Last active
August 14, 2016 07:29
-
-
Save khayama-zz/e2f4422ceae27d54e33c42d12820ef5b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#firewall basic | |
set firewall all-ping enable | |
set firewall broadcast-ping disable | |
set firewall config-trap disable | |
set firewall ipv6-receive-redirects disable | |
set firewall ipv6-src-route disable | |
set firewall ip-src-route disable | |
set firewall log-martians enable | |
set firewall receive-redirects disable | |
set firewall send-redirects enable | |
set firewall source-validation disable | |
set firewall syn-cookies enable | |
set firewall twa-hazards-protection disable | |
#Make the firewall stateful (global configuration): | |
set firewall state-policy established action 'accept' | |
set firewall state-policy related action 'accept' | |
#interface basic | |
set interfaces ethernet eth0 address 10.xx.xx.xx/xx | |
set interfaces ethernet eth0 description Private | |
set interfaces ethernet eth0 duplex auto | |
set interfaces ethernet eth0 smp_affinity auto | |
set interfaces ethernet eth0 speed auto | |
set interfaces ethernet eth1 address xx.xx.xx.xx/xx | |
set interfaces ethernet eth1 description Public | |
set interfaces ethernet eth1 duplex auto | |
set interfaces ethernet eth1 smp_affinity auto | |
set interfaces ethernet eth1 speed auto | |
#static route | |
set protocols static route 10.0.0.0/8 next-hop 10.xx.xx.xx(private gateway) | |
#system service | |
set service ssh port 20022 | |
set system ntp server time.service.networklayer.com | |
set system name-server 10.0.80.11 | |
set system name-server 10.0.80.12 | |
set system domain-name softlayer.com | |
set system time-zone Asia/Tokyo | |
set system gateway-address xx.xx.xx.xx(public gateway) | |
set system syslog global facility all level notice | |
set system ipv6 blacklist | |
#change password | |
set system login user vyos authentication plaintext-password password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment