Created
August 22, 2014 23:08
-
-
Save tioan/a39c8c065194326e256a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
firewall { | |
all-ping enable | |
broadcast-ping disable | |
group { | |
network-group BOGONS { | |
description "Invalid WAN networks" | |
network 10.0.0.0/8 | |
network 100.64.0.0/10 | |
network 127.0.0.0/8 | |
network 169.254.0.0/16 | |
network 172.16.0.0/12 | |
network 192.0.0.0/24 | |
network 192.0.2.0/24 | |
network 192.168.0.0/16 | |
network 198.18.0.0/15 | |
network 198.51.100.0/24 | |
network 203.0.113.0/24 | |
network 224.0.0.0/3 | |
} | |
} | |
ipv6-receive-redirects disable | |
ipv6-src-route disable | |
ip-src-route disable | |
log-martians enable | |
name LAN_IN { | |
default-action accept | |
description "Wired network to other networks." | |
} | |
name LAN_LOCAL { | |
default-action accept | |
description "Wired network to router." | |
} | |
name WAN_IN { | |
default-action drop | |
description "Internet to internal networks" | |
enable-default-log | |
rule 1 { | |
action accept | |
description "allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 2 { | |
action drop | |
description "drop invalid" | |
log enable | |
state { | |
invalid enable | |
} | |
} | |
rule 3 { | |
action drop | |
description "drop BOGON source" | |
log enable | |
protocol all | |
source { | |
group { | |
network-group BOGONS | |
} | |
} | |
} | |
} | |
name WAN_LOCAL { | |
default-action drop | |
description "Internet to router" | |
enable-default-log | |
rule 1 { | |
action accept | |
description "allow established/related" | |
log disable | |
state { | |
established enable | |
related enable | |
} | |
} | |
rule 2 { | |
action accept | |
description "Allow ssh" | |
destination { | |
port ssh | |
} | |
log disable | |
protocol tcp_udp | |
} | |
rule 3 { | |
action drop | |
description "drop invalid" | |
log enable | |
state { | |
invalid enable | |
} | |
} | |
rule 4 { | |
action drop | |
description "drop BOGON source" | |
log enable | |
protocol all | |
source { | |
group { | |
network-group BOGONS | |
} | |
} | |
} | |
rule 5 { | |
action accept | |
description "rate limit ICMP 50/m" | |
limit { | |
burst 1 | |
rate 50/minute | |
} | |
log enable | |
protocol icmp | |
} | |
} | |
name WLAN_IN { | |
default-action accept | |
description "Wireless network to other networks" | |
} | |
name WLAN_LOCAL { | |
default-action accept | |
description "Wireless network to router." | |
} | |
receive-redirects disable | |
send-redirects enable | |
source-validation disable | |
syn-cookies enable | |
} | |
interfaces { | |
ethernet eth0 { | |
duplex auto | |
speed auto | |
vif 89 { | |
address 192.168.89.1/24 | |
address 2001:470:70b2:89::/64 | |
description LAN | |
firewall { | |
in { | |
name LAN_IN | |
} | |
local { | |
name LAN_LOCAL | |
} | |
} | |
ipv6 { | |
dup-addr-detect-transmits 1 | |
router-advert { | |
cur-hop-limit 64 | |
default-preference high | |
link-mtu 1280 | |
managed-flag false | |
max-interval 600 | |
other-config-flag false | |
prefix 2001:470:70b2:89::/64 { | |
autonomous-flag true | |
on-link-flag true | |
valid-lifetime 2592000 | |
} | |
reachable-time 0 | |
retrans-timer 0 | |
send-advert true | |
} | |
} | |
} | |
vif 90 { | |
address 192.168.90.1/24 | |
address 2001:470:70b2:90::/64 | |
description WLAN | |
firewall { | |
in { | |
name WLAN_IN | |
} | |
local { | |
name WLAN_LOCAL | |
} | |
} | |
} | |
vif 100 { | |
address 2001:470:70b2:100::/64 | |
address 192.168.100.1/24 | |
description "untrusted Devices" | |
} | |
vif 189 { | |
address 192.168.189.1/24 | |
address 2001:470:70b2:189::/64 | |
description "LAN - VPN Exit" | |
} | |
vif 190 { | |
address 192.168.190.1/24 | |
address 2001:470:70b2:190::/64 | |
description "WLAN - VPN Exit" | |
} | |
vif 200 { | |
address 2001:470:70b2:200::/64 | |
address 192.168.200.1/24 | |
description DMZ | |
} | |
vif 400 { | |
address 192.168.222.1/24 | |
description "IPv4 only" | |
} | |
vif 600 { | |
address 2001:470:70b2:600::/64 | |
description "IPv6 only" | |
} | |
} | |
ethernet eth1 { | |
address dhcp | |
description WAN | |
duplex auto | |
firewall { | |
in { | |
name WAN_IN | |
} | |
local { | |
name WAN_LOCAL | |
} | |
} | |
speed auto | |
} | |
ethernet eth2 { | |
duplex auto | |
speed auto | |
} | |
loopback lo { | |
} | |
tunnel tun0 { | |
address 2001:470:1f0a:143::2/64 | |
description "HE.NET IPv6 Tunnel" | |
encapsulation sit | |
local-ip 178.200.30.165 | |
multicast disable | |
remote-ip 216.66.80.30 | |
ttl 255 | |
} | |
} | |
port-forward { | |
auto-firewall enable | |
hairpin-nat enable | |
lan-interface eth0.89 | |
rule 1 { | |
description "DSM Webinterface" | |
forward-to { | |
address 192.168.89.20 | |
port 5001 | |
} | |
original-port 5001 | |
protocol tcp_udp | |
} | |
wan-interface eth1 | |
} | |
protocols { | |
static { | |
interface-route6 ::/0 { | |
next-hop-interface tun0 { | |
} | |
} | |
} | |
} | |
service { | |
dhcp-server { | |
disabled false | |
hostfile-update disable | |
shared-network-name LAN { | |
authoritative enable | |
description "LAN - VLAN 89" | |
subnet 192.168.89.9/24 { | |
default-router 192.168.89.1 | |
dns-server 192.168.89.1 | |
lease 86400 | |
ntp-server 192.168.89.1 | |
start 192.168.89.100 { | |
stop 192.168.89.200 | |
} | |
time-server 192.168.89.1 | |
} | |
} | |
shared-network-name WLAN { | |
authoritative disable | |
description "WLAN - VLAN 90" | |
subnet 192.168.90.0/24 { | |
default-router 192.168.90.1 | |
dns-server 192.168.90.1 | |
lease 86400 | |
ntp-server 192.168.90.1 | |
start 192.168.90.100 { | |
stop 192.168.90.200 | |
} | |
time-server 192.168.90.1 | |
} | |
} | |
} | |
dns { | |
forwarding { | |
cache-size 150 | |
listen-on eth0.89 | |
listen-on eth0.100 | |
listen-on eth0.90 | |
system | |
} | |
} | |
gui { | |
https-port 443 | |
listen-address 192.168.89.1 | |
listen-address 192.168.90.1 | |
} | |
nat { | |
rule 5010 { | |
description "WAN MASQ" | |
log disable | |
outbound-interface eth1 | |
protocol all | |
type masquerade | |
} | |
} | |
ssh { | |
port 22 | |
protocol-version v2 | |
} | |
upnp2 { | |
listen-on eth0.89 | |
nat-pmp enable | |
secure-mode disable | |
wan eth1 | |
} | |
} | |
system { | |
domain-name home.tioan.org | |
host-name erl-001 | |
login { | |
user tioan { | |
authentication { | |
encrypted-password $6$xu3hM5Hjb9wJJlls$mj9.JhC93MeVosJ0pdDaM7BJ/M6EwGpkCOlDp0Bz.pxaf5c2AuiyPtGt12ISaceQ.pD2mcLh2BC0yKHU0/4o3. | |
plaintext-password "" | |
} | |
full-name "Mattheus Happe" | |
level admin | |
} | |
} | |
name-server 8.8.8.8 | |
name-server 8.8.4.4 | |
ntp { | |
server 0.ubnt.pool.ntp.org { | |
} | |
server 1.ubnt.pool.ntp.org { | |
} | |
server 2.ubnt.pool.ntp.org { | |
} | |
server 3.ubnt.pool.ntp.org { | |
} | |
} | |
package { | |
repository squeeze { | |
components "main contrib non-free" | |
distribution squeeze | |
password "" | |
url http://http.us.debian.org/debian | |
username "" | |
} | |
repository squeeze-security { | |
components main | |
distribution squeeze/updates | |
password "" | |
url http://security.debian.org | |
username "" | |
} | |
} | |
syslog { | |
global { | |
facility all { | |
level notice | |
} | |
facility protocols { | |
level debug | |
} | |
} | |
} | |
time-zone Europe/Berlin | |
} | |
/* Warning: Do not remove the following line. */ | |
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */ | |
/* Release version: v1.5.0.4677648.140620.1301 */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment