Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name VLAN5_IN {
- default-action accept
- description ""
- enable-default-log
- rule 1 {
- action accept
- description "Accept Established/Related"
- log enable
- protocol all
- state {
- established enable
- invalid disable
- new disable
- related enable
- }
- }
- rule 2 {
- action drop
- description "DROP 192.168.1.0/24"
- destination {
- address 192.168.1.0/24
- }
- log enable
- protocol all
- }
- }
- name VLAN5_LOCAL {
- default-action drop
- description ""
- enable-default-log
- rule 1 {
- action accept
- description "ACCEPT DNS"
- destination {
- port 53
- }
- log enable
- protocol udp
- }
- rule 2 {
- action accept
- description "ACCEPT DHCP"
- destination {
- port 67
- }
- log enable
- protocol udp
- }
- }
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- log enable
- state {
- invalid enable
- }
- }
- rule 21 {
- action accept
- description http-80-mogwai
- destination {
- address 192.168.1.5
- port 80
- }
- log enable
- protocol tcp
- }
- rule 22 {
- action accept
- description https-443-mogwai
- destination {
- address 192.168.1.5
- port 443
- }
- log enable
- protocol tcp
- }
- rule 23 {
- action accept
- description ssh-246-mogwai
- destination {
- address 192.168.1.5
- port 246
- }
- log enable
- protocol tcp
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- ethernet eth0 {
- address 75.75.75.75/24
- description Internet
- duplex auto
- firewall {
- in {
- name WAN_IN
- }
- local {
- name WAN_LOCAL
- }
- }
- speed auto
- }
- ethernet eth1 {
- description Local
- duplex auto
- speed auto
- }
- ethernet eth2 {
- description Local
- duplex auto
- speed auto
- }
- ethernet eth3 {
- description Local
- duplex auto
- speed auto
- }
- ethernet eth4 {
- description Local
- duplex auto
- speed auto
- }
- loopback lo {
- }
- switch switch0 {
- address 192.168.1.254/24
- description Local
- mtu 1500
- switch-port {
- interface eth1 {
- vlan {
- vid 5
- vid 10
- }
- }
- interface eth2 {
- vlan {
- vid 10
- }
- }
- interface eth3 {
- }
- interface eth4 {
- }
- vlan-aware enable
- }
- vif 5 {
- address 192.168.5.254/24
- description VLAN5
- firewall {
- in {
- name VLAN5_IN
- }
- local {
- name VLAN5_LOCAL
- }
- }
- mtu 1500
- }
- vif 10 {
- address 192.168.10.254/24
- description VLAN10
- mtu 1500
- }
- }
- }
- protocols {
- static {
- }
- }
- service {
- dhcp-server {
- disabled false
- hostfile-update disable
- shared-network-name VLAN5_DHCP {
- authoritative disable
- subnet 192.168.5.0/24 {
- default-router 192.168.5.254
- dns-server 4.2.2.2
- dns-server 8.8.8.8
- lease 86400
- start 192.168.5.100 {
- stop 192.168.5.105
- }
- unifi-controller 192.168.1.5
- }
- }
- shared-network-name VLAN10_DHCP {
- subnet 192.168.10.0/24 {
- default-router 192.168.10.254
- dns-server 4.2.2.2
- start 192.168.10.201 {
- stop 192.168.10.203
- }
- }
- }
- use-dnsmasq disable
- }
- dns {
- forwarding {
- cache-size 150
- listen-on eth1
- listen-on switch0
- listen-on switch0.5
- }
- }
- gui {
- http-port 80
- https-port 443
- older-ciphers enable
- }
- nat {
- rule 1 {
- description http-80-mogwai
- destination {
- address 75.75.75.75
- port 80
- }
- inbound-interface eth0
- inside-address {
- address 192.168.1.5
- port 80
- }
- log enable
- protocol tcp
- type destination
- }
- rule 2 {
- description https-443-mogwai
- destination {
- address 75.75.75.75
- port 443
- }
- inbound-interface eth0
- inside-address {
- address 192.168.1.5
- port 443
- }
- log enable
- protocol tcp
- type destination
- }
- rule 3 {
- description ssh-246-mogwai
- destination {
- address 75.75.75.75
- port 246
- }
- inbound-interface eth0
- inside-address {
- address 192.168.1.5
- port 246
- }
- log enable
- protocol tcp
- type destination
- }
- rule 5010 {
- description "masquerade for WAN"
- outbound-interface eth0
- type masquerade
- }
- }
- snmp {
- community public {
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- }
- system {
- domain-name local
- gateway-address 75.75.75.1
- host-name ubnt
- login {
- user ubnt {
- FOOBAR
- }
- }
- name-server 192.168.1.30
- name-server 4.2.2.2
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- host 192.168.1.5 {
- facility all {
- level warning
- }
- }
- }
- time-zone America/Los_Angeles
- traffic-analysis {
- dpi enable
- export enable
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement