Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 1 {
- action accept
- description OpenVPN
- destination {
- port 1194
- }
- log disable
- protocol udp
- }
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- options {
- mss-clamp {
- interface-type all
- mss 1412
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- ethernet eth0 {
- address dhcp
- description Internet
- duplex auto
- firewall {
- in {
- name WAN_IN
- }
- local {
- name WAN_LOCAL
- }
- }
- mtu 1452
- speed auto
- }
- ethernet eth1 {
- address 10.1.1.1/24
- description LAN
- duplex auto
- mtu 1452
- speed auto
- }
- ethernet eth2 {
- address 10.1.2.1/24
- description WLAN
- duplex auto
- mtu 1452
- speed auto
- }
- loopback lo {
- }
- openvpn vtun0 {
- mode server
- server {
- push-route 10.1.1.0/24
- push-route 10.1.2.0/24
- subnet 10.1.10.0/24
- }
- tls {
- ca-cert-file /config/auth/cacert.pem
- cert-file /config/auth/host.pem
- dh-file /config/auth/dhp.pem
- key-file /config/auth/host_nopass.key
- }
- }
- }
- protocols {
- static {
- }
- }
- service {
- dhcp-server {
- disabled false
- hostfile-update disable
- shared-network-name LAN1 {
- authoritative disable
- subnet 10.1.1.0/24 {
- default-router 10.1.1.1
- dns-server 10.1.1.1
- lease 86400
- start 10.1.1.100 {
- stop 10.1.1.199
- }
- }
- }
- shared-network-name LAN2 {
- authoritative disable
- subnet 10.1.2.0/24 {
- default-router 10.1.2.1
- dns-server 10.1.2.1
- lease 86400
- start 10.1.2.100 {
- stop 10.1.2.199
- }
- }
- }
- }
- dns {
- dynamic {
- interface eth0 {
- service custom-HE {
- host-name <<REDACTED>>
- login <<REDACTED>>
- password <<REDACTED>>
- protocol dyndns2
- server dyn.dns.he.net
- }
- }
- }
- forwarding {
- cache-size 150
- listen-on eth1
- listen-on eth2
- }
- }
- gui {
- https-port 443
- }
- nat {
- rule 5010 {
- description "masquerade for WAN"
- outbound-interface eth0
- type masquerade
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- upnp {
- listen-on eth1 {
- outbound-interface eth0
- }
- listen-on eth2 {
- outbound-interface eth0
- }
- }
- }
- system {
- host-name spacemanspiff
- login {
- user calvin {
- authentication {
- encrypted-password <<REDACTED>>
- plaintext-password ""
- }
- full-name nate
- level admin
- }
- }
- name-server 8.8.8.8
- name-server 8.8.4.4
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- time-zone America/New_York
- traffic-analysis {
- dpi disable
- export disable
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement