 86400 | |
start 192.168.100.38 { | |
stop 192.168.100.243 | |
} | |
} | |
} | |
shared-network-name LAN2 { | |
authoritative enable | |
subnet 192.168.200.0/24 { | |
default-router 192.168.200.1 | |
dns-server 192.168.200.1 | |
lease 86400 | |
start 192.168.200.38 { | |
stop 192.168.200.243 | |
} | |
} | |
} | |
static-arp disable | |
use-dnsmasq disable | |
} | |
dns { | |
forwarding { | |
cache-size 150 | |
listen-on eth1 | |
listen-on eth2 | |
} | |
} | |
gui { | |
http-port 80 | |
https-port 443 | |
older-ciphers enable | |
} | |
nat { | |
rule 5010 { | |
description "masquerade for WAN" | |
outbound-interface eth0.12 | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
} | |
system { | |
host-name ubnt | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone UTC | |
traffic-analysis { | |
dpi enable | |
export enable | |
} | |
} | |
/* Release version: v1.10.8.5142440.181120.1645 */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment