API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 30th, 2015
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.12 KB | None | 0 0
raw download clone embed print report
  1.  
  2. admin@ERX:~$ show configuration
  3. firewall {
  4. all-ping enable
  5. broadcast-ping disable
  6. ipv6-name WANv6_IN {
  7. default-action accept
  8. description "WAN inbound traffic forwarded to LAN"
  9. enable-default-log
  10. rule 10 {
  11. action accept
  12. description "Allow established/related session"
  13. state {
  14. established enable
  15. related enable
  16. }
  17. }
  18. rule 20 {
  19. action drop
  20. description "Drop invalid state"
  21. state {
  22. invalid enable
  23. }
  24. }
  25. rule 30 {
  26. action accept
  27. description "allow icmpv6"
  28. log disable
  29. protocol icmpv6
  30. }
  31. }
  32. ipv6-name WANv6_LOCAL {
  33. default-action accept
  34. description "WAN inbound traffic to the router"
  35. enable-default-log
  36. rule 10 {
  37. action accept
  38. description "Allow established/related sessions"
  39. state {
  40. established enable
  41. related enable
  42. }
  43. }
  44. rule 20 {
  45. action drop
  46. description "Drop invalid state"
  47. state {
  48. invalid enable
  49. }
  50. }
  51. rule 30 {
  52. action accept
  53. protocol ipv6-icmp
  54. }
  55. rule 40 {
  56. action accept
  57. description "allow dhcpv6"
  58. destination {
  59. port 546
  60. }
  61. protocol udp
  62. source {
  63. port 547
  64. }
  65. }
  66. }
  67. ipv6-receive-redirects enable
  68. ipv6-src-route disable
  69. ip-src-route disable
  70. log-martians enable
  71. name WAN_IN {
  72. default-action drop
  73. description "WAN to internal"
  74. rule 10 {
  75. action accept
  76. description "Allow established/related"
  77. state {
  78. established enable
  79. related enable
  80. }
  81. }
  82. rule 20 {
  83. action drop
  84. description "Drop invalid state"
  85. state {
  86. invalid enable
  87. }
  88. }
  89. rule 21 {
  90. action accept
  91. description ICMP
  92. log disable
  93. protocol icmp
  94. state {
  95. established enable
  96. invalid disable
  97. new enable
  98. related enable
  99. }
  100. }
  101. rule 22 {
  102. action accept
  103. description HTTPS
  104. log disable
  105. protocol tcp_udp
  106. source {
  107. port 8180,443
  108. }
  109. state {
  110. established enable
  111. invalid enable
  112. new enable
  113. related enable
  114. }
  115. }
  116. }
  117. name WAN_LOCAL {
  118. default-action drop
  119. description "WAN to router"
  120. rule 10 {
  121. action accept
  122. description "Allow established/related"
  123. state {
  124. established enable
  125. related enable
  126. }
  127. }
  128. rule 20 {
  129. action drop
  130. description "Drop invalid state"
  131. state {
  132. invalid enable
  133. }
  134. }
  135. rule 21 {
  136. action accept
  137. description ICMP
  138. log disable
  139. protocol icmp
  140. state {
  141. established enable
  142. invalid disable
  143. new enable
  144. related enable
  145. }
  146. }
  147. rule 22 {
  148. action accept
  149. description HTTPS
  150. destination {
  151. port 443
  152. }
  153. log disable
  154. protocol tcp_udp
  155. source {
  156. }
  157. state {
  158. established enable
  159. invalid enable
  160. new enable
  161. related enable
  162. }
  163. }
  164. }
  165. receive-redirects disable
  166. send-redirects enable
  167. source-validation disable
  168. syn-cookies enable
  169. }
  170. interfaces {
  171. ethernet eth0 {
  172. address 192.168.2.3/24
  173. description Local
  174. duplex auto
  175. firewall {
  176. in {
  177. }
  178. local {
  179. }
  180. }
  181. speed auto
  182. }
  183. ethernet eth1 {
  184. address dhcp
  185. description Internet
  186. dhcp-options {
  187. default-route update
  188. default-route-distance 210
  189. name-server update
  190. }
  191. dhcpv6-pd {
  192. pd 0 {
  193. interface switch0 {
  194. prefix-id :0
  195. service slaac
  196. }
  197. prefix-length 56
  198. }
  199. prefix-only
  200. rapid-commit enable
  201. }
  202. duplex auto
  203. firewall {
  204. in {
  205. ipv6-name WANv6_IN
  206. name WAN_IN
  207. }
  208. local {
  209. ipv6-name WANv6_LOCAL
  210. name WAN_LOCAL
  211. }
  212. }
  213. ipv6 {
  214. dup-addr-detect-transmits 1
  215. }
  216. mac 44:D9:E7:07:73:B5
  217. speed auto
  218. }
  219. ethernet eth2 {
  220. description Local
  221. duplex auto
  222. speed auto
  223. }
  224. ethernet eth3 {
  225. description Local
  226. duplex auto
  227. speed auto
  228. }
  229. ethernet eth4 {
  230. description Local
  231. duplex auto
  232. poe {
  233. output pthru
  234. watchdog {
  235. address 192.168.1.2
  236. failure-count 3
  237. interval 15
  238. off-delay 5
  239. start-delay 300
  240. }
  241. }
  242. speed auto
  243. }
  244. loopback lo {
  245. }
  246. switch switch0 {
  247. address 192.168.1.1/24
  248. description Local
  249. dhcpv6-pd {
  250. rapid-commit enable
  251. }
  252. mtu 1500
  253. switch-port {
  254. interface eth2
  255. interface eth3
  256. interface eth4
  257. }
  258. }
  259. }
  260. port-forward {
  261. auto-firewall enable
  262. hairpin-nat enable
  263. lan-interface switch0
  264. rule 1 {
  265. description VPN
  266. forward-to {
  267. address 192.168.1.3
  268. port 1723
  269. }
  270. original-port 1723
  271. protocol tcp_udp
  272. }
  273. rule 2 {
  274. description VPN2
  275. forward-to {
  276. address 192.168.1.3
  277. port 443
  278. }
  279. original-port 47
  280. protocol tcp_udp
  281. }
  282. rule 3 {
  283. description R7000
  284. forward-to {
  285. address 192.168.1.3
  286. port 8181
  287. }
  288. original-port 8181
  289. protocol tcp_udp
  290. }
  291. rule 4 {
  292. description ERX
  293. forward-to {
  294. address 192.168.1.1
  295. port 443
  296. }
  297. original-port 8180
  298. protocol tcp_udp
  299. }
  300. wan-interface eth1
  301. }
  302. protocols {
  303. static {
  304. }
  305. }
  306. service {
  307. dhcp-server {
  308. disabled false
  309. hostfile-update disable
  310. shared-network-name DHCPv4 {
  311. authoritative disable
  312. subnet 192.168.1.0/24 {
  313. default-router 192.168.1.1
  314. dns-server 192.168.1.1
  315. domain-name ERX
  316. lease 86400
  317. start 192.168.1.10 {
  318. stop 192.168.1.100
  319. }
  320. static-mapping Chromecast {
  321. ip-address 192.168.1.11
  322. mac-address 6c:ad:f8:fa:6d:87
  323. }
  324. static-mapping Connor-PC {
  325. ip-address 192.168.1.14
  326. mac-address 0c:8b:fd:2b:d1:a3
  327. }
  328. static-mapping ConnorsiPhone6S {
  329. ip-address 192.168.1.12
  330. mac-address cc:20:e8:e3:15:2e
  331. }
  332. static-mapping MacaelasiPhone5S {
  333. ip-address 192.168.1.13
  334. mac-address e8:80:2e:b8:1a:10
  335. }
  336. static-mapping WCB3000N {
  337. ip-address 192.168.1.4
  338. mac-address 4c:8b:30:c4:3d:94
  339. }
  340. static-mapping WEB6000Q {
  341. ip-address 192.168.1.5
  342. mac-address 4c:8b:30:d1:8c:b0
  343. }
  344. static-mapping XPS1640 {
  345. ip-address 192.168.1.10
  346. mac-address 00:26:b9:01:f8:26
  347. }
  348. }
  349. }
  350. }
  351. dhcpv6-relay {
  352. listen-interface switch0 {
  353. }
  354. listen-port 546
  355. max-hop-count 85
  356. upstream-interface eth1 {
  357. }
  358. }
  359. dns {
  360. forwarding {
  361. blacklist {
  362. disabled false
  363. dns-redirect-ip 0.0.0.0
  364. domains {
  365. exclude adobedtm.com
  366. exclude apple.com
  367. exclude coremetrics.com
  368. exclude doubleclick.net
  369. exclude google.com
  370. exclude googleadservices.com
  371. exclude googleapis.com
  372. exclude hulu.com
  373. exclude msdn.com
  374. exclude paypal.com
  375. exclude storage.googleapis.com
  376. include adsrvr.org
  377. include adtechus.net
  378. include advertising.com
  379. include centade.com
  380. include doubleclick.net
  381. include free-counter.co.uk
  382. include kiosked.com
  383. source malc0de.com {
  384. description "List of zones serving malicious executables observed by malc0de.com/database/"
  385. prefix "zone "
  386. url http://malc0de.com/bl/ZONES
  387. }
  388. }
  389. hosts {
  390. exclude appleglobal.112.2o7.net
  391. exclude c.apple.com
  392. exclude autolinkmaker.itunes.apple.com
  393. exclude cdn.visiblemeasures.com
  394. exclude freedns.afraid.org
  395. exclude hb.disney.go.com
  396. exclude ads.hulu.com
  397. exclude ads-a-darwin.hulu.com
  398. exclude ads-v-darwin.hulu.com
  399. exclude track.hulu.com
  400. exclude static.chartbeat.com
  401. exclude survey.112.2o7.net
  402. include beap.gemini.yahoo.com
  403. source openphish.com {
  404. description "OpenPhish automatic phishing detection"
  405. prefix http
  406. url https://openphish.com/feed.txt
  407. }
  408. source someonewhocares.org {
  409. description "Zero based host and domain list"
  410. prefix 0.0.0.0
  411. url http://someonewhocares.org/hosts/zero/
  412. }
  413. source volkerschatz.com {
  414. description "Ad server blacklists"
  415. prefix http
  416. url http://www.volkerschatz.com/net/adpaths
  417. }
  418. source winhelp2002.mvps.org {
  419. description "Zero based host and domain list"
  420. prefix "0.0.0.0 "
  421. url http://winhelp2002.mvps.org/hosts.txt
  422. }
  423. source www.malwaredomainlist.com {
  424. description "127.0.0.1 based host and domain list"
  425. prefix "127.0.0.1 "
  426. url http://www.malwaredomainlist.com/hostslist/hosts.txt
  427. }
  428. source yoyo.org {
  429. description "Fully Qualified Domain Names only - no prefix to strip"
  430. prefix ""
  431. url http://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml&showintro=1&mimetype=plaintext
  432. }
  433. }
  434. }
  435. cache-size 500
  436. listen-on switch0
  437. listen-on eth0
  438. }
  439. }
  440. gui {
  441. https-port 443
  442. }
  443. nat {
  444. rule 5010 {
  445. outbound-interface eth1
  446. type masquerade
  447. }
  448. rule 5011 {
  449. description T1200
  450. destination {
  451. address 192.168.2.0/24
  452. }
  453. log disable
  454. outbound-interface eth0
  455. protocol all
  456. type masquerade
  457. }
  458. }
  459. ssh {
  460. port 22
  461. protocol-version v2
  462. }
  463. telnet {
  464. port 23
  465. }
  466. }
  467. system {
  468. domain-name ERX
  469. host-name ERX
  470. login {
  471. user admin {
  472. authentication {
  473. encrypted-password ****************
  474. plaintext-password ****************
  475. }
  476. full-name "Connor McCaffrey"
  477. level admin
  478. }
  479. }
  480. ntp {
  481. server 0.ubnt.pool.ntp.org {
  482. }
  483. server 1.ubnt.pool.ntp.org {
  484. }
  485. server 2.ubnt.pool.ntp.org {
  486. }
  487. server 3.ubnt.pool.ntp.org {
  488. }
  489. }
  490. static-host-mapping {
  491. host-name egdeos.ddns.net {
  492. inet 192.168.1.1
  493. }
  494. }
  495. syslog {
  496. global {
  497. facility all {
  498. level notice
  499. }
  500. facility protocols {
  501. level debug
  502. }
  503. }
  504. }
  505. task-scheduler {
  506. task update_blacklists {
  507. executable {
  508. path /config/scripts/update-dnsmasq.pl
  509. }
  510. interval 6h
  511. }
  512. }
  513. time-zone America/Vancouver
  514. }
  515. traffic-control {
  516. smart-queue Telus {
  517. upload {
  518. ecn enable
  519. flows 1024
  520. fq-quantum 300
  521. htb-quantum 1500
  522. interval 80ms
  523. limit 10240
  524. rate 11.7mbit
  525. target 5ms
  526. }
  527. wan-interface eth1
  528. }
  529. }
  530. admin@ERX:~$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!