API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 26th, 2016
273
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.21 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name VLAN5_IN {
  9. default-action accept
  10. description ""
  11. enable-default-log
  12. rule 1 {
  13. action accept
  14. description "Accept Established/Related"
  15. log enable
  16. protocol all
  17. state {
  18. established enable
  19. invalid disable
  20. new disable
  21. related enable
  22. }
  23. }
  24. rule 2 {
  25. action drop
  26. description "DROP 192.168.1.0/24"
  27. destination {
  28. address 192.168.1.0/24
  29. }
  30. log enable
  31. protocol all
  32. }
  33. }
  34. name VLAN5_LOCAL {
  35. default-action drop
  36. description ""
  37. enable-default-log
  38. rule 1 {
  39. action accept
  40. description "ACCEPT DNS"
  41. destination {
  42. port 53
  43. }
  44. log enable
  45. protocol udp
  46. }
  47. rule 2 {
  48. action accept
  49. description "ACCEPT DHCP"
  50. destination {
  51. port 67
  52. }
  53. log enable
  54. protocol udp
  55. }
  56. }
  57. name WAN_IN {
  58. default-action drop
  59. description "WAN to internal"
  60. enable-default-log
  61. rule 10 {
  62. action accept
  63. description "Allow established/related"
  64. state {
  65. established enable
  66. related enable
  67. }
  68. }
  69. rule 20 {
  70. action drop
  71. description "Drop invalid state"
  72. log enable
  73. state {
  74. invalid enable
  75. }
  76. }
  77. rule 21 {
  78. action accept
  79. description http-80-mogwai
  80. destination {
  81. address 192.168.1.5
  82. port 80
  83. }
  84. log enable
  85. protocol tcp
  86. }
  87. rule 22 {
  88. action accept
  89. description https-443-mogwai
  90. destination {
  91. address 192.168.1.5
  92. port 443
  93. }
  94. log enable
  95. protocol tcp
  96. }
  97. rule 23 {
  98. action accept
  99. description ssh-246-mogwai
  100. destination {
  101. address 192.168.1.5
  102. port 246
  103. }
  104. log enable
  105. protocol tcp
  106. }
  107. }
  108. name WAN_LOCAL {
  109. default-action drop
  110. description "WAN to router"
  111. rule 10 {
  112. action accept
  113. description "Allow established/related"
  114. state {
  115. established enable
  116. related enable
  117. }
  118. }
  119. rule 20 {
  120. action drop
  121. description "Drop invalid state"
  122. state {
  123. invalid enable
  124. }
  125. }
  126. }
  127. receive-redirects disable
  128. send-redirects enable
  129. source-validation disable
  130. syn-cookies enable
  131. }
  132. interfaces {
  133. ethernet eth0 {
  134. address 75.75.75.75/24
  135. description Internet
  136. duplex auto
  137. firewall {
  138. in {
  139. name WAN_IN
  140. }
  141. local {
  142. name WAN_LOCAL
  143. }
  144. }
  145. speed auto
  146. }
  147. ethernet eth1 {
  148. description Local
  149. duplex auto
  150. speed auto
  151. }
  152. ethernet eth2 {
  153. description Local
  154. duplex auto
  155. speed auto
  156. }
  157. ethernet eth3 {
  158. description Local
  159. duplex auto
  160. speed auto
  161. }
  162. ethernet eth4 {
  163. description Local
  164. duplex auto
  165. speed auto
  166. }
  167. loopback lo {
  168. }
  169. switch switch0 {
  170. address 192.168.1.254/24
  171. description Local
  172. mtu 1500
  173. switch-port {
  174. interface eth1 {
  175. vlan {
  176. vid 5
  177. vid 10
  178. }
  179. }
  180. interface eth2 {
  181. vlan {
  182. vid 10
  183. }
  184. }
  185. interface eth3 {
  186. }
  187. interface eth4 {
  188. }
  189. vlan-aware enable
  190. }
  191. vif 5 {
  192. address 192.168.5.254/24
  193. description VLAN5
  194. firewall {
  195. in {
  196. name VLAN5_IN
  197. }
  198. local {
  199. name VLAN5_LOCAL
  200. }
  201. }
  202. mtu 1500
  203. }
  204. vif 10 {
  205. address 192.168.10.254/24
  206. description VLAN10
  207. mtu 1500
  208. }
  209. }
  210. }
  211. protocols {
  212. static {
  213. }
  214. }
  215. service {
  216. dhcp-server {
  217. disabled false
  218. hostfile-update disable
  219. shared-network-name VLAN5_DHCP {
  220. authoritative disable
  221. subnet 192.168.5.0/24 {
  222. default-router 192.168.5.254
  223. dns-server 4.2.2.2
  224. dns-server 8.8.8.8
  225. lease 86400
  226. start 192.168.5.100 {
  227. stop 192.168.5.105
  228. }
  229. unifi-controller 192.168.1.5
  230. }
  231. }
  232. shared-network-name VLAN10_DHCP {
  233. subnet 192.168.10.0/24 {
  234. default-router 192.168.10.254
  235. dns-server 4.2.2.2
  236. start 192.168.10.201 {
  237. stop 192.168.10.203
  238. }
  239. }
  240. }
  241. use-dnsmasq disable
  242. }
  243. dns {
  244. forwarding {
  245. cache-size 150
  246. listen-on eth1
  247. listen-on switch0
  248. listen-on switch0.5
  249. }
  250. }
  251. gui {
  252. http-port 80
  253. https-port 443
  254. older-ciphers enable
  255. }
  256. nat {
  257. rule 1 {
  258. description http-80-mogwai
  259. destination {
  260. address 75.75.75.75
  261. port 80
  262. }
  263. inbound-interface eth0
  264. inside-address {
  265. address 192.168.1.5
  266. port 80
  267. }
  268. log enable
  269. protocol tcp
  270. type destination
  271. }
  272. rule 2 {
  273. description https-443-mogwai
  274. destination {
  275. address 75.75.75.75
  276. port 443
  277. }
  278. inbound-interface eth0
  279. inside-address {
  280. address 192.168.1.5
  281. port 443
  282. }
  283. log enable
  284. protocol tcp
  285. type destination
  286. }
  287. rule 3 {
  288. description ssh-246-mogwai
  289. destination {
  290. address 75.75.75.75
  291. port 246
  292. }
  293. inbound-interface eth0
  294. inside-address {
  295. address 192.168.1.5
  296. port 246
  297. }
  298. log enable
  299. protocol tcp
  300. type destination
  301. }
  302. rule 5010 {
  303. description "masquerade for WAN"
  304. outbound-interface eth0
  305. type masquerade
  306. }
  307. }
  308. snmp {
  309. community public {
  310. }
  311. }
  312. ssh {
  313. port 22
  314. protocol-version v2
  315. }
  316. }
  317. system {
  318. domain-name local
  319. gateway-address 75.75.75.1
  320. host-name ubnt
  321. login {
  322. user ubnt {
  323. FOOBAR
  324. }
  325. }
  326. name-server 192.168.1.30
  327. name-server 4.2.2.2
  328. ntp {
  329. server 0.ubnt.pool.ntp.org {
  330. }
  331. server 1.ubnt.pool.ntp.org {
  332. }
  333. server 2.ubnt.pool.ntp.org {
  334. }
  335. server 3.ubnt.pool.ntp.org {
  336. }
  337. }
  338. syslog {
  339. global {
  340. facility all {
  341. level notice
  342. }
  343. facility protocols {
  344. level debug
  345. }
  346. }
  347. host 192.168.1.5 {
  348. facility all {
  349. level warning
  350. }
  351. }
  352. }
  353. time-zone America/Los_Angeles
  354. traffic-analysis {
  355. dpi enable
  356. export enable
  357. }
  358. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!