Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- group {
- network-group LocalNetworks {
- description ""
- network 10.0.0.0/8
- network 172.16.0.0/12
- network 192.168.0.0/16
- }
- port-group UnwantedPorts {
- description ""
- port smtp
- port 67-68
- port 135-139
- port 213
- port 389
- port 445
- port 464
- }
- }
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to Internal"
- enable-default-log
- rule 1 {
- action accept
- description "Allow established/related"
- log enable
- protocol all
- state {
- established enable
- invalid disable
- new disable
- related enable
- }
- }
- rule 2 {
- action drop
- description "Drop invalid state"
- log enable
- protocol all
- state {
- established disable
- invalid enable
- new disable
- related disable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- enable-default-log
- rule 1 {
- action accept
- description "Allow established/related"
- log disable
- protocol all
- state {
- established enable
- invalid disable
- new disable
- related enable
- }
- }
- rule 2 {
- action drop
- description "Drop invalid state"
- log disable
- protocol all
- state {
- established disable
- invalid enable
- new disable
- related disable
- }
- }
- }
- name WAN_OUT {
- default-action accept
- enable-default-log
- rule 1 {
- action accept
- description "Allow SMTP to KPN"
- destination {
- address 213.75.63.13
- port 25
- }
- log disable
- protocol tcp
- source {
- address 192.168.2.0/24
- }
- }
- rule 2 {
- action drop
- description "Block unwanted outgoing traffic"
- destination {
- group {
- port-group UnwantedPorts
- }
- }
- log enable
- protocol tcp_udp
- }
- rule 3 {
- action drop
- description "Block private IP-spaces from entering WAN"
- destination {
- group {
- network-group LocalNetworks
- }
- }
- log enable
- protocol all
- }
- }
- options {
- mss-clamp {
- interface-type pppoe
- mss 1412
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- bridge br0 {
- aging 300
- bridged-conntrack disable
- description "br0 - Telefonie"
- hello-time 2
- max-age 20
- priority 32768
- promiscuous disable
- stp false
- }
- bridge br1 {
- aging 300
- bridged-conntrack disable
- description "br1 - IPTV"
- hello-time 2
- max-age 20
- priority 32768
- promiscuous disable
- stp false
- }
- ethernet eth0 {
- description "eth0 - NTU"
- duplex auto
- speed auto
- vif 4 {
- bridge-group {
- bridge br1
- }
- description "VLAN 0.4 - IPTV"
- dhcp-options {
- client-option "option code 60 = IPTV_RG"
- default-route update
- default-route-distance 254
- name-server update
- }
- }
- vif 6 {
- description "VLAN 0.6 - Internet"
- firewall {
- }
- pppoe 0 {
- default-route auto
- firewall {
- in {
- name WAN_IN
- }
- local {
- name WAN_LOCAL
- }
- out {
- name WAN_OUT
- }
- }
- mtu 1492
- name-server auto
- password kpn
- user-id mac@internet
- }
- }
- vif 7 {
- bridge-group {
- bridge br0
- }
- description "VLAN 0.7 - Telefonie"
- }
- }
- ethernet eth1 {
- address 192.168.2.1/24
- description "eth1 - Internet"
- duplex auto
- speed auto
- }
- ethernet eth2 {
- bridge-group {
- bridge br0
- }
- description "eth2 - ExperiaBox"
- duplex auto
- speed auto
- }
- loopback lo {
- }
- }
- protocols {
- igmp-proxy {
- interface br1 {
- alt-subnet 10.142.64.0/18
- alt-subnet 213.75.0.0/16
- role downstream
- threshold 1
- }
- interface eth0.6 {
- alt-subnet 10.142.64.0/28
- alt-subnet 213.75.112.0/21
- role upstream
- threshold 1
- }
- }
- }
- service {
- dhcp-server {
- disabled false
- global-parameters "option code 28 = 192.168.2.255"
- global-parameters "option code 60 = IPTV_RG"
- hostfile-update disable
- shared-network-name LAN {
- authoritative disable
- subnet 192.168.2.0/24 {
- default-router 192.168.2.1
- dns-server 208.67.222.123
- dns-server 208.67.220.123
- lease 86400
- start 192.168.2.20 {
- stop 192.168.2.220
- }
- }
- }
- }
- dns {
- forwarding {
- cache-size 150
- listen-on br0
- }
- }
- gui {
- https-port 443
- }
- nat {
- rule 5010 {
- description "KPN Internet"
- log enable
- outbound-interface pppoe0
- protocol all
- source {
- address 192.168.2.0/24
- }
- type masquerade
- }
- rule 5011 {
- description IPTV
- destination {
- address 10.142.64.0/18
- }
- log disable
- outbound-interface eth0.4
- protocol all
- source {
- }
- type masquerade
- }
- rule 5012 {
- description IPTV
- destination {
- address 213.75.112.0/21
- }
- log disable
- outbound-interface eth0.4
- protocol all
- source {
- }
- type masquerade
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- }
- system {
- host-name ubnt
- login {
- user ubnt {
- authentication {
- encrypted-password xxxxx
- plaintext-password ""
- }
- full-name Admin
- level admin
- }
- }
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- offload {
- ipv4 {
- forwarding enable
- pppoe enable
- vlan enable
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- time-zone UTC
- traffic-analysis {
- dpi enable
- export enable
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
