API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 15th, 2017
743
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.79 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name WAN_IN {
  9. default-action accept
  10. description "WAN to internal"
  11. enable-default-log
  12. rule 10 {
  13. action accept
  14. description "Allow established/related"
  15. log disable
  16. protocol all
  17. state {
  18. established enable
  19. invalid disable
  20. new disable
  21. related enable
  22. }
  23. }
  24. rule 20 {
  25. action drop
  26. description "Drop invalid state"
  27. log disable
  28. protocol all
  29. state {
  30. established disable
  31. invalid enable
  32. new disable
  33. related disable
  34. }
  35. }
  36. }
  37. name WAN_LOCAL {
  38. default-action accept
  39. description "WAN to router"
  40. rule 1 {
  41. action accept
  42. description "Allow established/related"
  43. state {
  44. established enable
  45. related enable
  46. }
  47. }
  48. rule 2 {
  49. action accept
  50. description "Allow Ping"
  51. destination {
  52. group {
  53. address-group ADDRv4_eth2
  54. }
  55. }
  56. log enable
  57. protocol icmp
  58. }
  59. rule 3 {
  60. action drop
  61. description "Drop invalid state"
  62. log disable
  63. state {
  64. invalid enable
  65. }
  66. }
  67. }
  68. options {
  69. }
  70. receive-redirects disable
  71. send-redirects enable
  72. source-validation disable
  73. syn-cookies enable
  74. }
  75. interfaces {
  76. bridge br0 {
  77. aging 300
  78. bridged-conntrack disable
  79. description "bro -> eth0.838 LIVEBOX (VoD)"
  80. hello-time 2
  81. max-age 20
  82. priority 0
  83. promiscuous disable
  84. stp false
  85. }
  86. bridge br1 {
  87. aging 300
  88. bridged-conntrack disable
  89. description "br1 -> eth0.840 LIVEBOX (ZAPPING + CANAL 1)"
  90. hello-time 2
  91. max-age 20
  92. priority 0
  93. promiscuous disable
  94. stp false
  95. }
  96. ethernet eth0 {
  97. description "eth0 VERS LIVEBOX"
  98. duplex auto
  99. speed auto
  100. vif 832 {
  101. address 192.168.2.1/24
  102. description "eth0.832 LIVEBOX (INTERNET + VOIP + CANAL 2)"
  103. }
  104. vif 838 {
  105. bridge-group {
  106. bridge br0
  107. }
  108. description "eth0.838 LIVEBOX (VoD)"
  109. egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
  110. }
  111. vif 840 {
  112. bridge-group {
  113. bridge br1
  114. }
  115. description "eth0.840 LIVEBOX (ZAPPING + CANAL 1)"
  116. egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
  117. }
  118. }
  119. ethernet eth1 {
  120. description "eth1 ONT (FIBRE RJ45)"
  121. duplex auto
  122. speed auto
  123. vif 832 {
  124. address dhcp
  125. description "eth1.832 (INTERNET + VOIP + CANAL 2)"
  126. dhcp-options {
  127. client-option "send vendor-class-identifier "sagem";"
  128. client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";"
  129. client-option "send rfc3118-auth xxxx"
  130. client-option "request dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, domain-search, rfc3118-auth;"
  131. default-route update
  132. default-route-distance 210
  133. name-server update
  134. }
  135. egress-qos "0:0 1:1 2:2 3:3 4:4 5:5 6:6 7:7"
  136. firewall {
  137. in {
  138. name WAN_IN
  139. }
  140. local {
  141. name WAN_LOCAL
  142. }
  143. }
  144. ipv6 {
  145. address {
  146. autoconf
  147. }
  148. dup-addr-detect-transmits 1
  149. }
  150. }
  151. vif 838 {
  152. bridge-group {
  153. bridge br0
  154. }
  155. description "eth1.838 (VoD)"
  156. egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
  157. }
  158. vif 840 {
  159. bridge-group {
  160. bridge br1
  161. }
  162. description "eth1.840 (ZAPPING + CANAL 1)"
  163. egress-qos "0:5 1:5 2:5 3:5 5:5 6:5 7:5"
  164. }
  165. }
  166. ethernet eth2 {
  167. address 192.168.10.1/24
  168. description "eth2 LOCAL LAN SWITCH"
  169. duplex auto
  170. speed auto
  171. }
  172. loopback lo {
  173. }
  174. }
  175. port-forward {
  176. auto-firewall enable
  177. hairpin-nat enable
  178. lan-interface eth2
  179. xxx
  180. wan-interface eth1.832
  181. }
  182. protocols {
  183. }
  184. service {
  185. dhcp-server {
  186. disabled false
  187. global-parameters "option rfc3118-auth code 90 = string;"
  188. global-parameters "option SIP code 120 = string;"
  189. hostfile-update disable
  190. shared-network-name LAN {
  191. authoritative disable
  192. subnet 192.168.10.0/24 {
  193. default-router 192.168.10.1
  194. dns-server 8.8.8.8
  195. dns-server 8.8.4.4
  196. domain-name FD-HOME
  197. lease 86400
  198. start 192.168.10.3 {
  199. stop 192.168.10.254
  200. }
  201. }
  202. }
  203. shared-network-name LIVEBOX {
  204. authoritative enable
  205. subnet 192.168.2.0/24 {
  206. default-router 192.168.2.1
  207. dns-server 81.253.149.9
  208. dns-server 80.10.246.1
  209. domain-name orange.fr
  210. lease 86400
  211. start 192.168.2.30 {
  212. stop 192.168.2.50
  213. }
  214. subnet-parameters "option rfc3118-auth xxxxx"
  215. subnet-parameters "option SIP 00:06:73:62:63:74:33:67:03:41:55:42:06:61:63:63:65:73:73:11:6f:72:61:6e:67:65:2d:6d:75:6c:74:69:6d:65:64:69:61:03:6e:65:74:00;"
  216. }
  217. }
  218. use-dnsmasq disable
  219. }
  220. dns {
  221. dynamic {
  222. interface eth1 {
  223. service custom-noip {
  224. host-name benetnath.noip.me
  225. login benetnath
  226. password yhqoit9d
  227. protocol noip
  228. }
  229. web dyndns
  230. }
  231. }
  232. forwarding {
  233. cache-size 150
  234. listen-on eth1
  235. }
  236. }
  237. gui {
  238. http-port 80
  239. https-port 443
  240. older-ciphers enable
  241. }
  242. nat {
  243. rule 5010 {
  244. log disable
  245. outbound-interface eth1.832
  246. protocol all
  247. type masquerade
  248. }
  249. }
  250. ssh {
  251. allow-root
  252. port 22
  253. protocol-version v2
  254. }
  255. upnp {
  256. }
  257. upnp2 {
  258. listen-on eth2
  259. nat-pmp enable
  260. secure-mode enable
  261. wan eth1
  262. }
  263. }
  264. system {
  265. config-management {
  266. commit-revisions 50
  267. }
  268. domain-name FD-HOME
  269. host-name ubnt
  270. login {
  271. xxxx
  272. }
  273. name-server 8.8.8.8
  274. name-server 8.8.4.4
  275. name-server 208.67.222.222
  276. name-server 208.67.220.220
  277. ntp {
  278. server 0.ubnt.pool.ntp.org {
  279. }
  280. server 1.ubnt.pool.ntp.org {
  281. }
  282. server 2.ubnt.pool.ntp.org {
  283. }
  284. server 3.ubnt.pool.ntp.org {
  285. }
  286. }
  287. offload {
  288. hwnat disable
  289. ipsec enable
  290. ipv4 {
  291. forwarding disable
  292. pppoe disable
  293. vlan disable
  294. }
  295. ipv6 {
  296. forwarding disable
  297. }
  298. }
  299. package {
  300. repository wheezy {
  301. components "main contrib non-free"
  302. distribution wheezy
  303. password ""
  304. url http://http.us.debian.org/debian
  305. username ""
  306. }
  307. repository wheezy-security {
  308. components main
  309. distribution wheezy/updates
  310. password ""
  311. url http://security.debian.org
  312. username ""
  313. }
  314. }
  315. syslog {
  316. global {
  317. facility all {
  318. level notice
  319. }
  320. facility protocols {
  321. level debug
  322. }
  323. }
  324. }
  325. time-zone Europe/Paris
  326. traffic-analysis {
  327. dpi disable
  328. export disable
  329. }
  330. }
  331.  
  332.  
  333. /* Warning: Do not remove the following line. */
  334. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  335. /* Release version: v1.9.0.4901118.160804.1131 */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!