API tools faq
paste
Guest User

Untitled

a guest
Jul 8th, 2020
225
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.24 KB | None | 0 0
raw download clone embed print report
  1. ubnt@ubnt# show
  2. firewall {
  3. all-ping enable
  4. broadcast-ping disable
  5. ipv6-name WANv6_IN {
  6. default-action drop
  7. description "WAN inbound traffic forwarded to LAN"
  8. enable-default-log
  9. rule 10 {
  10. action accept
  11. description "Allow established/related sessions"
  12. state {
  13. established enable
  14. related enable
  15. }
  16. }
  17. rule 20 {
  18. action accept
  19. description "Allow IPv6 icmp"
  20. protocol ipv6-icmp
  21. state {
  22. invalid enable
  23. }
  24. }
  25. rule 30 {
  26. action drop
  27. description "Drop invalid state"
  28. state {
  29. invalid enable
  30. }
  31. }
  32. }
  33. ipv6-name WANv6_LOCAL {
  34. default-action drop
  35. description "WAN inbound traffic to the router"
  36. enable-default-log
  37. rule 10 {
  38. action accept
  39. description "Allow established/related sessions"
  40. state {
  41. established enable
  42. related enable
  43. }
  44. }
  45. rule 20 {
  46. action accept
  47. description "Allow IPv6 icmp"
  48. protocol ipv6-icmp
  49. state {
  50. invalid enable
  51. }
  52. }
  53. rule 30 {
  54. action accept
  55. description "allow dhcpv6"
  56. destination {
  57. port 546
  58. }
  59. protocol udp
  60. source {
  61. port 547
  62. }
  63. state {
  64. invalid enable
  65. }
  66. }
  67. rule 40 {
  68. action drop
  69. description "Drop invalid state"
  70. destination {
  71. port 546
  72. }
  73. protocol udp
  74. source {
  75. port 547
  76. }
  77. state {
  78. invalid enable
  79. }
  80. }
  81. }
  82. ipv6-receive-redirects disable
  83. ipv6-src-route disable
  84. ip-src-route disable
  85. log-martians enable
  86. name WAN_IN {
  87. default-action drop
  88. description "WAN to internal"
  89. rule 10 {
  90. action accept
  91. description "Allow established/related"
  92. state {
  93. established enable
  94. related enable
  95. }
  96. }
  97. rule 30 {
  98. action drop
  99. description "Drop invalid state"
  100. state {
  101. invalid enable
  102. }
  103. }
  104. }
  105. name WAN_LOCAL {
  106. default-action drop
  107. description "WAN to router"
  108. rule 10 {
  109. action accept
  110. description "Allow established/related"
  111. state {
  112. established enable
  113. related enable
  114. }
  115. }
  116. rule 20 {
  117. action drop
  118. description "Drop invalid state"
  119. state {
  120. invalid enable
  121. }
  122. }
  123. }
  124. name gasten {
  125. default-action drop
  126. description ""
  127. rule 10 {
  128. action accept
  129. log disable
  130. protocol all
  131. state {
  132. established enable
  133. invalid disable
  134. new disable
  135. related enable
  136. }
  137. }
  138. rule 20 {
  139. action drop
  140. destination {
  141. address 10.1.0.0/24
  142. }
  143. log disable
  144. protocol all
  145. }
  146. rule 30 {
  147. action drop
  148. log disable
  149. protocol all
  150. state {
  151. established disable
  152. invalid enable
  153. new disable
  154. related disable
  155. }
  156. }
  157. }
  158. receive-redirects disable
  159. send-redirects enable
  160. source-validation disable
  161. syn-cookies enable
  162. }
  163. interfaces {
  164. ethernet eth0 {
  165. address dhcp
  166. description "eth0 - FTU"
  167. duplex auto
  168. firewall {
  169. in {
  170. name WAN_IN
  171. }
  172. local {
  173. name WAN_LOCAL
  174. }
  175. }
  176. mtu 1512
  177. speed auto
  178. vif 4 {
  179. address dhcp
  180. description "eth0.4 - IPTV"
  181. dhcp-options {
  182. client-option "send vendor-class-identifier "IPTV_RG";"
  183. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  184. default-route no-update
  185. default-route-distance 210
  186. name-server update
  187. }
  188. }
  189. vif 6 {
  190. description "eth0.6 - Internet"
  191. mtu 1508
  192. pppoe 0 {
  193. default-route auto
  194. dhcpv6-pd {
  195. pd 0 {
  196. interface switch0 {
  197. host-address ::1
  198. prefix-id :1
  199. service slaac
  200. }
  201. prefix-length /48
  202. }
  203. rapid-commit enable
  204. }
  205. firewall {
  206. in {
  207. ipv6-name WANv6_IN
  208. name WAN_IN
  209. }
  210. local {
  211. ipv6-name WANv6_LOCAL
  212. name WAN_LOCAL
  213. }
  214. }
  215. idle-timeout 180
  216. ipv6 {
  217. address {
  218. autoconf
  219. }
  220. dup-addr-detect-transmits 1
  221. enable {
  222. }
  223. }
  224. mtu 1500
  225. name-server auto
  226. password kpn
  227. user-id 28-FF-3E-1A-89-28@internet
  228. }
  229. }
  230. }
  231. ethernet eth1 {
  232. description Local
  233. duplex auto
  234. speed auto
  235. }
  236. ethernet eth2 {
  237. description Local
  238. duplex auto
  239. speed auto
  240. }
  241. ethernet eth3 {
  242. description Local
  243. duplex auto
  244. speed auto
  245. }
  246. ethernet eth4 {
  247. description Local
  248. duplex auto
  249. speed auto
  250. }
  251. ethernet eth5 {
  252. duplex auto
  253. firewall {
  254. in {
  255. name WAN_IN
  256. }
  257. local {
  258. name WAN_LOCAL
  259. }
  260. }
  261. speed auto
  262. }
  263. loopback lo {
  264. }
  265. switch switch0 {
  266. address 10.1.0.1/24
  267. description lan
  268. ipv6 {
  269. dup-addr-detect-transmits 1
  270. router-advert {
  271. cur-hop-limit 64
  272. link-mtu 0
  273. managed-flag false
  274. max-interval 600
  275. name-server 2a02:a47f:e000::53
  276. name-server 2a02:a47f:e000::54
  277. other-config-flag false
  278. prefix ::/64 {
  279. autonomous-flag true
  280. on-link-flag true
  281. valid-lifetime 2592000
  282. }
  283. radvd-options "RDNSS 2a02:a47f:e000::53 2a02:a47f:e000::54 {};"
  284. reachable-time 0
  285. retrans-timer 0
  286. send-advert true
  287. }
  288. }
  289. mtu 1500
  290. switch-port {
  291. interface eth1 {
  292. }
  293. interface eth2 {
  294. }
  295. interface eth3 {
  296. }
  297. interface eth4 {
  298. }
  299. vlan-aware disable
  300. }
  301. vif 2 {
  302. address 10.2.0.1/24
  303. description gasten
  304. firewall {
  305. in {
  306. name gasten
  307. }
  308. local {
  309. name WAN_LOCAL
  310. }
  311. out {
  312. name gasten
  313. }
  314. }
  315. mtu 1500
  316. }
  317. }
  318. }
  319. port-forward {
  320. auto-firewall enable
  321. hairpin-nat disable
  322. lan-interface switch0
  323. wan-interface eth0
  324. }
  325. protocols {
  326. igmp-proxy {
  327. interface eth0.4 {
  328. alt-subnet 0.0.0.0/0
  329. role upstream
  330. threshold 1
  331. }
  332. interface switch0 {
  333. alt-subnet 0.0.0.0/0
  334. role downstream
  335. threshold 1
  336. }
  337. }
  338. static {
  339. interface-route 0.0.0.0/0 {
  340. next-hop-interface pppoe0 {
  341. }
  342. }
  343. interface-route6 ::/0 {
  344. next-hop-interface pppoe0 {
  345. }
  346. }
  347. route 213.75.112.0/21 {
  348. next-hop 10.228.208.1 {
  349. }
  350. }
  351. }
  352. }
  353. service {
  354. dhcp-server {
  355. disabled false
  356. global-parameters "option vendor-class-identifier code 60 = string;"
  357. global-parameters "option broadcast-address code 28 = ip-address;"
  358. hostfile-update disable
  359. shared-network-name LAN {
  360. authoritative enable
  361. subnet 10.1.0.0/24 {
  362. default-router 10.1.0.1
  363. dns-server 10.1.0.1
  364. dns-server 195.121.1.34
  365. dns-server 195.121.1.66
  366. lease 86400
  367. start 10.1.0.50 {
  368. stop 10.1.0.250
  369. }
  370. }
  371. }
  372. shared-network-name gasten {
  373. authoritative disable
  374. subnet 10.2.0.0/24 {
  375. default-router 10.2.0.1
  376. dns-server 10.2.0.1
  377. lease 86400
  378. start 10.2.0.50 {
  379. stop 10.2.0.250
  380. }
  381. }
  382. }
  383. static-arp disable
  384. use-dnsmasq enable
  385. }
  386. dns {
  387. forwarding {
  388. cache-size 4000
  389. listen-on switch0
  390. listen-on switch0.2
  391. name-server 8.8.8.8
  392. name-server 8.8.4.4
  393. name-server 195.121.1.34
  394. name-server 195.121.1.66
  395. name-server 2a02:a47f:e000::53
  396. name-server 2a02:a47f:e000::54
  397. options listen-address=10.1.0.1
  398. options listen-address=10.2.0.1
  399. }
  400. }
  401. gui {
  402. http-port 80
  403. https-port 443
  404. listen-address 10.1.0.1
  405. older-ciphers enable
  406. }
  407. nat {
  408. rule 5000 {
  409. description IPTV
  410. destination {
  411. address 213.75.112.0/21
  412. }
  413. log disable
  414. outbound-interface eth0.4
  415. protocol all
  416. type masquerade
  417. }
  418. rule 5010 {
  419. description "KPN Internet"
  420. log enable
  421. outbound-interface pppoe0
  422. protocol all
  423. source {
  424. address 10.1.0.0/24
  425. }
  426. type masquerade
  427. }
  428. }
  429. ssh {
  430. port 22
  431. protocol-version v2
  432. }
  433. unms {
  434. disable
  435. }
  436. }
  437. system {
  438. host-name ubnt
  439. login {
  440. user <user> {
  441. authentication {
  442. encrypted-password <removed>
  443. }
  444. level admin
  445. }
  446. }
  447. name-server 195.121.1.66
  448. name-server 2a02:a47f:e000::53
  449. name-server 2a02:a47f:e000::54
  450. name-server 195.121.1.34
  451. ntp {
  452. server 0.ubnt.pool.ntp.org {
  453. }
  454. server 1.ubnt.pool.ntp.org {
  455. }
  456. server 2.ubnt.pool.ntp.org {
  457. }
  458. server 3.ubnt.pool.ntp.org {
  459. }
  460. }
  461. offload {
  462. hwnat enable
  463. }
  464. static-host-mapping {
  465. }
  466. syslog {
  467. global {
  468. facility all {
  469. level notice
  470. }
  471. facility protocols {
  472. level debug
  473. }
  474. }
  475. }
  476. time-zone UTC
  477. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!