API tools faq
paste
tom12e

erl config 09-07-2015 16:12

tom12e
Jul 9th, 2015
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.83 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. group {
  5. network-group LocalNetworks {
  6. description ""
  7. network 10.0.0.0/8
  8. network 172.16.0.0/12
  9. network 192.168.0.0/16
  10. }
  11. port-group UnwantedPorts {
  12. description ""
  13. port smtp
  14. port 67-68
  15. port 135-139
  16. port 213
  17. port 389
  18. port 445
  19. port 464
  20. }
  21. }
  22. ipv6-receive-redirects disable
  23. ipv6-src-route disable
  24. ip-src-route disable
  25. log-martians enable
  26. name WAN_IN {
  27. default-action drop
  28. description "WAN to Internal"
  29. enable-default-log
  30. rule 1 {
  31. action accept
  32. description "Allow established/related"
  33. log enable
  34. protocol all
  35. state {
  36. established enable
  37. invalid disable
  38. new disable
  39. related enable
  40. }
  41. }
  42. rule 2 {
  43. action drop
  44. description "Drop invalid state"
  45. log enable
  46. protocol all
  47. state {
  48. established disable
  49. invalid enable
  50. new disable
  51. related disable
  52. }
  53. }
  54. }
  55. name WAN_LOCAL {
  56. default-action drop
  57. description "WAN to router"
  58. enable-default-log
  59. rule 1 {
  60. action accept
  61. description "Allow established/related"
  62. log disable
  63. protocol all
  64. state {
  65. established enable
  66. invalid disable
  67. new disable
  68. related enable
  69. }
  70. }
  71. rule 2 {
  72. action drop
  73. description "Drop invalid state"
  74. log disable
  75. protocol all
  76. state {
  77. established disable
  78. invalid enable
  79. new disable
  80. related disable
  81. }
  82. }
  83. }
  84. name WAN_OUT {
  85. default-action accept
  86. enable-default-log
  87. rule 1 {
  88. action accept
  89. description "Allow SMTP to KPN"
  90. destination {
  91. address 213.75.63.13
  92. port 25
  93. }
  94. log disable
  95. protocol tcp
  96. source {
  97. address 192.168.2.0/24
  98. }
  99. }
  100. rule 2 {
  101. action drop
  102. description "Block unwanted outgoing traffic"
  103. destination {
  104. group {
  105. port-group UnwantedPorts
  106. }
  107. }
  108. log enable
  109. protocol tcp_udp
  110. }
  111. rule 3 {
  112. action drop
  113. description "Block private IP-spaces from entering WAN"
  114. destination {
  115. group {
  116. network-group LocalNetworks
  117. }
  118. }
  119. log enable
  120. protocol all
  121. }
  122. }
  123. options {
  124. }
  125. receive-redirects disable
  126. send-redirects enable
  127. source-validation disable
  128. syn-cookies enable
  129. }
  130. interfaces {
  131. bridge br0 {
  132. aging 300
  133. bridged-conntrack disable
  134. description "br0 - Telefonie"
  135. hello-time 2
  136. max-age 20
  137. priority 32768
  138. promiscuous disable
  139. stp false
  140. }
  141. ethernet eth0 {
  142. description "eth0 - FTTH"
  143. duplex auto
  144. mtu 1512
  145. speed auto
  146. vif 4 {
  147. address dhcp
  148. description "VLAN 0.4 - IPTV"
  149. dhcp-options {
  150. client-option "send vendor-class-identifier "IPTV_RG";"
  151. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  152. default-route no-update
  153. default-route-distance 254
  154. name-server no-update
  155. }
  156. }
  157. vif 6 {
  158. description "VLAN 0.6 - Internet"
  159. firewall {
  160. }
  161. mtu 1508
  162. pppoe 0 {
  163. default-route auto
  164. firewall {
  165. in {
  166. name WAN_IN
  167. }
  168. local {
  169. name WAN_LOCAL
  170. }
  171. out {
  172. name WAN_OUT
  173. }
  174. }
  175. idle-timeout 180
  176. mtu 1500
  177. name-server auto
  178. password kpn
  179. user-id xx-xx-xx-xx-xx-xx@internet
  180. }
  181. }
  182. vif 7 {
  183. bridge-group {
  184. bridge br0
  185. }
  186. description "VLAN 0.7 - Telefonie"
  187. }
  188. }
  189. ethernet eth1 {
  190. address 192.168.2.1/24
  191. description "eth1 - Internet & IPTV"
  192. duplex auto
  193. speed auto
  194. }
  195. ethernet eth2 {
  196. bridge-group {
  197. bridge br0
  198. }
  199. description "eth2 - ExperiaBox"
  200. duplex auto
  201. speed auto
  202. }
  203. loopback lo {
  204. }
  205. }
  206. protocols {
  207. igmp-proxy {
  208. interface eth0.4 {
  209. alt-subnet 10.142.64.0/18
  210. alt-subnet 213.75.0.0/16
  211. role upstream
  212. threshold 1
  213. }
  214. interface eth1 {
  215. role downstream
  216. threshold 1
  217. }
  218. }
  219. }
  220. service {
  221. dhcp-server {
  222. disabled false
  223. global-parameters "option vendor-class-identifier code 60 = string;"
  224. global-parameters "option broadcast-address code 28 = ip-address;"
  225. hostfile-update disable
  226. shared-network-name LAN {
  227. authoritative enable
  228. subnet 192.168.2.0/24 {
  229. default-router 192.168.2.1
  230. dns-server 208.67.222.123
  231. dns-server 208.67.220.123
  232. lease 86400
  233. start 192.168.2.20 {
  234. stop 192.168.2.254
  235. }
  236. static-mapping AP1 {
  237. ip-address 192.168.2.2
  238. mac-address xx-xx-xx-xx-xx-xx
  239. }
  240. subnet-parameters "option vendor-class-identifier "IPTV_RG";"
  241. subnet-parameters "option broadcast-address 192.168.2.255;"
  242. }
  243. }
  244. }
  245. dns {
  246. forwarding {
  247. cache-size 150
  248. listen-on eth1
  249. name-server 208.67.222.222
  250. name-server 208.67.220.220
  251. options listen-address=192.168.2.1
  252. }
  253. }
  254. gui {
  255. https-port 443
  256. }
  257. nat {
  258. rule 5000 {
  259. description IPTV
  260. destination {
  261. address 10.142.64.0/18
  262. }
  263. log disable
  264. outbound-interface eth0.4
  265. protocol all
  266. source {
  267. }
  268. type masquerade
  269. }
  270. rule 5001 {
  271. description IPTV
  272. destination {
  273. address 213.75.112.0/21
  274. }
  275. log disable
  276. outbound-interface eth0.4
  277. protocol all
  278. source {
  279. }
  280. type masquerade
  281. }
  282. rule 5002 {
  283. description "KPN Internet"
  284. log enable
  285. outbound-interface pppoe0
  286. protocol all
  287. source {
  288. address 192.168.2.0/24
  289. }
  290. type masquerade
  291. }
  292. }
  293. ssh {
  294. port 22
  295. protocol-version v2
  296. }
  297. }
  298. system {
  299. host-name ubnt
  300. login {
  301. user ubnt {
  302. authentication {
  303. encrypted-password xxxxxxxxxxxxxxxxxxxx
  304. plaintext-password ""
  305. }
  306. full-name Admin
  307. level admin
  308. }
  309. }
  310. ntp {
  311. server 0.ubnt.pool.ntp.org {
  312. }
  313. server 1.ubnt.pool.ntp.org {
  314. }
  315. server 2.ubnt.pool.ntp.org {
  316. }
  317. server 3.ubnt.pool.ntp.org {
  318. }
  319. }
  320. offload {
  321. ipv4 {
  322. forwarding enable
  323. pppoe enable
  324. vlan enable
  325. }
  326. }
  327. syslog {
  328. global {
  329. facility all {
  330. level notice
  331. }
  332. facility protocols {
  333. level debug
  334. }
  335. }
  336. }
  337. time-zone UTC
  338. traffic-analysis {
  339. dpi enable
  340. export enable
  341. }
  342. }
  343.  
  344.  
  345. /* Warning: Do not remove the following line. */
  346. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  347. /* Release version: v1.7.0.4783374.150622.1534 */
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!