-
-
Save kipusoep/b23e9a3e598b8d928d56299b71496416 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
ipv6-name WANv6_IN { | |
default-action drop | |
description "WAN IPv6 naar LAN" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow IPv6 icmp" | |
icmpv6 { | |
type echo-request | |
} | |
protocol ipv6-icmp | |
} | |
} | |
ipv6-name WANv6_LOCAL { | |
default-action drop | |
description "WAN IPv6 naar Router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
rule 30 { | |
action accept | |
description "Allow IPv6 icmp" | |
protocol ipv6-icmp | |
} | |
rule 40 { | |
action accept | |
description "Allow dhcpv6" | |
destination { | |
port 546 | |
} | |
protocol udp | |
source { | |
port 547 | |
} | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name WAN_IN { | |
default-action drop | |
description "WAN naar LAN" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
invalid enable | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "WAN naar Router" | |
rule 10 { | |
action accept | |
description "Allow established/related" | |
log disable | |
state { | |
established enable | |
invalid disable | |
new disable | |
related enable | |
} | |
} | |
rule 20 { | |
action drop | |
description "Drop invalid state" | |
state { | |
established disable | |
invalid enable | |
new disable | |
related disable | |
} | |
} | |
rule 21 { | |
action accept | |
description "Web UI" | |
destination { | |
port 80,443 | |
} | |
log disable | |
protocol tcp | |
} | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
description FTTH | |
duplex auto | |
mtu 1512 | |
speed auto | |
vif 4 { | |
address dhcp | |
description "KPN IPTV" | |
dhcp-options { | |
client-option "send vendor-class-identifier "IPTV_RG";" | |
client-option "request subnet-mask, routers, rfc3442-classless-static-routes;" | |
default-route no-update | |
default-route-distance 210 | |
name-server update | |
} | |
mtu 1500 | |
} | |
vif 6 { | |
description "KPN Internet" | |
mtu 1508 | |
pppoe 0 { | |
default-route auto | |
dhcpv6-pd { | |
no-dns | |
pd 0 { | |
interface eth1 { | |
host-address ::1 | |
no-dns | |
prefix-id :1 | |
service slaac | |
} | |
prefix-length /48 | |
} | |
rapid-commit enable | |
} | |
firewall { | |
in { | |
ipv6-name WANv6_IN | |
name WAN_IN | |
} | |
local { | |
ipv6-name WANv6_LOCAL | |
name WAN_LOCAL | |
} | |
} | |
idle-timeout 180 | |
ipv6 { | |
address { | |
autoconf | |
} | |
dup-addr-detect-transmits 1 | |
enable { | |
} | |
} | |
mtu 1500 | |
name-server auto | |
password kpn | |
user-id <MAC_ADRES_ETH0>@internet | |
} | |
} | |
} | |
ethernet eth1 { | |
address 10.0.0.1/24 | |
description Thuis | |
duplex auto | |
ipv6 { | |
dup-addr-detect-transmits 1 | |
router-advert { | |
cur-hop-limit 64 | |
link-mtu 0 | |
managed-flag false | |
max-interval 600 | |
name-server 2a02:a47f:e000::53 | |
name-server 2a02:a47f:e000::54 | |
other-config-flag false | |
prefix ::/64 { | |
autonomous-flag true | |
on-link-flag true | |
valid-lifetime 2592000 | |
} | |
radvd-options "RDNSS 2a02:a47f:e000::53 2a02:a47f:e000::54 {};" | |
reachable-time 0 | |
retrans-timer 0 | |
send-advert true | |
} | |
} | |
speed auto | |
} | |
ethernet eth2 { | |
description "Niet in gebruik" | |
duplex auto | |
speed auto | |
} | |
loopback lo { | |
} | |
} | |
port-forward { | |
auto-firewall enable | |
hairpin-nat enable | |
lan-interface eth1 | |
rule 1 { | |
description "Diskstation, Domoticz, CouchPotato" | |
forward-to { | |
address 10.0.0.10 | |
} | |
original-port 5000,5001,8084,5050 | |
protocol tcp | |
} | |
rule 2 { | |
description Emby | |
forward-to { | |
address 10.0.0.11 | |
} | |
original-port 8096 | |
protocol tcp | |
} | |
rule 3 { | |
description "L2TP / IPSec VPN Server" | |
forward-to { | |
address 10.0.0.10 | |
} | |
original-port 500,1701,4500 | |
protocol udp | |
} | |
wan-interface pppoe0 | |
} | |
protocols { | |
igmp-proxy { | |
disable-quickleave | |
interface eth0.4 { | |
alt-subnet 0.0.0.0/0 | |
role upstream | |
threshold 1 | |
} | |
interface eth1 { | |
alt-subnet 0.0.0.0/0 | |
role downstream | |
threshold 1 | |
} | |
} | |
static { | |
interface-route6 ::/0 { | |
next-hop-interface pppoe0 { | |
} | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
disabled false | |
global-parameters "option vendor-class-identifier code 60 = string;" | |
global-parameters "option broadcast-address code 28 = ip-address;" | |
hostfile-update disable | |
shared-network-name Thuis { | |
authoritative enable | |
subnet 10.0.0.0/24 { | |
lease 86400 | |
start 10.0.0.20 { | |
stop 10.0.0.254 | |
} | |
static-mapping HarmonyHub { | |
ip-address 10.0.0.204 | |
mac-address 00:04:20:FB:5D:7E | |
} | |
static-mapping nas { | |
ip-address 10.0.0.10 | |
mac-address 00:11:32:52:3E:A7 | |
} | |
static-mapping rpi3 { | |
ip-address 10.0.0.11 | |
mac-address B8:27:EB:2F:6C:BF | |
} | |
} | |
} | |
static-arp disable | |
use-dnsmasq enable | |
} | |
dns { | |
forwarding { | |
cache-size 4000 | |
listen-on eth1 | |
name-server 1.1.1.1 | |
name-server 208.67.220.220 | |
name-server 2a02:a47f:e000::53 | |
name-server 2a02:a47f:e000::54 | |
options listen-address=10.0.0.1 | |
} | |
} | |
gui { | |
http-port 80 | |
https-port 443 | |
older-ciphers enable | |
} | |
nat { | |
rule 5000 { | |
description IPTV | |
destination { | |
address 213.75.112.0/21 | |
} | |
log disable | |
outbound-interface eth0.4 | |
protocol all | |
source { | |
address 10.0.0.0/24 | |
} | |
type masquerade | |
} | |
rule 5010 { | |
description Internet | |
log disable | |
outbound-interface pppoe0 | |
protocol all | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
telnet { | |
port 23 | |
} | |
unms { | |
disable | |
} | |
} | |
system { | |
domain-name thuis.local | |
host-name Thuis | |
login { | |
user <iemand> { | |
authentication { | |
encrypted-password <dingen> | |
plaintext-password "" | |
} | |
level admin | |
} | |
} | |
name-server 127.0.0.1 | |
ntp { | |
server 0.nl.pool.ntp.org { | |
} | |
server 1.nl.pool.ntp.org { | |
} | |
server ntp0.nl.net { | |
} | |
server ntp1.nl.net { | |
} | |
server time.kpn.net { | |
} | |
} | |
offload { | |
hwnat disable | |
ipsec enable | |
ipv4 { | |
forwarding enable | |
gre enable | |
pppoe enable | |
vlan enable | |
} | |
ipv6 { | |
forwarding enable | |
pppoe disable | |
vlan enable | |
} | |
} | |
static-host-mapping { | |
host-name thuis.<een_domein>.nl { | |
alias thuis | |
inet 10.0.0.1 | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone Europe/Amsterdam | |
traffic-analysis { | |
dpi disable | |
export disable | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment