-
-
Save dweomer21/b11c8ccc53e9ffaca72743351a71dcab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-name WANv6_IN { | |
default-action drop | |
description "WAN inbound traffic forwarded to LAN" | |
enable-default-log { | |
} | |
rule 10 { | |
action accept | |
description "Allow established/related sessions" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
ipv6-name WANv6_LOCAL { | |
default-action drop | |
description "WAN inbound traffic to the router" | |
enable-default-log { | |
} | |
rule 10 { | |
action accept | |
description "Allow established/related sessions" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow IPv6 icmp" | |
protocol ipv6-icmp | |
} | |
rule 40 { | |
action accept | |
description "allow dhcpv6" | |
destination { | |
port 546 | |
} | |
protocol udp | |
source { | |
port 547 | |
} | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name WAN_IN { | |
default-action drop | |
description "WAN to internal" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN to router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
options { | |
mss-clamp { | |
mss 1412 | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
duplex auto | |
speed auto | |
vif 201 { | |
description "Internet (PPPoE)" | |
pppoe 0 { | |
default-route auto | |
firewall { | |
in { | |
ipv6-name WANv6_IN | |
name WAN_IN | |
} | |
local { | |
ipv6-name WANv6_LOCAL | |
name WAN_LOCAL | |
} | |
} | |
mtu 1492 | |
name-server auto | |
password hunter2 | |
user-id username@qwest.net | |
} | |
} | |
} | |
ethernet eth1 { | |
address 192.168.1.1/24 | |
description Local | |
duplex auto | |
speed auto | |
} | |
ethernet eth2 { | |
address 192.168.2.1/24 | |
description "Local 2" | |
duplex auto | |
speed auto | |
} | |
loopback lo | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name LAN1 { | |
authoritative enable | |
subnet 192.168.1.0/24 { | |
default-router 192.168.1.1 | |
dns-server 192.168.1.1 | |
lease 86400 | |
start 192.168.1.38 { | |
stop 192.168.1.243 | |
} | |
} | |
} | |
shared-network-name LAN2 { | |
authoritative enable | |
subnet 192.168.2.0/24 { | |
default-router 192.168.2.1 | |
dns-server 192.168.2.1 | |
lease 86400 | |
start 192.168.2.38 { | |
stop 192.168.2.243 | |
} | |
} | |
} | |
static-arp disable | |
use-dnsmasq disable | |
} | |
dns { | |
forwarding { | |
cache-size 150 | |
listen-on eth1 | |
listen-on eth2 | |
} | |
} | |
gui { | |
http-port 80 | |
https-port 443 | |
older-ciphers enable | |
} | |
nat { | |
rule 5010 { | |
description "masquerade for WAN" | |
outbound-interface pppoe0 | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
unms { | |
connection URLandCreds | |
} | |
} | |
system { | |
host-name ubnt | |
login { | |
user ben { | |
authentication { | |
encrypted-password hunter2 | |
plaintext-password "" | |
} | |
full-name "System User" | |
level admin | |
} | |
user unms { | |
authentication { | |
encrypted-password hunter2 | |
plaintext-password "" | |
} | |
level admin | |
} | |
} | |
ntp { | |
server 0.ubnt.pool.ntp.org | |
server 1.ubnt.pool.ntp.org | |
server 2.ubnt.pool.ntp.org | |
server 3.ubnt.pool.ntp.org | |
} | |
offload { | |
hwnat disable | |
ipv4 { | |
forwarding enable | |
pppoe enable | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone UTC | |
} | |
/* Warning: Do not remove the following line. */ | |
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === */ | |
/* Release version: v2.0.9-beta.5.5315713.200714.0807 */ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment