Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- admin@ERX:~$ show configuration
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-name WANv6_IN {
- default-action accept
- description "WAN inbound traffic forwarded to LAN"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related session"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 30 {
- action accept
- description "allow icmpv6"
- log disable
- protocol icmpv6
- }
- }
- ipv6-name WANv6_LOCAL {
- default-action accept
- description "WAN inbound traffic to the router"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related sessions"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 30 {
- action accept
- protocol ipv6-icmp
- }
- rule 40 {
- action accept
- description "allow dhcpv6"
- destination {
- port 546
- }
- protocol udp
- source {
- port 547
- }
- }
- }
- ipv6-receive-redirects enable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 21 {
- action accept
- description ICMP
- log disable
- protocol icmp
- state {
- established enable
- invalid disable
- new enable
- related enable
- }
- }
- rule 22 {
- action accept
- description HTTPS
- log disable
- protocol tcp_udp
- source {
- port 8180,443
- }
- state {
- established enable
- invalid enable
- new enable
- related enable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 21 {
- action accept
- description ICMP
- log disable
- protocol icmp
- state {
- established enable
- invalid disable
- new enable
- related enable
- }
- }
- rule 22 {
- action accept
- description HTTPS
- destination {
- port 443
- }
- log disable
- protocol tcp_udp
- source {
- }
- state {
- established enable
- invalid enable
- new enable
- related enable
- }
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- ethernet eth0 {
- address 192.168.2.3/24
- description Local
- duplex auto
- firewall {
- in {
- }
- local {
- }
- }
- speed auto
- }
- ethernet eth1 {
- address dhcp
- description Internet
- dhcp-options {
- default-route update
- default-route-distance 210
- name-server update
- }
- dhcpv6-pd {
- pd 0 {
- interface switch0 {
- prefix-id :0
- service slaac
- }
- prefix-length 56
- }
- prefix-only
- rapid-commit enable
- }
- duplex auto
- firewall {
- in {
- ipv6-name WANv6_IN
- name WAN_IN
- }
- local {
- ipv6-name WANv6_LOCAL
- name WAN_LOCAL
- }
- }
- ipv6 {
- dup-addr-detect-transmits 1
- }
- mac 44:D9:E7:07:73:B5
- speed auto
- }
- ethernet eth2 {
- description Local
- duplex auto
- speed auto
- }
- ethernet eth3 {
- description Local
- duplex auto
- speed auto
- }
- ethernet eth4 {
- description Local
- duplex auto
- poe {
- output pthru
- watchdog {
- address 192.168.1.2
- failure-count 3
- interval 15
- off-delay 5
- start-delay 300
- }
- }
- speed auto
- }
- loopback lo {
- }
- switch switch0 {
- address 192.168.1.1/24
- description Local
- dhcpv6-pd {
- rapid-commit enable
- }
- mtu 1500
- switch-port {
- interface eth2
- interface eth3
- interface eth4
- }
- }
- }
- port-forward {
- auto-firewall enable
- hairpin-nat enable
- lan-interface switch0
- rule 1 {
- description VPN
- forward-to {
- address 192.168.1.3
- port 1723
- }
- original-port 1723
- protocol tcp_udp
- }
- rule 2 {
- description VPN2
- forward-to {
- address 192.168.1.3
- port 443
- }
- original-port 47
- protocol tcp_udp
- }
- rule 3 {
- description R7000
- forward-to {
- address 192.168.1.3
- port 8181
- }
- original-port 8181
- protocol tcp_udp
- }
- rule 4 {
- description ERX
- forward-to {
- address 192.168.1.1
- port 443
- }
- original-port 8180
- protocol tcp_udp
- }
- wan-interface eth1
- }
- protocols {
- static {
- }
- }
- service {
- dhcp-server {
- disabled false
- hostfile-update disable
- shared-network-name DHCPv4 {
- authoritative disable
- subnet 192.168.1.0/24 {
- default-router 192.168.1.1
- dns-server 192.168.1.1
- domain-name ERX
- lease 86400
- start 192.168.1.10 {
- stop 192.168.1.100
- }
- static-mapping Chromecast {
- ip-address 192.168.1.11
- mac-address 6c:ad:f8:fa:6d:87
- }
- static-mapping Connor-PC {
- ip-address 192.168.1.14
- mac-address 0c:8b:fd:2b:d1:a3
- }
- static-mapping ConnorsiPhone6S {
- ip-address 192.168.1.12
- mac-address cc:20:e8:e3:15:2e
- }
- static-mapping MacaelasiPhone5S {
- ip-address 192.168.1.13
- mac-address e8:80:2e:b8:1a:10
- }
- static-mapping WCB3000N {
- ip-address 192.168.1.4
- mac-address 4c:8b:30:c4:3d:94
- }
- static-mapping WEB6000Q {
- ip-address 192.168.1.5
- mac-address 4c:8b:30:d1:8c:b0
- }
- static-mapping XPS1640 {
- ip-address 192.168.1.10
- mac-address 00:26:b9:01:f8:26
- }
- }
- }
- }
- dhcpv6-relay {
- listen-interface switch0 {
- }
- listen-port 546
- max-hop-count 85
- upstream-interface eth1 {
- }
- }
- dns {
- forwarding {
- blacklist {
- disabled false
- dns-redirect-ip 0.0.0.0
- domains {
- exclude adobedtm.com
- exclude apple.com
- exclude coremetrics.com
- exclude doubleclick.net
- exclude google.com
- exclude googleadservices.com
- exclude googleapis.com
- exclude hulu.com
- exclude msdn.com
- exclude paypal.com
- exclude storage.googleapis.com
- include adsrvr.org
- include adtechus.net
- include advertising.com
- include centade.com
- include doubleclick.net
- include free-counter.co.uk
- include kiosked.com
- source malc0de.com {
- description "List of zones serving malicious executables observed by malc0de.com/database/"
- prefix "zone "
- url http://malc0de.com/bl/ZONES
- }
- }
- hosts {
- exclude appleglobal.112.2o7.net
- exclude c.apple.com
- exclude autolinkmaker.itunes.apple.com
- exclude cdn.visiblemeasures.com
- exclude freedns.afraid.org
- exclude hb.disney.go.com
- exclude ads.hulu.com
- exclude ads-a-darwin.hulu.com
- exclude ads-v-darwin.hulu.com
- exclude track.hulu.com
- exclude static.chartbeat.com
- exclude survey.112.2o7.net
- include beap.gemini.yahoo.com
- source openphish.com {
- description "OpenPhish automatic phishing detection"
- prefix http
- url https://openphish.com/feed.txt
- }
- source someonewhocares.org {
- description "Zero based host and domain list"
- prefix 0.0.0.0
- url http://someonewhocares.org/hosts/zero/
- }
- source volkerschatz.com {
- description "Ad server blacklists"
- prefix http
- url http://www.volkerschatz.com/net/adpaths
- }
- source winhelp2002.mvps.org {
- description "Zero based host and domain list"
- prefix "0.0.0.0 "
- url http://winhelp2002.mvps.org/hosts.txt
- }
- source www.malwaredomainlist.com {
- description "127.0.0.1 based host and domain list"
- prefix "127.0.0.1 "
- url http://www.malwaredomainlist.com/hostslist/hosts.txt
- }
- source yoyo.org {
- description "Fully Qualified Domain Names only - no prefix to strip"
- prefix ""
- url http://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml&showintro=1&mimetype=plaintext
- }
- }
- }
- cache-size 500
- listen-on switch0
- listen-on eth0
- }
- }
- gui {
- https-port 443
- }
- nat {
- rule 5010 {
- outbound-interface eth1
- type masquerade
- }
- rule 5011 {
- description T1200
- destination {
- address 192.168.2.0/24
- }
- log disable
- outbound-interface eth0
- protocol all
- type masquerade
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- telnet {
- port 23
- }
- }
- system {
- domain-name ERX
- host-name ERX
- login {
- user admin {
- authentication {
- encrypted-password ****************
- plaintext-password ****************
- }
- full-name "Connor McCaffrey"
- level admin
- }
- }
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- static-host-mapping {
- host-name egdeos.ddns.net {
- inet 192.168.1.1
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- task-scheduler {
- task update_blacklists {
- executable {
- path /config/scripts/update-dnsmasq.pl
- }
- interval 6h
- }
- }
- time-zone America/Vancouver
- }
- traffic-control {
- smart-queue Telus {
- upload {
- ecn enable
- flows 1024
- fq-quantum 300
- htb-quantum 1500
- interval 80ms
- limit 10240
- rate 11.7mbit
- target 5ms
- }
- wan-interface eth1
- }
- }
- admin@ERX:~$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement