set firewall all-ping 'enable'set firewall broadcast-ping 'disable'set firew

1. set firewall all-ping 'enable'
2. set firewall broadcast-ping 'disable'
3. set firewall config-trap 'disable'
4. set firewall group address-group ag-bcast_dmz address '192.168.67.255'
5. set firewall group address-group ag-bcast_iot address '192.168.11.255'
6. set firewall group address-group ag-bcast_iot address '192.168.11.253'
7. set firewall group address-group ag-bcast_lan address '192.168.13.255'
8. set firewall group address-group ag-bcast_lan address '192.168.13.253'
9. set firewall group address-group ag-bcast_limit address '255.255.255.255'
10. set firewall group address-group ag-bf_relay address '192.168.67.225'
11. set firewall group address-group ag-bf_relay address '192.168.67.226'
12. set firewall group address-group ag-bf_relay_extender address '192.168.67.225'
13. set firewall group address-group ag-bf_server address '192.168.67.220'
14. set firewall group address-group ag-bf_webreports address '192.168.67.220'
15. set firewall group address-group ag-blueiris address '192.168.67.110'
16. set firewall group address-group ag-cert_issuer address '192.168.67.231'
17. set firewall group address-group ag-cert_web address '192.168.67.231'
18. set firewall group address-group ag-ct_sync address '224.0.0.50'
19. set firewall group address-group ag-dc address '192.168.67.241'
20. set firewall group address-group ag-dc address '192.168.67.242'
21. set firewall group address-group ag-dockerhosts address '192.168.7.195'
22. set firewall group address-group ag-dockerhosts address '192.168.67.196'
23. set firewall group address-group ag-dockerhosts address '192.168.7.196'
24. set firewall group address-group ag-dockerhosts address '192.168.67.195'
25. set firewall group address-group ag-docker_pub address '192.168.17.207'
26. set firewall group address-group ag-fileserver address '192.168.67.200'
27. set firewall group address-group ag-fileserver address '192.168.67.205'
28. set firewall group address-group ag-hypervisors address '192.168.7.10'
29. set firewall group address-group ag-hypervisors address '192.168.7.11'
30. set firewall group address-group ag-hypervisors address '192.168.7.12'
31. set firewall group address-group ag-hypervisors address '192.168.7.15'
32. set firewall group address-group ag-hypervisors address '192.168.7.16'
33. set firewall group address-group ag-igmp address '224.0.0.22'
34. set firewall group address-group ag-kms address '192.168.67.240'
35. set firewall group address-group ag-mdns address '224.0.0.251'
36. set firewall group address-group ag-mdns address '192.168.11.252'
37. set firewall group address-group ag-mdns address '192.168.11.254'
38. set firewall group address-group ag-mdns address '192.168.13.254'
39. set firewall group address-group ag-mdns address '192.168.13.252'
40. set firewall group address-group ag-mdns address '192.168.13.253'
41. set firewall group address-group ag-mdns address '192.168.11.253'
42. set firewall group address-group ag-mdns address '192.168.131.253'
43. set firewall group address-group ag-mdns address '192.168.131.252'
44. set firewall group address-group ag-mdns address '192.168.131.254'
45. set firewall group address-group ag-media_player address '192.168.11.66'
46. set firewall group address-group ag-media_player address '192.168.11.99'
47. set firewall group address-group ag-omada address '192.168.7.240'
48. set firewall group address-group ag-portainer address '192.168.7.196'
49. set firewall group address-group ag-printer address '192.168.13.210'
50. set firewall group address-group ag-testDNS_fw address '192.168.7.140'
51. set firewall group address-group ag-testNTP address '192.168.7.140'
52. set firewall group address-group ag-testNTP address '192.168.7.141'
53. set firewall group address-group ag-testWEB address '192.168.7.142'
54. set firewall group address-group ag-testWEB address '192.168.7.143'
55. set firewall group address-group ag-testWEB address '192.168.7.141'
56. set firewall group address-group ag-testWEB address '192.168.7.146'
57. set firewall group address-group ag-traccar_mysql address '192.168.67.195'
58. set firewall group address-group ag-traccar_srv address '192.168.17.207'
59. set firewall group address-group ag-tv_server address '192.168.11.196'
60. set firewall group address-group ag-unifi
61. set firewall group address-group ag-ups_mgmt address '192.168.7.100'
62. set firewall group address-group ag-vcenter address '192.168.7.15'
63. set firewall group address-group ag-vpn_bck address '192.168.17.100'
64. set firewall group address-group ag-vpn_pri address '192.168.17.100'
65. set firewall group address-group ag-vpn_servers address '192.168.17.100'
66. set firewall group address-group ag-vrrp address '224.0.0.18'
67. set firewall group address-group ag-vsphere address '192.168.7.15'
68. set firewall group address-group ag-wsus address '192.168.67.235'
69. set firewall group address-group ag-dhcp-isp address '172.17.0.1'
70. set firewall group address-group ag-dhcp-isp address '172.23.0.1'
71. set firewall group address-group ag-dhcp-server address '192.168.67.241'
72. set firewall group address-group ag-dhcp-server address '192.168.67.242'
73. set firewall group address-group ag-dns-dc_main address '192.168.67.241'
74. set firewall group address-group ag-dns-dc_main address '192.168.67.242'
75. set firewall group address-group ag-down-fileserver address '192.168.79.202'
76. set firewall group address-group ag-fw-iot address '192.168.11.253'
77. set firewall group address-group ag-fw-lan address '192.168.13.253'
78. set firewall group address-group ag-vrrp-cam address '192.168.53.252'
79. set firewall group address-group ag-vrrp-cam address '192.168.53.254'
80. set firewall group address-group ag-vrrp-dmz address '192.168.67.252'
81. set firewall group address-group ag-vrrp-dmz address '192.168.67.254'
82. set firewall group address-group ag-vrrp-download address '192.168.79.252'
83. set firewall group address-group ag-vrrp-download address '192.168.79.254'
84. set firewall group address-group ag-vrrp-guest address '192.168.131.252'
85. set firewall group address-group ag-vrrp-guest address '192.168.131.254'
86. set firewall group address-group ag-vrrp-iot address '192.168.11.252'
87. set firewall group address-group ag-vrrp-iot address '192.168.11.254'
88. set firewall group address-group ag-vrrp-lan address '192.168.13.252'
89. set firewall group address-group ag-vrrp-lan address '192.168.13.254'
90. set firewall group address-group ag-vrrp-mgmt address '192.168.7.252'
91. set firewall group address-group ag-vrrp-mgmt address '192.168.7.254'
92. set firewall group address-group ag-vrrp-public address '192.168.17.252'
93. set firewall group address-group ag-vrrp-public address '192.168.17.254'
94. set firewall group address-group dns-piholes address '192.168.67.243'
95. set firewall group address-group dns-piholes address '192.168.67.244'
96. set firewall group address-group dnsforwarders address '192.168.67.241'
97. set firewall group address-group dnsforwarders address '192.168.67.242'
98. set firewall group address-group dnsforwarders address '192.168.67.243'
99. set firewall group address-group dnsforwarders address '192.168.67.244'
100. set firewall group address-group mgmtfromlan address '192.168.13.15'
101. set firewall group address-group mgmtfromlan address '192.168.13.85'
102. set firewall group address-group mgmtfromlan address '192.168.13.43'
103. set firewall group address-group mgmtfromlan address '192.168.13.95'
104. set firewall group address-group mgmtfromlan address '192.168.13.44'
105. set firewall group address-group mgmtfromlan address '192.168.13.86'
106. set firewall group address-group ntpservers address '192.168.67.241'
107. set firewall group address-group ntpservers address '192.168.67.242'
108. set firewall group address-group wifiaps address '192.168.7.210'
109. set firewall group address-group wifiaps address '192.168.7.247'
110. set firewall group address-group wifiaps address '192.168.7.248'
111. set firewall group network-group ng-guest network '192.168.131.0/24'
112. set firewall group network-group ng-lan network '192.168.13.0/24'
113. set firewall group network-group vpnusers network '10.168.17.0/24'
114. set firewall group network-group vpnusers network '10.168.19.0/24'
115. set firewall group port-group pg-agps port '7275'
116. set firewall group port-group pg-bf_server port '52311'
117. set firewall group port-group pg-bf_webreports port '8083'
118. set firewall group port-group pg-blueiris port '443'
119. set firewall group port-group pg-blueiris port '442'
120. set firewall group port-group pg-cam_onvif port '80'
121. set firewall group port-group pg-cam_onvif port '8999'
122. set firewall group port-group pg-cam_rtsp port '554'
123. set firewall group port-group pg-cert_issuer port '135'
124. set firewall group port-group pg-cert_issuer port '49152-65535'
125. set firewall group port-group pg-crashplan port '4287'
126. set firewall group port-group pg-ct_sync port '3780'
127. set firewall group port-group pg-dhcp port '67'
128. set firewall group port-group pg-dhcp port '68'
129. set firewall group port-group pg-dns port '53'
130. set firewall group port-group pg-dnsblock_admin port '3000'
131. set firewall group port-group pg-dns_tls port '853'
132. set firewall group port-group pg-domain port '389'
133. set firewall group port-group pg-domain port '88'
134. set firewall group port-group pg-domain port '445'
135. set firewall group port-group pg-domain port '636'
136. set firewall group port-group pg-domain port '3269'
137. set firewall group port-group pg-domain port '3268'
138. set firewall group port-group pg-domain port '135'
139. set firewall group port-group pg-domain port '49152-65535'
140. set firewall group port-group pg-domain port '137'
141. set firewall group port-group pg-domain_udp port '137'
142. set firewall group port-group pg-ftp port '21'
143. set firewall group port-group pg-google_cast port '8008'
144. set firewall group port-group pg-google_cast port '8009'
145. set firewall group port-group pg-google_cast port '8443'
146. set firewall group port-group pg-google_cast_pic port '2346'
147. set firewall group port-group pg-google_fcm port '5228'
148. set firewall group port-group pg-google_fcm port '5229'
149. set firewall group port-group pg-google_fcm port '5230'
150. set firewall group port-group pg-google_quic port '443'
151. set firewall group port-group pg-google_quic port '19302-19309'
152. set firewall group port-group pg-iperf port '5201'
153. set firewall group port-group pg-iptv port '8086'
154. set firewall group port-group pg-iptv port '8080'
155. set firewall group port-group pg-iptv port '8000'
156. set firewall group port-group pg-iptv port '9090'
157. set firewall group port-group pg-person2work_genesys port '16384-32768'
158. set firewall group port-group pg-person2work_webrtc port '3478'
159. set firewall group port-group pg-person2work_webrtc port '19302'
160. set firewall group port-group pg-kms port '1688'
161. set firewall group port-group pg-person3_work port '9993'
162. set firewall group port-group pg-person1work_lotusnotes port '1352'
163. set firewall group port-group pg-mdns port '5353'
164. set firewall group port-group pg-mysql port '3306'
165. set firewall group port-group pg-netbios port '137'
166. set firewall group port-group pg-netbios port '138'
167. set firewall group port-group pg-netbios port '139'
168. set firewall group port-group pg-ntp port '123'
169. set firewall group port-group pg-ocsp port '80'
170. set firewall group port-group pg-omada port '8043'
171. set firewall group port-group pg-pia_ping port '8888'
172. set firewall group port-group pg-pia_wguard port '1337'
173. set firewall group port-group pg-pihole port '80'
174. set firewall group port-group pg-pihole port '443'
175. set firewall group port-group pg-portainer port '9000'
176. set firewall group port-group pg-portainer_agent port '9001'
177. set firewall group port-group pg-printer_web port '443'
178. set firewall group port-group pg-rdp port '3389'
179. set firewall group port-group pg-skype port '3478'
180. set firewall group port-group pg-skype port '3479'
181. set firewall group port-group pg-skype port '3480'
182. set firewall group port-group pg-skype port '3481'
183. set firewall group port-group pg-smb port '445'
184. set firewall group port-group pg-solar port '54321'
185. set firewall group port-group pg-solar port '54320'
186. set firewall group port-group pg-solar port '54319'
187. set firewall group port-group pg-solar port '49049'
188. set firewall group port-group pg-solar2 port '50052'
189. set firewall group port-group pg-speedtest port '5060'
190. set firewall group port-group pg-speedtest port '8080'
191. set firewall group port-group pg-spotify port '4070'
192. set firewall group port-group pg-ssh port '22'
193. set firewall group port-group pg-traccar_srv port '8082'
194. set firewall group port-group pg-tvh_htsp port '9982'
195. set firewall group port-group pg-tvh_web port '9981'
196. set firewall group port-group pg-tv_discover port '65001'
197. set firewall group port-group pg-unifi_adapt port '10001'
198. set firewall group port-group pg-ups_web port '4679'
199. set firewall group port-group pg-ups_web port '4680'
200. set firewall group port-group pg-vcenter port '5480'
201. set firewall group port-group pg-vcenter port '443'
202. set firewall group port-group pg-vpn_bck port '443'
203. set firewall group port-group pg-vpn_globalprotect port '4501'
204. set firewall group port-group pg-vpn_globalprotect port '500'
205. set firewall group port-group pg-vpn_globalprotect port '4500'
206. set firewall group port-group pg-vpn_pri port '443'
207. set firewall group port-group pg-web port '80'
208. set firewall group port-group pg-web port '443'
209. set firewall group port-group pg-webex port '9000'
210. set firewall group port-group pg-webex port '5004'
211. set firewall group port-group pg-webex port '33434-33598'
212. set firewall group port-group pg-whatsapp port '3478'
213. set firewall group port-group pg-wsus port '8530'
214. set firewall group port-group pg-xmpp port '5222'
215. set firewall ipv6-receive-redirects 'disable'
216. set firewall ipv6-src-route 'disable'
217. set firewall ip-src-route 'disable'
218. set firewall log-martians 'enable'
219. set firewall name cam-dmz default-action 'drop'
220. set firewall name cam-dmz enable-default-log
221. set firewall name cam-dmz rule 1 action 'accept'
222. set firewall name cam-dmz rule 1 state established 'enable'
223. set firewall name cam-dmz rule 1 state related 'enable'
224. set firewall name cam-dmz rule 2 action 'drop'
225. set firewall name cam-dmz rule 2 log 'enable'
226. set firewall name cam-dmz rule 2 state invalid 'enable'
227. set firewall name cam-dmz rule 400 action 'accept'
228. set firewall name cam-dmz rule 400 destination group address-group 'ntpservers'
229. set firewall name cam-dmz rule 400 destination group port-group 'pg-ntp'
230. set firewall name cam-dmz rule 400 log 'enable'
231. set firewall name cam-dmz rule 400 protocol 'udp'
232. set firewall name cam-download default-action 'drop'
233. set firewall name cam-download enable-default-log
234. set firewall name cam-download rule 1 action 'accept'
235. set firewall name cam-download rule 1 state established 'enable'
236. set firewall name cam-download rule 1 state related 'enable'
237. set firewall name cam-download rule 2 action 'drop'
238. set firewall name cam-download rule 2 log 'enable'
239. set firewall name cam-download rule 2 state invalid 'enable'
240. set firewall name cam-firewall default-action 'drop'
241. set firewall name cam-firewall enable-default-log
242. set firewall name cam-firewall rule 1 action 'accept'
243. set firewall name cam-firewall rule 1 state established 'enable'
244. set firewall name cam-firewall rule 1 state related 'enable'
245. set firewall name cam-firewall rule 2 action 'drop'
246. set firewall name cam-firewall rule 2 log 'enable'
247. set firewall name cam-firewall rule 2 state invalid 'enable'
248. set firewall name cam-firewall rule 10 action 'accept'
249. set firewall name cam-firewall rule 10 destination group address-group 'ag-vrrp-cam'
250. set firewall name cam-firewall rule 10 protocol 'vrrp'
251. set firewall name cam-firewall rule 10 source group address-group 'ag-vrrp-cam'
252. set firewall name cam-guest default-action 'drop'
253. set firewall name cam-guest enable-default-log
254. set firewall name cam-guest rule 1 action 'accept'
255. set firewall name cam-guest rule 1 state established 'enable'
256. set firewall name cam-guest rule 1 state related 'enable'
257. set firewall name cam-guest rule 2 action 'drop'
258. set firewall name cam-guest rule 2 log 'enable'
259. set firewall name cam-guest rule 2 state invalid 'enable'
260. set firewall name cam-lan default-action 'drop'
261. set firewall name cam-lan enable-default-log
262. set firewall name cam-lan rule 1 action 'accept'
263. set firewall name cam-lan rule 1 state established 'enable'
264. set firewall name cam-lan rule 1 state related 'enable'
265. set firewall name cam-lan rule 2 action 'drop'
266. set firewall name cam-lan rule 2 log 'enable'
267. set firewall name cam-lan rule 2 state invalid 'enable'
268. set firewall name cam-mgmt default-action 'drop'
269. set firewall name cam-mgmt enable-default-log
270. set firewall name cam-mgmt rule 1 action 'accept'
271. set firewall name cam-mgmt rule 1 state established 'enable'
272. set firewall name cam-mgmt rule 1 state related 'enable'
273. set firewall name cam-mgmt rule 2 action 'drop'
274. set firewall name cam-mgmt rule 2 log 'enable'
275. set firewall name cam-mgmt rule 2 state invalid 'enable'
276. set firewall name cam-public default-action 'drop'
277. set firewall name cam-public enable-default-log
278. set firewall name cam-public rule 1 action 'accept'
279. set firewall name cam-public rule 1 state established 'enable'
280. set firewall name cam-public rule 1 state related 'enable'
281. set firewall name cam-public rule 2 action 'drop'
282. set firewall name cam-public rule 2 log 'enable'
283. set firewall name cam-public rule 2 state invalid 'enable'
284. set firewall name cam-wan default-action 'drop'
285. set firewall name cam-wan enable-default-log
286. set firewall name cam-wan rule 1 action 'accept'
287. set firewall name cam-wan rule 1 state established 'enable'
288. set firewall name cam-wan rule 1 state related 'enable'
289. set firewall name cam-wan rule 2 action 'drop'
290. set firewall name cam-wan rule 2 log 'enable'
291. set firewall name cam-wan rule 2 state invalid 'enable'
292. set firewall name dmz-cam default-action 'drop'
293. set firewall name dmz-cam enable-default-log
294. set firewall name dmz-cam rule 1 action 'accept'
295. set firewall name dmz-cam rule 1 state established 'enable'
296. set firewall name dmz-cam rule 1 state related 'enable'
297. set firewall name dmz-cam rule 2 action 'drop'
298. set firewall name dmz-cam rule 2 log 'enable'
299. set firewall name dmz-cam rule 2 state invalid 'enable'
300. set firewall name dmz-cam rule 380 action 'accept'
301. set firewall name dmz-cam rule 380 destination group port-group 'pg-cam_rtsp'
302. set firewall name dmz-cam rule 380 log 'enable'
303. set firewall name dmz-cam rule 380 protocol 'tcp'
304. set firewall name dmz-cam rule 380 source group address-group 'ag-blueiris'
305. set firewall name dmz-cam rule 381 action 'accept'
306. set firewall name dmz-cam rule 381 destination group port-group 'pg-cam_onvif'
307. set firewall name dmz-cam rule 381 log 'enable'
308. set firewall name dmz-cam rule 381 protocol 'tcp'
309. set firewall name dmz-cam rule 381 source group address-group 'ag-blueiris'
310. set firewall name dmz-download default-action 'drop'
311. set firewall name dmz-download enable-default-log
312. set firewall name dmz-download rule 1 action 'accept'
313. set firewall name dmz-download rule 1 state established 'enable'
314. set firewall name dmz-download rule 1 state related 'enable'
315. set firewall name dmz-download rule 2 action 'drop'
316. set firewall name dmz-download rule 2 log 'enable'
317. set firewall name dmz-download rule 2 state invalid 'enable'
318. set firewall name dmz-download rule 100 action 'accept'
319. set firewall name dmz-download rule 100 log 'enable'
320. set firewall name dmz-download rule 100 protocol 'icmp'
321. set firewall name dmz-download rule 300 action 'accept'
322. set firewall name dmz-download rule 300 destination group address-group 'ag-down-fileserver'
323. set firewall name dmz-download rule 300 destination group port-group 'pg-smb'
324. set firewall name dmz-download rule 300 log 'enable'
325. set firewall name dmz-download rule 300 protocol 'tcp'
326. set firewall name dmz-download rule 300 source group address-group 'ag-fileserver'
327. set firewall name dmz-firewall default-action 'drop'
328. set firewall name dmz-firewall enable-default-log
329. set firewall name dmz-firewall rule 1 action 'accept'
330. set firewall name dmz-firewall rule 1 state established 'enable'
331. set firewall name dmz-firewall rule 1 state related 'enable'
332. set firewall name dmz-firewall rule 2 action 'drop'
333. set firewall name dmz-firewall rule 2 log 'enable'
334. set firewall name dmz-firewall rule 2 state invalid 'enable'
335. set firewall name dmz-firewall rule 10 action 'accept'
336. set firewall name dmz-firewall rule 10 destination group address-group 'ag-vrrp-dmz'
337. set firewall name dmz-firewall rule 10 protocol 'vrrp'
338. set firewall name dmz-firewall rule 10 source group address-group 'ag-vrrp-dmz'
339. set firewall name dmz-firewall rule 600 action 'accept'
340. set firewall name dmz-firewall rule 600 destination group port-group 'pg-dhcp'
341. set firewall name dmz-firewall rule 600 log 'enable'
342. set firewall name dmz-firewall rule 600 protocol 'udp'
343. set firewall name dmz-firewall rule 600 source group address-group 'ag-dhcp-server'
344. set firewall name dmz-firewall rule 610 action 'drop'
345. set firewall name dmz-firewall rule 610 description 'Drop Netbios traffic from logs'
346. set firewall name dmz-firewall rule 610 destination group port-group 'pg-netbios'
347. set firewall name dmz-firewall rule 610 log 'disable'
348. set firewall name dmz-firewall rule 610 protocol 'udp'
349. set firewall name dmz-guest default-action 'drop'
350. set firewall name dmz-guest enable-default-log
351. set firewall name dmz-guest rule 1 action 'accept'
352. set firewall name dmz-guest rule 1 state established 'enable'
353. set firewall name dmz-guest rule 1 state related 'enable'
354. set firewall name dmz-guest rule 2 action 'drop'
355. set firewall name dmz-guest rule 2 log 'enable'
356. set firewall name dmz-guest rule 2 state invalid 'enable'
357. set firewall name dmz-iot default-action 'drop'
358. set firewall name dmz-iot enable-default-log
359. set firewall name dmz-iot rule 1 action 'accept'
360. set firewall name dmz-iot rule 1 state established 'enable'
361. set firewall name dmz-iot rule 1 state related 'enable'
362. set firewall name dmz-iot rule 2 action 'drop'
363. set firewall name dmz-iot rule 2 log 'enable'
364. set firewall name dmz-iot rule 2 state invalid 'enable'
365. set firewall name dmz-lan default-action 'drop'
366. set firewall name dmz-lan enable-default-log
367. set firewall name dmz-lan rule 1 action 'accept'
368. set firewall name dmz-lan rule 1 state established 'enable'
369. set firewall name dmz-lan rule 1 state related 'enable'
370. set firewall name dmz-lan rule 2 action 'drop'
371. set firewall name dmz-lan rule 2 log 'enable'
372. set firewall name dmz-lan rule 2 state invalid 'enable'
373. set firewall name dmz-lan rule 550 action 'accept'
374. set firewall name dmz-lan rule 550 destination group port-group 'pg-bf_server'
375. set firewall name dmz-lan rule 550 log 'enable'
376. set firewall name dmz-lan rule 550 protocol 'udp'
377. set firewall name dmz-lan rule 550 source group address-group 'ag-bf_relay'
378. set firewall name dmz-mgmt default-action 'drop'
379. set firewall name dmz-mgmt enable-default-log
380. set firewall name dmz-mgmt rule 1 action 'accept'
381. set firewall name dmz-mgmt rule 1 state established 'enable'
382. set firewall name dmz-mgmt rule 1 state related 'enable'
383. set firewall name dmz-mgmt rule 2 action 'drop'
384. set firewall name dmz-mgmt rule 2 log 'enable'
385. set firewall name dmz-mgmt rule 2 state invalid 'enable'
386. set firewall name dmz-mgmt rule 100 action 'accept'
387. set firewall name dmz-mgmt rule 100 log 'enable'
388. set firewall name dmz-mgmt rule 100 protocol 'icmp'
389. set firewall name dmz-mgmt rule 456 action 'accept'
390. set firewall name dmz-mgmt rule 456 destination group address-group 'ag-vcenter'
391. set firewall name dmz-mgmt rule 456 destination group port-group 'pg-vcenter'
392. set firewall name dmz-mgmt rule 456 log 'enable'
393. set firewall name dmz-mgmt rule 456 protocol 'tcp'
394. set firewall name dmz-mgmt rule 456 source group address-group 'ag-bf_relay_extender'
395. set firewall name dmz-public default-action 'drop'
396. set firewall name dmz-public enable-default-log
397. set firewall name dmz-public rule 1 action 'accept'
398. set firewall name dmz-public rule 1 state established 'enable'
399. set firewall name dmz-public rule 1 state related 'enable'
400. set firewall name dmz-public rule 2 action 'drop'
401. set firewall name dmz-public rule 2 log 'enable'
402. set firewall name dmz-public rule 2 state invalid 'enable'
403. set firewall name dmz-wan default-action 'drop'
404. set firewall name dmz-wan enable-default-log
405. set firewall name dmz-wan rule 1 action 'accept'
406. set firewall name dmz-wan rule 1 state established 'enable'
407. set firewall name dmz-wan rule 1 state related 'enable'
408. set firewall name dmz-wan rule 2 action 'drop'
409. set firewall name dmz-wan rule 2 log 'enable'
410. set firewall name dmz-wan rule 2 state invalid 'enable'
411. set firewall name dmz-wan rule 100 action 'accept'
412. set firewall name dmz-wan rule 100 log 'enable'
413. set firewall name dmz-wan rule 100 protocol 'icmp'
414. set firewall name dmz-wan rule 200 action 'accept'
415. set firewall name dmz-wan rule 200 destination group port-group 'pg-web'
416. set firewall name dmz-wan rule 200 log 'enable'
417. set firewall name dmz-wan rule 200 protocol 'tcp'
418. set firewall name dmz-wan rule 205 action 'accept'
419. set firewall name dmz-wan rule 205 destination group port-group 'pg-speedtest'
420. set firewall name dmz-wan rule 205 log 'enable'
421. set firewall name dmz-wan rule 205 protocol 'tcp'
422. set firewall name dmz-wan rule 400 action 'accept'
423. set firewall name dmz-wan rule 400 destination group port-group 'pg-ntp'
424. set firewall name dmz-wan rule 400 log 'enable'
425. set firewall name dmz-wan rule 400 protocol 'udp'
426. set firewall name dmz-wan rule 400 source group address-group 'ntpservers'
427. set firewall name dmz-wan rule 500 action 'accept'
428. set firewall name dmz-wan rule 500 destination group port-group 'pg-dns'
429. set firewall name dmz-wan rule 500 log 'enable'
430. set firewall name dmz-wan rule 500 protocol 'tcp_udp'
431. set firewall name dmz-wan rule 500 source group address-group 'dnsforwarders'
432. set firewall name dmz-wan rule 700 action 'accept'
433. set firewall name dmz-wan rule 700 destination group port-group 'pg-ftp'
434. set firewall name dmz-wan rule 700 log 'enable'
435. set firewall name dmz-wan rule 700 protocol 'tcp'
436. set firewall name download-cam default-action 'drop'
437. set firewall name download-cam enable-default-log
438. set firewall name download-cam rule 1 action 'accept'
439. set firewall name download-cam rule 1 state established 'enable'
440. set firewall name download-cam rule 1 state related 'enable'
441. set firewall name download-cam rule 2 action 'drop'
442. set firewall name download-cam rule 2 log 'enable'
443. set firewall name download-cam rule 2 state invalid 'enable'
444. set firewall name download-dmz default-action 'drop'
445. set firewall name download-dmz enable-default-log
446. set firewall name download-dmz rule 1 action 'accept'
447. set firewall name download-dmz rule 1 state established 'enable'
448. set firewall name download-dmz rule 1 state related 'enable'
449. set firewall name download-dmz rule 2 action 'drop'
450. set firewall name download-dmz rule 2 log 'enable'
451. set firewall name download-dmz rule 2 state invalid 'enable'
452. set firewall name download-dmz rule 100 action 'accept'
453. set firewall name download-dmz rule 100 log 'enable'
454. set firewall name download-dmz rule 100 protocol 'icmp'
455. set firewall name download-dmz rule 300 action 'accept'
456. set firewall name download-dmz rule 300 destination group address-group 'ag-fileserver'
457. set firewall name download-dmz rule 300 destination group port-group 'pg-smb'
458. set firewall name download-dmz rule 300 log 'enable'
459. set firewall name download-dmz rule 300 protocol 'tcp'
460. set firewall name download-dmz rule 400 action 'accept'
461. set firewall name download-dmz rule 400 destination group address-group 'ntpservers'
462. set firewall name download-dmz rule 400 destination group port-group 'pg-ntp'
463. set firewall name download-dmz rule 400 log 'enable'
464. set firewall name download-dmz rule 400 protocol 'udp'
465. set firewall name download-dmz rule 500 action 'accept'
466. set firewall name download-dmz rule 500 destination group address-group 'dnsforwarders'
467. set firewall name download-dmz rule 500 destination group port-group 'pg-dns'
468. set firewall name download-dmz rule 500 log 'enable'
469. set firewall name download-dmz rule 500 protocol 'tcp_udp'
470. set firewall name download-dmz rule 501 action 'accept'
471. set firewall name download-dmz rule 501 description 'Allow pihole web interface'
472. set firewall name download-dmz rule 501 destination group address-group 'dns-piholes'
473. set firewall name download-dmz rule 501 destination group port-group 'pg-pihole'
474. set firewall name download-dmz rule 501 log 'enable'
475. set firewall name download-dmz rule 501 protocol 'tcp'
476. set firewall name download-dmz rule 560 action 'accept'
477. set firewall name download-dmz rule 560 destination group address-group 'ag-wsus'
478. set firewall name download-dmz rule 560 destination group port-group 'pg-wsus'
479. set firewall name download-dmz rule 560 log 'enable'
480. set firewall name download-dmz rule 560 protocol 'tcp'
481. set firewall name download-firewall default-action 'drop'
482. set firewall name download-firewall enable-default-log
483. set firewall name download-firewall rule 1 action 'accept'
484. set firewall name download-firewall rule 1 state established 'enable'
485. set firewall name download-firewall rule 1 state related 'enable'
486. set firewall name download-firewall rule 2 action 'drop'
487. set firewall name download-firewall rule 2 log 'enable'
488. set firewall name download-firewall rule 2 state invalid 'enable'
489. set firewall name download-firewall rule 10 action 'accept'
490. set firewall name download-firewall rule 10 destination group address-group 'ag-vrrp-download'
491. set firewall name download-firewall rule 10 protocol 'vrrp'
492. set firewall name download-firewall rule 10 source group address-group 'ag-vrrp-download'
493. set firewall name download-firewall rule 610 action 'drop'
494. set firewall name download-firewall rule 610 description 'Drop Netbios traffic from logs'
495. set firewall name download-firewall rule 610 destination group port-group 'pg-netbios'
496. set firewall name download-firewall rule 610 log 'disable'
497. set firewall name download-firewall rule 610 protocol 'udp'
498. set firewall name download-guest default-action 'drop'
499. set firewall name download-guest enable-default-log
500. set firewall name download-guest rule 1 action 'accept'
501. set firewall name download-guest rule 1 state established 'enable'
502. set firewall name download-guest rule 1 state related 'enable'
503. set firewall name download-guest rule 2 action 'drop'
504. set firewall name download-guest rule 2 log 'enable'
505. set firewall name download-guest rule 2 state invalid 'enable'
506. set firewall name download-lan default-action 'drop'
507. set firewall name download-lan enable-default-log
508. set firewall name download-lan rule 1 action 'accept'
509. set firewall name download-lan rule 1 state established 'enable'
510. set firewall name download-lan rule 1 state related 'enable'
511. set firewall name download-lan rule 2 action 'drop'
512. set firewall name download-lan rule 2 log 'enable'
513. set firewall name download-lan rule 2 state invalid 'enable'
514. set firewall name download-mgmt default-action 'drop'
515. set firewall name download-mgmt enable-default-log
516. set firewall name download-mgmt rule 1 action 'accept'
517. set firewall name download-mgmt rule 1 state established 'enable'
518. set firewall name download-mgmt rule 1 state related 'enable'
519. set firewall name download-mgmt rule 2 action 'drop'
520. set firewall name download-mgmt rule 2 log 'enable'
521. set firewall name download-mgmt rule 2 state invalid 'enable'
522. set firewall name download-public default-action 'drop'
523. set firewall name download-public enable-default-log
524. set firewall name download-public rule 1 action 'accept'
525. set firewall name download-public rule 1 state established 'enable'
526. set firewall name download-public rule 1 state related 'enable'
527. set firewall name download-public rule 2 action 'drop'
528. set firewall name download-public rule 2 log 'enable'
529. set firewall name download-public rule 2 state invalid 'enable'
530. set firewall name download-wan default-action 'drop'
531. set firewall name download-wan enable-default-log
532. set firewall name download-wan rule 1 action 'accept'
533. set firewall name download-wan rule 1 state established 'enable'
534. set firewall name download-wan rule 1 state related 'enable'
535. set firewall name download-wan rule 2 action 'drop'
536. set firewall name download-wan rule 2 log 'enable'
537. set firewall name download-wan rule 2 state invalid 'enable'
538. set firewall name download-wan rule 100 action 'accept'
539. set firewall name download-wan rule 100 log 'enable'
540. set firewall name download-wan rule 100 protocol 'icmp'
541. set firewall name download-wan rule 200 action 'accept'
542. set firewall name download-wan rule 200 destination group port-group 'pg-web'
543. set firewall name download-wan rule 200 log 'enable'
544. set firewall name download-wan rule 200 protocol 'tcp'
545. set firewall name download-wan rule 201 action 'accept'
546. set firewall name download-wan rule 201 destination group port-group 'pg-pia_wguard'
547. set firewall name download-wan rule 201 log 'enable'
548. set firewall name download-wan rule 201 protocol 'tcp_udp'
549. set firewall name download-wan rule 700 action 'accept'
550. set firewall name download-wan rule 700 destination group port-group 'pg-ftp'
551. set firewall name download-wan rule 700 log 'enable'
552. set firewall name download-wan rule 700 protocol 'tcp'
553. set firewall name download-wan rule 705 action 'accept'
554. set firewall name download-wan rule 705 destination group port-group 'pg-pia_ping'
555. set firewall name download-wan rule 705 log 'enable'
556. set firewall name download-wan rule 705 protocol 'udp'
557. set firewall name firewall-cam default-action 'drop'
558. set firewall name firewall-cam enable-default-log
559. set firewall name firewall-cam rule 1 action 'accept'
560. set firewall name firewall-cam rule 1 state established 'enable'
561. set firewall name firewall-cam rule 1 state related 'enable'
562. set firewall name firewall-cam rule 2 action 'drop'
563. set firewall name firewall-cam rule 2 log 'enable'
564. set firewall name firewall-cam rule 2 state invalid 'enable'
565. set firewall name firewall-cam rule 10 action 'accept'
566. set firewall name firewall-cam rule 10 destination group address-group 'ag-vrrp'
567. set firewall name firewall-cam rule 10 protocol 'vrrp'
568. set firewall name firewall-cam rule 10 source group address-group 'ag-vrrp-cam'
569. set firewall name firewall-cam rule 100 action 'accept'
570. set firewall name firewall-cam rule 100 log 'enable'
571. set firewall name firewall-cam rule 100 protocol 'icmp'
572. set firewall name firewall-dmz default-action 'drop'
573. set firewall name firewall-dmz enable-default-log
574. set firewall name firewall-dmz rule 1 action 'accept'
575. set firewall name firewall-dmz rule 1 state established 'enable'
576. set firewall name firewall-dmz rule 1 state related 'enable'
577. set firewall name firewall-dmz rule 2 action 'drop'
578. set firewall name firewall-dmz rule 2 log 'enable'
579. set firewall name firewall-dmz rule 2 state invalid 'enable'
580. set firewall name firewall-dmz rule 10 action 'accept'
581. set firewall name firewall-dmz rule 10 destination group address-group 'ag-vrrp'
582. set firewall name firewall-dmz rule 10 protocol 'vrrp'
583. set firewall name firewall-dmz rule 10 source group address-group 'ag-vrrp-dmz'
584. set firewall name firewall-dmz rule 100 action 'accept'
585. set firewall name firewall-dmz rule 100 log 'enable'
586. set firewall name firewall-dmz rule 100 protocol 'icmp'
587. set firewall name firewall-dmz rule 400 action 'accept'
588. set firewall name firewall-dmz rule 400 destination group address-group 'ntpservers'
589. set firewall name firewall-dmz rule 400 destination group port-group 'pg-ntp'
590. set firewall name firewall-dmz rule 400 log 'enable'
591. set firewall name firewall-dmz rule 400 protocol 'udp'
592. set firewall name firewall-dmz rule 500 action 'accept'
593. set firewall name firewall-dmz rule 500 destination group address-group 'ag-dns-dc_main'
594. set firewall name firewall-dmz rule 500 destination group port-group 'pg-dns'
595. set firewall name firewall-dmz rule 500 log 'enable'
596. set firewall name firewall-dmz rule 500 protocol 'tcp_udp'
597. set firewall name firewall-dmz rule 600 action 'accept'
598. set firewall name firewall-dmz rule 600 destination group address-group 'ag-dhcp-server'
599. set firewall name firewall-dmz rule 600 destination group port-group 'pg-dhcp'
600. set firewall name firewall-dmz rule 600 log 'enable'
601. set firewall name firewall-dmz rule 600 protocol 'udp'
602. set firewall name firewall-download default-action 'drop'
603. set firewall name firewall-download enable-default-log
604. set firewall name firewall-download rule 1 action 'accept'
605. set firewall name firewall-download rule 1 state established 'enable'
606. set firewall name firewall-download rule 1 state related 'enable'
607. set firewall name firewall-download rule 2 action 'drop'
608. set firewall name firewall-download rule 2 log 'enable'
609. set firewall name firewall-download rule 2 state invalid 'enable'
610. set firewall name firewall-download rule 10 action 'accept'
611. set firewall name firewall-download rule 10 destination group address-group 'ag-vrrp'
612. set firewall name firewall-download rule 10 protocol 'vrrp'
613. set firewall name firewall-download rule 10 source group address-group 'ag-vrrp-download'
614. set firewall name firewall-download rule 100 action 'accept'
615. set firewall name firewall-download rule 100 log 'enable'
616. set firewall name firewall-download rule 100 protocol 'icmp'
617. set firewall name firewall-guest default-action 'drop'
618. set firewall name firewall-guest enable-default-log
619. set firewall name firewall-guest rule 1 action 'accept'
620. set firewall name firewall-guest rule 1 state established 'enable'
621. set firewall name firewall-guest rule 1 state related 'enable'
622. set firewall name firewall-guest rule 2 action 'drop'
623. set firewall name firewall-guest rule 2 log 'enable'
624. set firewall name firewall-guest rule 2 state invalid 'enable'
625. set firewall name firewall-guest rule 10 action 'accept'
626. set firewall name firewall-guest rule 10 destination group address-group 'ag-vrrp'
627. set firewall name firewall-guest rule 10 protocol 'vrrp'
628. set firewall name firewall-guest rule 10 source group address-group 'ag-vrrp-guest'
629. set firewall name firewall-guest rule 100 action 'accept'
630. set firewall name firewall-guest rule 100 log 'enable'
631. set firewall name firewall-guest rule 100 protocol 'icmp'
632. set firewall name firewall-guest rule 602 action 'accept'
633. set firewall name firewall-guest rule 602 destination group address-group 'ag-mdns'
634. set firewall name firewall-guest rule 602 destination group port-group 'pg-mdns'
635. set firewall name firewall-guest rule 602 protocol 'udp'
636. set firewall name firewall-iot default-action 'drop'
637. set firewall name firewall-iot enable-default-log
638. set firewall name firewall-iot rule 1 action 'accept'
639. set firewall name firewall-iot rule 1 state established 'enable'
640. set firewall name firewall-iot rule 1 state related 'enable'
641. set firewall name firewall-iot rule 2 action 'drop'
642. set firewall name firewall-iot rule 2 log 'enable'
643. set firewall name firewall-iot rule 2 state invalid 'enable'
644. set firewall name firewall-iot rule 10 action 'accept'
645. set firewall name firewall-iot rule 10 destination group address-group 'ag-vrrp'
646. set firewall name firewall-iot rule 10 protocol 'vrrp'
647. set firewall name firewall-iot rule 10 source group address-group 'ag-vrrp-iot'
648. set firewall name firewall-iot rule 100 action 'accept'
649. set firewall name firewall-iot rule 100 log 'enable'
650. set firewall name firewall-iot rule 100 protocol 'icmp'
651. set firewall name firewall-iot rule 602 action 'accept'
652. set firewall name firewall-iot rule 602 destination group address-group 'ag-mdns'
653. set firewall name firewall-iot rule 602 destination group port-group 'pg-mdns'
654. set firewall name firewall-iot rule 602 protocol 'udp'
655. set firewall name firewall-lan default-action 'drop'
656. set firewall name firewall-lan enable-default-log
657. set firewall name firewall-lan rule 1 action 'accept'
658. set firewall name firewall-lan rule 1 state established 'enable'
659. set firewall name firewall-lan rule 1 state related 'enable'
660. set firewall name firewall-lan rule 2 action 'drop'
661. set firewall name firewall-lan rule 2 log 'enable'
662. set firewall name firewall-lan rule 2 state invalid 'enable'
663. set firewall name firewall-lan rule 10 action 'accept'
664. set firewall name firewall-lan rule 10 destination group address-group 'ag-vrrp'
665. set firewall name firewall-lan rule 10 protocol 'vrrp'
666. set firewall name firewall-lan rule 10 source group address-group 'ag-vrrp-lan'
667. set firewall name firewall-lan rule 100 action 'accept'
668. set firewall name firewall-lan rule 100 log 'enable'
669. set firewall name firewall-lan rule 100 protocol 'icmp'
670. set firewall name firewall-lan rule 602 action 'accept'
671. set firewall name firewall-lan rule 602 destination group address-group 'ag-mdns'
672. set firewall name firewall-lan rule 602 destination group port-group 'pg-mdns'
673. set firewall name firewall-lan rule 602 protocol 'udp'
674. set firewall name firewall-mgmt default-action 'drop'
675. set firewall name firewall-mgmt enable-default-log
676. set firewall name firewall-mgmt rule 1 action 'accept'
677. set firewall name firewall-mgmt rule 1 state established 'enable'
678. set firewall name firewall-mgmt rule 1 state related 'enable'
679. set firewall name firewall-mgmt rule 2 action 'drop'
680. set firewall name firewall-mgmt rule 2 log 'enable'
681. set firewall name firewall-mgmt rule 2 state invalid 'enable'
682. set firewall name firewall-mgmt rule 10 action 'accept'
683. set firewall name firewall-mgmt rule 10 destination group address-group 'ag-vrrp'
684. set firewall name firewall-mgmt rule 10 protocol 'vrrp'
685. set firewall name firewall-mgmt rule 10 source group address-group 'ag-vrrp-mgmt'
686. set firewall name firewall-mgmt rule 100 action 'accept'
687. set firewall name firewall-mgmt rule 100 log 'enable'
688. set firewall name firewall-mgmt rule 100 protocol 'icmp'
689. set firewall name firewall-mgmt rule 650 action 'accept'
690. set firewall name firewall-mgmt rule 650 description 'Accept Conntrack Sync'
691. set firewall name firewall-mgmt rule 650 destination group address-group 'ag-ct_sync'
692. set firewall name firewall-mgmt rule 650 destination group port-group 'pg-ct_sync'
693. set firewall name firewall-mgmt rule 650 protocol 'udp'
694. set firewall name firewall-mgmt rule 650 source group address-group 'ag-vrrp-mgmt'
695. set firewall name firewall-mgmt rule 651 action 'accept'
696. set firewall name firewall-mgmt rule 651 description 'Allow IGMP for Conntrack Sync'
697. set firewall name firewall-mgmt rule 651 destination group address-group 'ag-igmp'
698. set firewall name firewall-mgmt rule 651 protocol 'igmp'
699. set firewall name firewall-mgmt rule 651 source group address-group 'ag-vrrp-mgmt'
700. set firewall name firewall-public default-action 'drop'
701. set firewall name firewall-public enable-default-log
702. set firewall name firewall-public rule 1 action 'accept'
703. set firewall name firewall-public rule 1 state established 'enable'
704. set firewall name firewall-public rule 1 state related 'enable'
705. set firewall name firewall-public rule 2 action 'drop'
706. set firewall name firewall-public rule 2 log 'enable'
707. set firewall name firewall-public rule 2 state invalid 'enable'
708. set firewall name firewall-public rule 10 action 'accept'
709. set firewall name firewall-public rule 10 destination group address-group 'ag-vrrp'
710. set firewall name firewall-public rule 10 protocol 'vrrp'
711. set firewall name firewall-public rule 10 source group address-group 'ag-vrrp-public'
712. set firewall name firewall-public rule 100 action 'accept'
713. set firewall name firewall-public rule 100 log 'enable'
714. set firewall name firewall-public rule 100 protocol 'icmp'
715. set firewall name firewall-wan default-action 'drop'
716. set firewall name firewall-wan enable-default-log
717. set firewall name firewall-wan rule 1 action 'accept'
718. set firewall name firewall-wan rule 1 state established 'enable'
719. set firewall name firewall-wan rule 1 state related 'enable'
720. set firewall name firewall-wan rule 2 action 'drop'
721. set firewall name firewall-wan rule 2 log 'enable'
722. set firewall name firewall-wan rule 2 state invalid 'enable'
723. set firewall name firewall-wan rule 100 action 'accept'
724. set firewall name firewall-wan rule 100 log 'enable'
725. set firewall name firewall-wan rule 100 protocol 'icmp'
726. set firewall name firewall-wan rule 200 action 'accept'
727. set firewall name firewall-wan rule 200 description 'Allow updating dynamic DNS'
728. set firewall name firewall-wan rule 200 destination group port-group 'pg-web'
729. set firewall name firewall-wan rule 200 log 'enable'
730. set firewall name firewall-wan rule 200 protocol 'tcp'
731. set firewall name firewall-wan rule 600 action 'accept'
732. set firewall name firewall-wan rule 600 destination group port-group 'pg-dhcp'
733. set firewall name firewall-wan rule 600 log 'enable'
734. set firewall name firewall-wan rule 600 protocol 'udp'
735. set firewall name guest-cam default-action 'drop'
736. set firewall name guest-cam enable-default-log
737. set firewall name guest-cam rule 1 action 'accept'
738. set firewall name guest-cam rule 1 state established 'enable'
739. set firewall name guest-cam rule 1 state related 'enable'
740. set firewall name guest-cam rule 2 action 'drop'
741. set firewall name guest-cam rule 2 log 'enable'
742. set firewall name guest-cam rule 2 state invalid 'enable'
743. set firewall name guest-dmz default-action 'drop'
744. set firewall name guest-dmz enable-default-log
745. set firewall name guest-dmz rule 1 action 'accept'
746. set firewall name guest-dmz rule 1 state established 'enable'
747. set firewall name guest-dmz rule 1 state related 'enable'
748. set firewall name guest-dmz rule 2 action 'drop'
749. set firewall name guest-dmz rule 2 log 'enable'
750. set firewall name guest-dmz rule 2 state invalid 'enable'
751. set firewall name guest-dmz rule 400 action 'accept'
752. set firewall name guest-dmz rule 400 destination group address-group 'ntpservers'
753. set firewall name guest-dmz rule 400 destination group port-group 'pg-ntp'
754. set firewall name guest-dmz rule 400 log 'enable'
755. set firewall name guest-dmz rule 400 protocol 'udp'
756. set firewall name guest-dmz rule 500 action 'accept'
757. set firewall name guest-dmz rule 500 destination group address-group 'dnsforwarders'
758. set firewall name guest-dmz rule 500 destination group port-group 'pg-dns'
759. set firewall name guest-dmz rule 500 log 'enable'
760. set firewall name guest-dmz rule 500 protocol 'tcp_udp'
761. set firewall name guest-dmz rule 501 action 'accept'
762. set firewall name guest-dmz rule 501 description 'Allow HTTP for Pi-hole'
763. set firewall name guest-dmz rule 501 destination group address-group 'dns-piholes'
764. set firewall name guest-dmz rule 501 destination group port-group 'pg-pihole'
765. set firewall name guest-dmz rule 501 log 'enable'
766. set firewall name guest-dmz rule 501 protocol 'tcp'
767. set firewall name guest-dmz rule 600 action 'accept'
768. set firewall name guest-dmz rule 600 destination group address-group 'ag-dhcp-server'
769. set firewall name guest-dmz rule 600 destination group port-group 'pg-dhcp'
770. set firewall name guest-dmz rule 600 log 'enable'
771. set firewall name guest-dmz rule 600 protocol 'udp'
772. set firewall name guest-download default-action 'drop'
773. set firewall name guest-download enable-default-log
774. set firewall name guest-download rule 1 action 'accept'
775. set firewall name guest-download rule 1 state established 'enable'
776. set firewall name guest-download rule 1 state related 'enable'
777. set firewall name guest-download rule 2 action 'drop'
778. set firewall name guest-download rule 2 log 'enable'
779. set firewall name guest-download rule 2 state invalid 'enable'
780. set firewall name guest-firewall default-action 'drop'
781. set firewall name guest-firewall enable-default-log
782. set firewall name guest-firewall rule 1 action 'accept'
783. set firewall name guest-firewall rule 1 state established 'enable'
784. set firewall name guest-firewall rule 1 state related 'enable'
785. set firewall name guest-firewall rule 2 action 'drop'
786. set firewall name guest-firewall rule 2 log 'enable'
787. set firewall name guest-firewall rule 2 state invalid 'enable'
788. set firewall name guest-firewall rule 10 action 'accept'
789. set firewall name guest-firewall rule 10 destination group address-group 'ag-vrrp-guest'
790. set firewall name guest-firewall rule 10 protocol 'vrrp'
791. set firewall name guest-firewall rule 10 source group address-group 'ag-vrrp-guest'
792. set firewall name guest-firewall rule 600 action 'accept'
793. set firewall name guest-firewall rule 600 destination group port-group 'pg-dhcp'
794. set firewall name guest-firewall rule 600 log 'enable'
795. set firewall name guest-firewall rule 600 protocol 'udp'
796. set firewall name guest-firewall rule 602 action 'accept'
797. set firewall name guest-firewall rule 602 destination group address-group 'ag-mdns'
798. set firewall name guest-firewall rule 602 destination group port-group 'pg-mdns'
799. set firewall name guest-firewall rule 602 protocol 'udp'
800. set firewall name guest-firewall rule 605 action 'accept'
801. set firewall name guest-firewall rule 605 description 'Allow media/TV discovery (Direct)'
802. set firewall name guest-firewall rule 605 destination group address-group 'ag-bcast_lan'
803. set firewall name guest-firewall rule 605 destination group port-group 'pg-tv_discover'
804. set firewall name guest-firewall rule 605 log 'enable'
805. set firewall name guest-firewall rule 605 protocol 'udp'
806. set firewall name guest-firewall rule 606 action 'accept'
807. set firewall name guest-firewall rule 606 description 'Allow media/TV discovery (Limited)'
808. set firewall name guest-firewall rule 606 destination group address-group 'ag-bcast_limit'
809. set firewall name guest-firewall rule 606 destination group port-group 'pg-tv_discover'
810. set firewall name guest-firewall rule 606 log 'enable'
811. set firewall name guest-firewall rule 606 protocol 'udp'
812. set firewall name guest-firewall rule 610 action 'drop'
813. set firewall name guest-firewall rule 610 description 'Drop Netbios traffic from logs'
814. set firewall name guest-firewall rule 610 destination group port-group 'pg-netbios'
815. set firewall name guest-firewall rule 610 log 'disable'
816. set firewall name guest-firewall rule 610 protocol 'udp'
817. set firewall name guest-iot default-action 'drop'
818. set firewall name guest-iot enable-default-log
819. set firewall name guest-iot rule 1 action 'accept'
820. set firewall name guest-iot rule 1 state established 'enable'
821. set firewall name guest-iot rule 1 state related 'enable'
822. set firewall name guest-iot rule 2 action 'drop'
823. set firewall name guest-iot rule 2 log 'enable'
824. set firewall name guest-iot rule 2 state invalid 'enable'
825. set firewall name guest-iot rule 207 action 'accept'
826. set firewall name guest-iot rule 207 destination group port-group 'pg-google_cast'
827. set firewall name guest-iot rule 207 log 'enable'
828. set firewall name guest-iot rule 207 protocol 'tcp'
829. set firewall name guest-iot rule 208 action 'accept'
830. set firewall name guest-iot rule 208 log 'enable'
831. set firewall name guest-iot rule 208 protocol 'udp'
832. set firewall name guest-iot rule 208 source group port-group 'pg-google_cast_pic'
833. set firewall name guest-lan default-action 'drop'
834. set firewall name guest-lan enable-default-log
835. set firewall name guest-lan rule 1 action 'accept'
836. set firewall name guest-lan rule 1 state established 'enable'
837. set firewall name guest-lan rule 1 state related 'enable'
838. set firewall name guest-lan rule 2 action 'drop'
839. set firewall name guest-lan rule 2 log 'enable'
840. set firewall name guest-lan rule 2 state invalid 'enable'
841. set firewall name guest-mgmt default-action 'drop'
842. set firewall name guest-mgmt enable-default-log
843. set firewall name guest-mgmt rule 1 action 'accept'
844. set firewall name guest-mgmt rule 1 state established 'enable'
845. set firewall name guest-mgmt rule 1 state related 'enable'
846. set firewall name guest-mgmt rule 2 action 'drop'
847. set firewall name guest-mgmt rule 2 log 'enable'
848. set firewall name guest-mgmt rule 2 state invalid 'enable'
849. set firewall name guest-public default-action 'drop'
850. set firewall name guest-public enable-default-log
851. set firewall name guest-public rule 1 action 'accept'
852. set firewall name guest-public rule 1 state established 'enable'
853. set firewall name guest-public rule 1 state related 'enable'
854. set firewall name guest-public rule 2 action 'drop'
855. set firewall name guest-public rule 2 log 'enable'
856. set firewall name guest-public rule 2 state invalid 'enable'
857. set firewall name guest-wan default-action 'drop'
858. set firewall name guest-wan enable-default-log
859. set firewall name guest-wan rule 1 action 'accept'
860. set firewall name guest-wan rule 1 state established 'enable'
861. set firewall name guest-wan rule 1 state related 'enable'
862. set firewall name guest-wan rule 2 action 'drop'
863. set firewall name guest-wan rule 2 log 'enable'
864. set firewall name guest-wan rule 2 state invalid 'enable'
865. set firewall name guest-wan rule 100 action 'accept'
866. set firewall name guest-wan rule 100 log 'enable'
867. set firewall name guest-wan rule 100 protocol 'icmp'
868. set firewall name guest-wan rule 200 action 'accept'
869. set firewall name guest-wan rule 200 destination group port-group 'pg-web'
870. set firewall name guest-wan rule 200 log 'enable'
871. set firewall name guest-wan rule 200 protocol 'tcp'
872. set firewall name guest-wan rule 203 action 'accept'
873. set firewall name guest-wan rule 203 destination group port-group 'pg-google_quic'
874. set firewall name guest-wan rule 203 log 'enable'
875. set firewall name guest-wan rule 203 protocol 'udp'
876. set firewall name guest-wan rule 204 action 'accept'
877. set firewall name guest-wan rule 204 destination group port-group 'pg-google_fcm'
878. set firewall name guest-wan rule 204 log 'enable'
879. set firewall name guest-wan rule 204 protocol 'tcp_udp'
880. set firewall name guest-wan rule 205 action 'accept'
881. set firewall name guest-wan rule 205 destination group port-group 'pg-speedtest'
882. set firewall name guest-wan rule 205 log 'enable'
883. set firewall name guest-wan rule 205 protocol 'tcp'
884. set firewall name guest-wan rule 208 action 'accept'
885. set firewall name guest-wan rule 208 destination group port-group 'pg-agps'
886. set firewall name guest-wan rule 208 log 'enable'
887. set firewall name guest-wan rule 208 protocol 'tcp'
888. set firewall name guest-wan rule 209 action 'accept'
889. set firewall name guest-wan rule 209 destination group port-group 'pg-xmpp'
890. set firewall name guest-wan rule 209 log 'enable'
891. set firewall name guest-wan rule 209 protocol 'tcp'
892. set firewall name guest-wan rule 215 action 'accept'
893. set firewall name guest-wan rule 215 destination group port-group 'pg-spotify'
894. set firewall name guest-wan rule 215 log 'enable'
895. set firewall name guest-wan rule 215 protocol 'tcp'
896. set firewall name guest-wan rule 400 action 'accept'
897. set firewall name guest-wan rule 400 destination group port-group 'pg-ntp'
898. set firewall name guest-wan rule 400 log 'enable'
899. set firewall name guest-wan rule 400 protocol 'udp'
900. set firewall name guest-wan rule 500 action 'accept'
901. set firewall name guest-wan rule 500 destination group port-group 'pg-dns'
902. set firewall name guest-wan rule 500 log 'enable'
903. set firewall name guest-wan rule 500 protocol 'tcp_udp'
904. set firewall name guest-wan rule 630 action 'accept'
905. set firewall name guest-wan rule 630 destination group port-group 'pg-whatsapp'
906. set firewall name guest-wan rule 630 log 'enable'
907. set firewall name guest-wan rule 630 protocol 'udp'
908. set firewall name guest-wan rule 631 action 'accept'
909. set firewall name guest-wan rule 631 destination group port-group 'pg-skype'
910. set firewall name guest-wan rule 631 log 'enable'
911. set firewall name guest-wan rule 631 protocol 'udp'
912. set firewall name guest-wan rule 632 action 'accept'
913. set firewall name guest-wan rule 632 destination group port-group 'pg-webex'
914. set firewall name guest-wan rule 632 log 'enable'
915. set firewall name guest-wan rule 632 protocol 'tcp_udp'
916. set firewall name guest-wan rule 635 action 'accept'
917. set firewall name guest-wan rule 635 destination group port-group 'pg-person3_work'
918. set firewall name guest-wan rule 635 log 'enable'
919. set firewall name guest-wan rule 635 protocol 'udp'
920. set firewall name guest-wan rule 700 action 'accept'
921. set firewall name guest-wan rule 700 destination group port-group 'pg-ftp'
922. set firewall name guest-wan rule 700 log 'enable'
923. set firewall name guest-wan rule 700 protocol 'tcp'
924. set firewall name iot-dmz default-action 'drop'
925. set firewall name iot-dmz enable-default-log
926. set firewall name iot-dmz rule 1 action 'accept'
927. set firewall name iot-dmz rule 1 state established 'enable'
928. set firewall name iot-dmz rule 1 state related 'enable'
929. set firewall name iot-dmz rule 2 action 'drop'
930. set firewall name iot-dmz rule 2 log 'enable'
931. set firewall name iot-dmz rule 2 state invalid 'enable'
932. set firewall name iot-dmz rule 100 action 'accept'
933. set firewall name iot-dmz rule 100 destination group address-group 'dns-piholes'
934. set firewall name iot-dmz rule 100 log 'enable'
935. set firewall name iot-dmz rule 100 protocol 'icmp'
936. set firewall name iot-dmz rule 300 action 'accept'
937. set firewall name iot-dmz rule 300 destination group address-group 'ag-fileserver'
938. set firewall name iot-dmz rule 300 destination group port-group 'pg-smb'
939. set firewall name iot-dmz rule 300 log 'enable'
940. set firewall name iot-dmz rule 300 protocol 'tcp'
941. set firewall name iot-dmz rule 300 source group address-group 'ag-media_player'
942. set firewall name iot-dmz rule 400 action 'accept'
943. set firewall name iot-dmz rule 400 destination group address-group 'ntpservers'
944. set firewall name iot-dmz rule 400 destination group port-group 'pg-ntp'
945. set firewall name iot-dmz rule 400 log 'enable'
946. set firewall name iot-dmz rule 400 protocol 'udp'
947. set firewall name iot-dmz rule 500 action 'accept'
948. set firewall name iot-dmz rule 500 destination group address-group 'dns-piholes'
949. set firewall name iot-dmz rule 500 destination group port-group 'pg-dns'
950. set firewall name iot-dmz rule 500 log 'enable'
951. set firewall name iot-dmz rule 500 protocol 'tcp_udp'
952. set firewall name iot-dmz rule 501 action 'accept'
953. set firewall name iot-dmz rule 501 description 'Allow HTTP for Pi-hole'
954. set firewall name iot-dmz rule 501 destination group address-group 'dns-piholes'
955. set firewall name iot-dmz rule 501 destination group port-group 'pg-pihole'
956. set firewall name iot-dmz rule 501 log 'enable'
957. set firewall name iot-dmz rule 501 protocol 'tcp'
958. set firewall name iot-dmz rule 502 action 'drop'
959. set firewall name iot-dmz rule 502 description 'Disable DNS over TLS'
960. set firewall name iot-dmz rule 502 destination group address-group 'dns-piholes'
961. set firewall name iot-dmz rule 502 destination group port-group 'pg-dns_tls'
962. set firewall name iot-dmz rule 502 log 'enable'
963. set firewall name iot-dmz rule 502 protocol 'tcp'
964. set firewall name iot-dmz rule 600 action 'accept'
965. set firewall name iot-dmz rule 600 destination group address-group 'ag-dhcp-server'
966. set firewall name iot-dmz rule 600 destination group port-group 'pg-dhcp'
967. set firewall name iot-dmz rule 600 log 'enable'
968. set firewall name iot-dmz rule 600 protocol 'udp'
969. set firewall name iot-firewall default-action 'drop'
970. set firewall name iot-firewall enable-default-log
971. set firewall name iot-firewall rule 1 action 'accept'
972. set firewall name iot-firewall rule 1 state established 'enable'
973. set firewall name iot-firewall rule 1 state related 'enable'
974. set firewall name iot-firewall rule 2 action 'drop'
975. set firewall name iot-firewall rule 2 log 'enable'
976. set firewall name iot-firewall rule 2 state invalid 'enable'
977. set firewall name iot-firewall rule 10 action 'accept'
978. set firewall name iot-firewall rule 10 destination group address-group 'ag-vrrp-iot'
979. set firewall name iot-firewall rule 10 protocol 'vrrp'
980. set firewall name iot-firewall rule 10 source group address-group 'ag-vrrp-iot'
981. set firewall name iot-firewall rule 100 action 'accept'
982. set firewall name iot-firewall rule 100 destination group address-group 'ag-fw-iot'
983. set firewall name iot-firewall rule 100 log 'enable'
984. set firewall name iot-firewall rule 100 protocol 'icmp'
985. set firewall name iot-firewall rule 371 action 'accept'
986. set firewall name iot-firewall rule 371 description 'Fronius solar 2'
987. set firewall name iot-firewall rule 371 destination address '192.168.11.255'
988. set firewall name iot-firewall rule 371 destination group port-group 'pg-solar2'
989. set firewall name iot-firewall rule 371 log 'enable'
990. set firewall name iot-firewall rule 371 protocol 'udp'
991. set firewall name iot-firewall rule 600 action 'accept'
992. set firewall name iot-firewall rule 600 destination group port-group 'pg-dhcp'
993. set firewall name iot-firewall rule 600 log 'enable'
994. set firewall name iot-firewall rule 600 protocol 'udp'
995. set firewall name iot-firewall rule 601 action 'accept'
996. set firewall name iot-firewall rule 601 description 'Allow direct bcast mDNS'
997. set firewall name iot-firewall rule 601 destination group address-group 'ag-bcast_iot'
998. set firewall name iot-firewall rule 601 destination group port-group 'pg-mdns'
999. set firewall name iot-firewall rule 601 log 'enable'
1000. set firewall name iot-firewall rule 601 protocol 'udp'
1001. set firewall name iot-firewall rule 602 action 'accept'
1002. set firewall name iot-firewall rule 602 destination group address-group 'ag-mdns'
1003. set firewall name iot-firewall rule 602 destination group port-group 'pg-mdns'
1004. set firewall name iot-firewall rule 602 protocol 'udp'
1005. set firewall name iot-firewall rule 605 action 'accept'
1006. set firewall name iot-firewall rule 605 description 'Allow media/TV discovery (Direct)'
1007. set firewall name iot-firewall rule 605 destination group address-group 'ag-bcast_iot'
1008. set firewall name iot-firewall rule 605 destination group port-group 'pg-tv_discover'
1009. set firewall name iot-firewall rule 605 log 'enable'
1010. set firewall name iot-firewall rule 605 protocol 'udp'
1011. set firewall name iot-firewall rule 606 action 'accept'
1012. set firewall name iot-firewall rule 606 description 'Allow media/TV discovery (Limited)'
1013. set firewall name iot-firewall rule 606 destination group address-group 'ag-bcast_limit'
1014. set firewall name iot-firewall rule 606 destination group port-group 'pg-tv_discover'
1015. set firewall name iot-firewall rule 606 log 'enable'
1016. set firewall name iot-firewall rule 606 protocol 'udp'
1017. set firewall name iot-firewall rule 610 action 'drop'
1018. set firewall name iot-firewall rule 610 description 'Drop Netbios traffic from logs'
1019. set firewall name iot-firewall rule 610 destination group port-group 'pg-netbios'
1020. set firewall name iot-firewall rule 610 log 'disable'
1021. set firewall name iot-firewall rule 610 protocol 'udp'
1022. set firewall name iot-guest default-action 'drop'
1023. set firewall name iot-guest enable-default-log
1024. set firewall name iot-guest rule 1 action 'accept'
1025. set firewall name iot-guest rule 1 state established 'enable'
1026. set firewall name iot-guest rule 1 state related 'enable'
1027. set firewall name iot-guest rule 2 action 'drop'
1028. set firewall name iot-guest rule 2 log 'enable'
1029. set firewall name iot-guest rule 2 state invalid 'enable'
1030. set firewall name iot-guest rule 207 action 'accept'
1031. set firewall name iot-guest rule 207 description 'Allow Google Cast Returns'
1032. set firewall name iot-guest rule 207 destination group network-group 'ng-guest'
1033. set firewall name iot-guest rule 207 log 'enable'
1034. set firewall name iot-guest rule 207 protocol 'tcp'
1035. set firewall name iot-guest rule 207 source group address-group 'ag-media_player'
1036. set firewall name iot-guest rule 207 source group port-group 'pg-google_cast'
1037. set firewall name iot-lan default-action 'drop'
1038. set firewall name iot-lan enable-default-log
1039. set firewall name iot-lan rule 1 action 'accept'
1040. set firewall name iot-lan rule 1 state established 'enable'
1041. set firewall name iot-lan rule 1 state related 'enable'
1042. set firewall name iot-lan rule 2 action 'drop'
1043. set firewall name iot-lan rule 2 log 'enable'
1044. set firewall name iot-lan rule 2 state invalid 'enable'
1045. set firewall name iot-lan rule 207 action 'accept'
1046. set firewall name iot-lan rule 207 description 'Allow Google Cast Returns'
1047. set firewall name iot-lan rule 207 destination group network-group 'ng-lan'
1048. set firewall name iot-lan rule 207 log 'enable'
1049. set firewall name iot-lan rule 207 protocol 'tcp'
1050. set firewall name iot-lan rule 207 source group address-group 'ag-media_player'
1051. set firewall name iot-lan rule 207 source group port-group 'pg-google_cast'
1052. set firewall name iot-wan default-action 'drop'
1053. set firewall name iot-wan enable-default-log
1054. set firewall name iot-wan rule 1 action 'accept'
1055. set firewall name iot-wan rule 1 state established 'enable'
1056. set firewall name iot-wan rule 1 state related 'enable'
1057. set firewall name iot-wan rule 2 action 'drop'
1058. set firewall name iot-wan rule 2 log 'enable'
1059. set firewall name iot-wan rule 2 state invalid 'enable'
1060. set firewall name iot-wan rule 100 action 'accept'
1061. set firewall name iot-wan rule 100 log 'enable'
1062. set firewall name iot-wan rule 100 protocol 'icmp'
1063. set firewall name iot-wan rule 200 action 'accept'
1064. set firewall name iot-wan rule 200 destination group port-group 'pg-web'
1065. set firewall name iot-wan rule 200 log 'enable'
1066. set firewall name iot-wan rule 200 protocol 'tcp'
1067. set firewall name iot-wan rule 203 action 'accept'
1068. set firewall name iot-wan rule 203 destination group port-group 'pg-google_quic'
1069. set firewall name iot-wan rule 203 log 'enable'
1070. set firewall name iot-wan rule 203 protocol 'udp'
1071. set firewall name iot-wan rule 204 action 'accept'
1072. set firewall name iot-wan rule 204 destination group port-group 'pg-google_fcm'
1073. set firewall name iot-wan rule 204 log 'enable'
1074. set firewall name iot-wan rule 204 protocol 'tcp_udp'
1075. set firewall name iot-wan rule 209 action 'accept'
1076. set firewall name iot-wan rule 209 destination group port-group 'pg-xmpp'
1077. set firewall name iot-wan rule 209 log 'enable'
1078. set firewall name iot-wan rule 209 protocol 'tcp'
1079. set firewall name iot-wan rule 370 action 'accept'
1080. set firewall name iot-wan rule 370 description 'Fronius solar'
1081. set firewall name iot-wan rule 370 destination group port-group 'pg-solar'
1082. set firewall name iot-wan rule 370 log 'enable'
1083. set firewall name iot-wan rule 370 protocol 'udp'
1084. set firewall name iot-wan rule 400 action 'accept'
1085. set firewall name iot-wan rule 400 destination group port-group 'pg-ntp'
1086. set firewall name iot-wan rule 400 log 'enable'
1087. set firewall name iot-wan rule 400 protocol 'udp'
1088. set firewall name lan-cam default-action 'drop'
1089. set firewall name lan-cam enable-default-log
1090. set firewall name lan-cam rule 1 action 'accept'
1091. set firewall name lan-cam rule 1 state established 'enable'
1092. set firewall name lan-cam rule 1 state related 'enable'
1093. set firewall name lan-cam rule 2 action 'drop'
1094. set firewall name lan-cam rule 2 log 'enable'
1095. set firewall name lan-cam rule 2 state invalid 'enable'
1096. set firewall name lan-cam rule 380 action 'accept'
1097. set firewall name lan-cam rule 380 destination group port-group 'pg-cam_rtsp'
1098. set firewall name lan-cam rule 380 log 'enable'
1099. set firewall name lan-cam rule 380 protocol 'tcp'
1100. set firewall name lan-cam rule 380 source group address-group 'mgmtfromlan'
1101. set firewall name lan-cam rule 381 action 'accept'
1102. set firewall name lan-cam rule 381 destination group port-group 'pg-cam_onvif'
1103. set firewall name lan-cam rule 381 log 'enable'
1104. set firewall name lan-cam rule 381 protocol 'tcp'
1105. set firewall name lan-cam rule 381 source group address-group 'mgmtfromlan'
1106. set firewall name lan-cam rule 900 action 'accept'
1107. set firewall name lan-cam rule 900 destination group port-group 'pg-ssh'
1108. set firewall name lan-cam rule 900 log 'enable'
1109. set firewall name lan-cam rule 900 protocol 'tcp'
1110. set firewall name lan-cam rule 900 source group address-group 'mgmtfromlan'
1111. set firewall name lan-dmz default-action 'drop'
1112. set firewall name lan-dmz enable-default-log
1113. set firewall name lan-dmz rule 1 action 'accept'
1114. set firewall name lan-dmz rule 1 state established 'enable'
1115. set firewall name lan-dmz rule 1 state related 'enable'
1116. set firewall name lan-dmz rule 2 action 'drop'
1117. set firewall name lan-dmz rule 2 log 'enable'
1118. set firewall name lan-dmz rule 2 state invalid 'enable'
1119. set firewall name lan-dmz rule 100 action 'accept'
1120. set firewall name lan-dmz rule 100 log 'enable'
1121. set firewall name lan-dmz rule 100 protocol 'icmp'
1122. set firewall name lan-dmz rule 200 action 'accept'
1123. set firewall name lan-dmz rule 200 destination group port-group 'pg-web'
1124. set firewall name lan-dmz rule 200 log 'enable'
1125. set firewall name lan-dmz rule 200 protocol 'tcp'
1126. set firewall name lan-dmz rule 200 source group address-group 'mgmtfromlan'
1127. set firewall name lan-dmz rule 300 action 'accept'
1128. set firewall name lan-dmz rule 300 destination group address-group 'ag-fileserver'
1129. set firewall name lan-dmz rule 300 destination group port-group 'pg-smb'
1130. set firewall name lan-dmz rule 300 log 'enable'
1131. set firewall name lan-dmz rule 300 protocol 'tcp'
1132. set firewall name lan-dmz rule 385 action 'accept'
1133. set firewall name lan-dmz rule 385 destination group address-group 'ag-blueiris'
1134. set firewall name lan-dmz rule 385 destination group port-group 'pg-blueiris'
1135. set firewall name lan-dmz rule 385 log 'enable'
1136. set firewall name lan-dmz rule 385 protocol 'tcp'
1137. set firewall name lan-dmz rule 400 action 'accept'
1138. set firewall name lan-dmz rule 400 destination group address-group 'ntpservers'
1139. set firewall name lan-dmz rule 400 destination group port-group 'pg-ntp'
1140. set firewall name lan-dmz rule 400 log 'enable'
1141. set firewall name lan-dmz rule 400 protocol 'udp'
1142. set firewall name lan-dmz rule 450 action 'accept'
1143. set firewall name lan-dmz rule 450 destination group address-group 'ag-dc'
1144. set firewall name lan-dmz rule 450 destination group port-group 'pg-domain'
1145. set firewall name lan-dmz rule 450 log 'enable'
1146. set firewall name lan-dmz rule 450 protocol 'tcp_udp'
1147. set firewall name lan-dmz rule 500 action 'accept'
1148. set firewall name lan-dmz rule 500 destination group address-group 'dnsforwarders'
1149. set firewall name lan-dmz rule 500 destination group port-group 'pg-dns'
1150. set firewall name lan-dmz rule 500 log 'enable'
1151. set firewall name lan-dmz rule 500 protocol 'tcp_udp'
1152. set firewall name lan-dmz rule 501 action 'accept'
1153. set firewall name lan-dmz rule 501 description 'Allow HTTP for Pi-hole'
1154. set firewall name lan-dmz rule 501 destination group address-group 'dns-piholes'
1155. set firewall name lan-dmz rule 501 destination group port-group 'pg-pihole'
1156. set firewall name lan-dmz rule 501 log 'enable'
1157. set firewall name lan-dmz rule 501 protocol 'tcp'
1158. set firewall name lan-dmz rule 505 action 'accept'
1159. set firewall name lan-dmz rule 505 description 'Allow admin interface for DNS blocking services'
1160. set firewall name lan-dmz rule 505 destination group address-group 'dns-piholes'
1161. set firewall name lan-dmz rule 505 destination group port-group 'pg-dnsblock_admin'
1162. set firewall name lan-dmz rule 505 log 'enable'
1163. set firewall name lan-dmz rule 505 protocol 'tcp'
1164. set firewall name lan-dmz rule 505 source group address-group 'mgmtfromlan'
1165. set firewall name lan-dmz rule 550 action 'accept'
1166. set firewall name lan-dmz rule 550 destination group address-group 'ag-bf_relay'
1167. set firewall name lan-dmz rule 550 destination group port-group 'pg-bf_server'
1168. set firewall name lan-dmz rule 550 log 'enable'
1169. set firewall name lan-dmz rule 550 protocol 'tcp'
1170. set firewall name lan-dmz rule 551 action 'accept'
1171. set firewall name lan-dmz rule 551 destination group address-group 'ag-bf_webreports'
1172. set firewall name lan-dmz rule 551 destination group port-group 'pg-bf_webreports'
1173. set firewall name lan-dmz rule 551 log 'enable'
1174. set firewall name lan-dmz rule 551 protocol 'tcp'
1175. set firewall name lan-dmz rule 551 source group address-group 'mgmtfromlan'
1176. set firewall name lan-dmz rule 560 action 'accept'
1177. set firewall name lan-dmz rule 560 destination group address-group 'ag-wsus'
1178. set firewall name lan-dmz rule 560 destination group port-group 'pg-wsus'
1179. set firewall name lan-dmz rule 560 log 'enable'
1180. set firewall name lan-dmz rule 560 protocol 'tcp'
1181. set firewall name lan-dmz rule 600 action 'accept'
1182. set firewall name lan-dmz rule 600 destination group address-group 'ag-dhcp-server'
1183. set firewall name lan-dmz rule 600 destination group port-group 'pg-dhcp'
1184. set firewall name lan-dmz rule 600 log 'enable'
1185. set firewall name lan-dmz rule 600 protocol 'udp'
1186. set firewall name lan-dmz rule 800 action 'accept'
1187. set firewall name lan-dmz rule 800 destination group port-group 'pg-rdp'
1188. set firewall name lan-dmz rule 800 log 'enable'
1189. set firewall name lan-dmz rule 800 protocol 'tcp_udp'
1190. set firewall name lan-dmz rule 800 source group address-group 'mgmtfromlan'
1191. set firewall name lan-dmz rule 900 action 'accept'
1192. set firewall name lan-dmz rule 900 destination group port-group 'pg-ssh'
1193. set firewall name lan-dmz rule 900 log 'enable'
1194. set firewall name lan-dmz rule 900 protocol 'tcp'
1195. set firewall name lan-dmz rule 900 source group address-group 'mgmtfromlan'
1196. set firewall name lan-dmz rule 950 action 'accept'
1197. set firewall name lan-dmz rule 950 destination group address-group 'ag-cert_web'
1198. set firewall name lan-dmz rule 950 destination group port-group 'pg-ocsp'
1199. set firewall name lan-dmz rule 950 log 'enable'
1200. set firewall name lan-dmz rule 950 protocol 'tcp'
1201. set firewall name lan-dmz rule 951 action 'accept'
1202. set firewall name lan-dmz rule 951 destination group address-group 'ag-cert_issuer'
1203. set firewall name lan-dmz rule 951 destination group port-group 'pg-cert_issuer'
1204. set firewall name lan-dmz rule 951 log 'enable'
1205. set firewall name lan-dmz rule 951 protocol 'tcp'
1206. set firewall name lan-dmz rule 960 action 'accept'
1207. set firewall name lan-dmz rule 960 destination group address-group 'ag-kms'
1208. set firewall name lan-dmz rule 960 destination group port-group 'pg-kms'
1209. set firewall name lan-dmz rule 960 log 'enable'
1210. set firewall name lan-dmz rule 960 protocol 'tcp'
1211. set firewall name lan-download default-action 'drop'
1212. set firewall name lan-download enable-default-log
1213. set firewall name lan-download rule 1 action 'accept'
1214. set firewall name lan-download rule 1 state established 'enable'
1215. set firewall name lan-download rule 1 state related 'enable'
1216. set firewall name lan-download rule 2 action 'drop'
1217. set firewall name lan-download rule 2 log 'enable'
1218. set firewall name lan-download rule 2 state invalid 'enable'
1219. set firewall name lan-download rule 100 action 'accept'
1220. set firewall name lan-download rule 100 log 'enable'
1221. set firewall name lan-download rule 100 protocol 'icmp'
1222. set firewall name lan-download rule 100 source group address-group 'mgmtfromlan'
1223. set firewall name lan-download rule 300 action 'accept'
1224. set firewall name lan-download rule 300 destination group port-group 'pg-smb'
1225. set firewall name lan-download rule 300 log 'enable'
1226. set firewall name lan-download rule 300 protocol 'tcp'
1227. set firewall name lan-download rule 300 source group address-group 'mgmtfromlan'
1228. set firewall name lan-download rule 800 action 'accept'
1229. set firewall name lan-download rule 800 destination group port-group 'pg-rdp'
1230. set firewall name lan-download rule 800 log 'enable'
1231. set firewall name lan-download rule 800 protocol 'tcp_udp'
1232. set firewall name lan-download rule 800 source group address-group 'mgmtfromlan'
1233. set firewall name lan-firewall default-action 'drop'
1234. set firewall name lan-firewall enable-default-log
1235. set firewall name lan-firewall rule 1 action 'accept'
1236. set firewall name lan-firewall rule 1 state established 'enable'
1237. set firewall name lan-firewall rule 1 state related 'enable'
1238. set firewall name lan-firewall rule 2 action 'drop'
1239. set firewall name lan-firewall rule 2 log 'enable'
1240. set firewall name lan-firewall rule 2 state invalid 'enable'
1241. set firewall name lan-firewall rule 10 action 'accept'
1242. set firewall name lan-firewall rule 10 destination group address-group 'ag-vrrp-lan'
1243. set firewall name lan-firewall rule 10 protocol 'vrrp'
1244. set firewall name lan-firewall rule 10 source group address-group 'ag-vrrp-lan'
1245. set firewall name lan-firewall rule 100 action 'accept'
1246. set firewall name lan-firewall rule 100 destination group address-group 'ag-fw-lan'
1247. set firewall name lan-firewall rule 100 log 'enable'
1248. set firewall name lan-firewall rule 100 protocol 'icmp'
1249. set firewall name lan-firewall rule 101 action 'accept'
1250. set firewall name lan-firewall rule 101 destination group address-group 'ag-vrrp-lan'
1251. set firewall name lan-firewall rule 101 log 'enable'
1252. set firewall name lan-firewall rule 101 protocol 'icmp'
1253. set firewall name lan-firewall rule 455 action 'accept'
1254. set firewall name lan-firewall rule 455 destination group port-group 'pg-iperf'
1255. set firewall name lan-firewall rule 455 log 'enable'
1256. set firewall name lan-firewall rule 455 protocol 'tcp_udp'
1257. set firewall name lan-firewall rule 600 action 'accept'
1258. set firewall name lan-firewall rule 600 destination group port-group 'pg-dhcp'
1259. set firewall name lan-firewall rule 600 log 'enable'
1260. set firewall name lan-firewall rule 600 protocol 'udp'
1261. set firewall name lan-firewall rule 602 action 'accept'
1262. set firewall name lan-firewall rule 602 destination group address-group 'ag-mdns'
1263. set firewall name lan-firewall rule 602 destination group port-group 'pg-mdns'
1264. set firewall name lan-firewall rule 602 protocol 'udp'
1265. set firewall name lan-firewall rule 605 action 'accept'
1266. set firewall name lan-firewall rule 605 description 'Allow media/TV discovery (Direct)'
1267. set firewall name lan-firewall rule 605 destination group address-group 'ag-bcast_lan'
1268. set firewall name lan-firewall rule 605 destination group port-group 'pg-tv_discover'
1269. set firewall name lan-firewall rule 605 log 'enable'
1270. set firewall name lan-firewall rule 605 protocol 'udp'
1271. set firewall name lan-firewall rule 606 action 'accept'
1272. set firewall name lan-firewall rule 606 description 'Allow media/TV discovery (Limited)'
1273. set firewall name lan-firewall rule 606 destination group address-group 'ag-bcast_limit'
1274. set firewall name lan-firewall rule 606 destination group port-group 'pg-tv_discover'
1275. set firewall name lan-firewall rule 606 log 'enable'
1276. set firewall name lan-firewall rule 606 protocol 'udp'
1277. set firewall name lan-firewall rule 610 action 'drop'
1278. set firewall name lan-firewall rule 610 description 'Drop Netbios traffic from logs'
1279. set firewall name lan-firewall rule 610 destination group port-group 'pg-netbios'
1280. set firewall name lan-firewall rule 610 log 'disable'
1281. set firewall name lan-firewall rule 610 protocol 'udp'
1282. set firewall name lan-firewall rule 900 action 'accept'
1283. set firewall name lan-firewall rule 900 destination group port-group 'pg-ssh'
1284. set firewall name lan-firewall rule 900 log 'enable'
1285. set firewall name lan-firewall rule 900 protocol 'tcp'
1286. set firewall name lan-firewall rule 900 source group address-group 'mgmtfromlan'
1287. set firewall name lan-guest default-action 'drop'
1288. set firewall name lan-guest enable-default-log
1289. set firewall name lan-guest rule 1 action 'accept'
1290. set firewall name lan-guest rule 1 state established 'enable'
1291. set firewall name lan-guest rule 1 state related 'enable'
1292. set firewall name lan-guest rule 2 action 'drop'
1293. set firewall name lan-guest rule 2 log 'enable'
1294. set firewall name lan-guest rule 2 state invalid 'enable'
1295. set firewall name lan-iot default-action 'drop'
1296. set firewall name lan-iot enable-default-log
1297. set firewall name lan-iot rule 1 action 'accept'
1298. set firewall name lan-iot rule 1 state established 'enable'
1299. set firewall name lan-iot rule 1 state related 'enable'
1300. set firewall name lan-iot rule 2 action 'drop'
1301. set firewall name lan-iot rule 2 log 'enable'
1302. set firewall name lan-iot rule 2 state invalid 'enable'
1303. set firewall name lan-iot rule 100 action 'accept'
1304. set firewall name lan-iot rule 100 log 'enable'
1305. set firewall name lan-iot rule 100 protocol 'icmp'
1306. set firewall name lan-iot rule 207 action 'accept'
1307. set firewall name lan-iot rule 207 destination group port-group 'pg-google_cast'
1308. set firewall name lan-iot rule 207 log 'enable'
1309. set firewall name lan-iot rule 207 protocol 'tcp'
1310. set firewall name lan-iot rule 208 action 'accept'
1311. set firewall name lan-iot rule 208 log 'enable'
1312. set firewall name lan-iot rule 208 protocol 'udp'
1313. set firewall name lan-iot rule 208 source group port-group 'pg-google_cast_pic'
1314. set firewall name lan-iot rule 300 action 'accept'
1315. set firewall name lan-iot rule 300 destination group address-group 'ag-media_player'
1316. set firewall name lan-iot rule 300 destination group port-group 'pg-smb'
1317. set firewall name lan-iot rule 300 log 'enable'
1318. set firewall name lan-iot rule 300 protocol 'tcp'
1319. set firewall name lan-iot rule 300 source group address-group 'mgmtfromlan'
1320. set firewall name lan-iot rule 555 action 'accept'
1321. set firewall name lan-iot rule 555 destination group address-group 'ag-tv_server'
1322. set firewall name lan-iot rule 555 destination group port-group 'pg-tvh_web'
1323. set firewall name lan-iot rule 555 log 'enable'
1324. set firewall name lan-iot rule 555 protocol 'tcp'
1325. set firewall name lan-iot rule 556 action 'accept'
1326. set firewall name lan-iot rule 556 destination group address-group 'ag-tv_server'
1327. set firewall name lan-iot rule 556 destination group port-group 'pg-tvh_htsp'
1328. set firewall name lan-iot rule 556 log 'enable'
1329. set firewall name lan-iot rule 556 protocol 'tcp'
1330. set firewall name lan-mgmt default-action 'drop'
1331. set firewall name lan-mgmt enable-default-log
1332. set firewall name lan-mgmt rule 1 action 'accept'
1333. set firewall name lan-mgmt rule 1 state established 'enable'
1334. set firewall name lan-mgmt rule 1 state related 'enable'
1335. set firewall name lan-mgmt rule 2 action 'drop'
1336. set firewall name lan-mgmt rule 2 log 'enable'
1337. set firewall name lan-mgmt rule 2 state invalid 'enable'
1338. set firewall name lan-mgmt rule 100 action 'accept'
1339. set firewall name lan-mgmt rule 100 log 'enable'
1340. set firewall name lan-mgmt rule 100 protocol 'icmp'
1341. set firewall name lan-mgmt rule 100 source group address-group 'mgmtfromlan'
1342. set firewall name lan-mgmt rule 200 action 'accept'
1343. set firewall name lan-mgmt rule 200 destination group port-group 'pg-web'
1344. set firewall name lan-mgmt rule 200 log 'enable'
1345. set firewall name lan-mgmt rule 200 protocol 'tcp'
1346. set firewall name lan-mgmt rule 200 source group address-group 'mgmtfromlan'
1347. set firewall name lan-mgmt rule 230 action 'accept'
1348. set firewall name lan-mgmt rule 230 destination group address-group 'ag-omada'
1349. set firewall name lan-mgmt rule 230 destination group port-group 'pg-omada'
1350. set firewall name lan-mgmt rule 230 log 'enable'
1351. set firewall name lan-mgmt rule 230 protocol 'tcp'
1352. set firewall name lan-mgmt rule 230 source group address-group 'mgmtfromlan'
1353. set firewall name lan-mgmt rule 450 action 'accept'
1354. set firewall name lan-mgmt rule 450 destination group address-group 'ag-dc'
1355. set firewall name lan-mgmt rule 450 destination group port-group 'pg-domain'
1356. set firewall name lan-mgmt rule 450 log 'enable'
1357. set firewall name lan-mgmt rule 450 protocol 'tcp_udp'
1358. set firewall name lan-mgmt rule 455 action 'accept'
1359. set firewall name lan-mgmt rule 455 destination group port-group 'pg-iperf'
1360. set firewall name lan-mgmt rule 455 log 'enable'
1361. set firewall name lan-mgmt rule 455 protocol 'tcp_udp'
1362. set firewall name lan-mgmt rule 456 action 'accept'
1363. set firewall name lan-mgmt rule 456 destination group address-group 'ag-vcenter'
1364. set firewall name lan-mgmt rule 456 destination group port-group 'pg-vcenter'
1365. set firewall name lan-mgmt rule 456 log 'enable'
1366. set firewall name lan-mgmt rule 456 protocol 'tcp'
1367. set firewall name lan-mgmt rule 456 source group address-group 'mgmtfromlan'
1368. set firewall name lan-mgmt rule 633 action 'accept'
1369. set firewall name lan-mgmt rule 633 destination group address-group 'ag-portainer'
1370. set firewall name lan-mgmt rule 633 destination group port-group 'pg-portainer'
1371. set firewall name lan-mgmt rule 633 log 'enable'
1372. set firewall name lan-mgmt rule 633 protocol 'tcp'
1373. set firewall name lan-mgmt rule 633 source group address-group 'mgmtfromlan'
1374. set firewall name lan-mgmt rule 800 action 'accept'
1375. set firewall name lan-mgmt rule 800 destination group port-group 'pg-rdp'
1376. set firewall name lan-mgmt rule 800 log 'enable'
1377. set firewall name lan-mgmt rule 800 protocol 'tcp_udp'
1378. set firewall name lan-mgmt rule 800 source group address-group 'mgmtfromlan'
1379. set firewall name lan-mgmt rule 900 action 'accept'
1380. set firewall name lan-mgmt rule 900 destination group port-group 'pg-ssh'
1381. set firewall name lan-mgmt rule 900 log 'enable'
1382. set firewall name lan-mgmt rule 900 protocol 'tcp'
1383. set firewall name lan-mgmt rule 900 source group address-group 'mgmtfromlan'
1384. set firewall name lan-public default-action 'drop'
1385. set firewall name lan-public enable-default-log
1386. set firewall name lan-public rule 1 action 'accept'
1387. set firewall name lan-public rule 1 state established 'enable'
1388. set firewall name lan-public rule 1 state related 'enable'
1389. set firewall name lan-public rule 2 action 'drop'
1390. set firewall name lan-public rule 2 log 'enable'
1391. set firewall name lan-public rule 2 state invalid 'enable'
1392. set firewall name lan-public rule 100 action 'accept'
1393. set firewall name lan-public rule 100 log 'enable'
1394. set firewall name lan-public rule 100 protocol 'icmp'
1395. set firewall name lan-public rule 100 source group address-group 'mgmtfromlan'
1396. set firewall name lan-public rule 223 action 'accept'
1397. set firewall name lan-public rule 223 destination group address-group 'ag-traccar_srv'
1398. set firewall name lan-public rule 223 destination group port-group 'pg-traccar_srv'
1399. set firewall name lan-public rule 223 log 'enable'
1400. set firewall name lan-public rule 223 protocol 'tcp'
1401. set firewall name lan-public rule 223 source group address-group 'mgmtfromlan'
1402. set firewall name lan-public rule 900 action 'accept'
1403. set firewall name lan-public rule 900 destination group port-group 'pg-ssh'
1404. set firewall name lan-public rule 900 log 'enable'
1405. set firewall name lan-public rule 900 protocol 'tcp'
1406. set firewall name lan-public rule 900 source group address-group 'mgmtfromlan'
1407. set firewall name lan-wan default-action 'drop'
1408. set firewall name lan-wan enable-default-log
1409. set firewall name lan-wan rule 1 action 'accept'
1410. set firewall name lan-wan rule 1 state established 'enable'
1411. set firewall name lan-wan rule 1 state related 'enable'
1412. set firewall name lan-wan rule 2 action 'drop'
1413. set firewall name lan-wan rule 2 log 'enable'
1414. set firewall name lan-wan rule 2 state invalid 'enable'
1415. set firewall name lan-wan rule 100 action 'accept'
1416. set firewall name lan-wan rule 100 log 'enable'
1417. set firewall name lan-wan rule 100 protocol 'icmp'
1418. set firewall name lan-wan rule 200 action 'accept'
1419. set firewall name lan-wan rule 200 destination group port-group 'pg-web'
1420. set firewall name lan-wan rule 200 log 'enable'
1421. set firewall name lan-wan rule 200 protocol 'tcp'
1422. set firewall name lan-wan rule 203 action 'accept'
1423. set firewall name lan-wan rule 203 destination group port-group 'pg-google_quic'
1424. set firewall name lan-wan rule 203 log 'enable'
1425. set firewall name lan-wan rule 203 protocol 'udp'
1426. set firewall name lan-wan rule 204 action 'accept'
1427. set firewall name lan-wan rule 204 destination group port-group 'pg-google_fcm'
1428. set firewall name lan-wan rule 204 log 'enable'
1429. set firewall name lan-wan rule 204 protocol 'tcp_udp'
1430. set firewall name lan-wan rule 205 action 'accept'
1431. set firewall name lan-wan rule 205 destination group port-group 'pg-speedtest'
1432. set firewall name lan-wan rule 205 log 'enable'
1433. set firewall name lan-wan rule 205 protocol 'tcp'
1434. set firewall name lan-wan rule 208 action 'accept'
1435. set firewall name lan-wan rule 208 destination group port-group 'pg-agps'
1436. set firewall name lan-wan rule 208 log 'enable'
1437. set firewall name lan-wan rule 208 protocol 'tcp'
1438. set firewall name lan-wan rule 209 action 'accept'
1439. set firewall name lan-wan rule 209 destination group port-group 'pg-xmpp'
1440. set firewall name lan-wan rule 209 log 'enable'
1441. set firewall name lan-wan rule 209 protocol 'tcp'
1442. set firewall name lan-wan rule 215 action 'accept'
1443. set firewall name lan-wan rule 215 destination group port-group 'pg-spotify'
1444. set firewall name lan-wan rule 215 log 'enable'
1445. set firewall name lan-wan rule 215 protocol 'tcp'
1446. set firewall name lan-wan rule 300 action 'accept'
1447. set firewall name lan-wan rule 300 destination group port-group 'pg-domain'
1448. set firewall name lan-wan rule 300 protocol 'tcp'
1449. set firewall name lan-wan rule 300 source group address-group 'mgmtfromlan'
1450. set firewall name lan-wan rule 301 action 'accept'
1451. set firewall name lan-wan rule 301 destination group port-group 'pg-domain_udp'
1452. set firewall name lan-wan rule 301 protocol 'udp'
1453. set firewall name lan-wan rule 301 source group address-group 'mgmtfromlan'
1454. set firewall name lan-wan rule 360 action 'accept'
1455. set firewall name lan-wan rule 360 destination group port-group 'pg-iptv'
1456. set firewall name lan-wan rule 360 log 'enable'
1457. set firewall name lan-wan rule 360 protocol 'tcp'
1458. set firewall name lan-wan rule 400 action 'accept'
1459. set firewall name lan-wan rule 400 destination group port-group 'pg-ntp'
1460. set firewall name lan-wan rule 400 log 'enable'
1461. set firewall name lan-wan rule 400 protocol 'udp'
1462. set firewall name lan-wan rule 500 action 'accept'
1463. set firewall name lan-wan rule 500 destination group port-group 'pg-dns'
1464. set firewall name lan-wan rule 500 log 'enable'
1465. set firewall name lan-wan rule 500 protocol 'tcp_udp'
1466. set firewall name lan-wan rule 620 action 'accept'
1467. set firewall name lan-wan rule 620 destination group port-group 'pg-crashplan'
1468. set firewall name lan-wan rule 620 log 'enable'
1469. set firewall name lan-wan rule 620 protocol 'tcp'
1470. set firewall name lan-wan rule 620 source group address-group 'mgmtfromlan'
1471. set firewall name lan-wan rule 630 action 'accept'
1472. set firewall name lan-wan rule 630 destination group port-group 'pg-whatsapp'
1473. set firewall name lan-wan rule 630 log 'enable'
1474. set firewall name lan-wan rule 630 protocol 'udp'
1475. set firewall name lan-wan rule 631 action 'accept'
1476. set firewall name lan-wan rule 631 destination group port-group 'pg-skype'
1477. set firewall name lan-wan rule 631 log 'enable'
1478. set firewall name lan-wan rule 631 protocol 'udp'
1479. set firewall name lan-wan rule 632 action 'accept'
1480. set firewall name lan-wan rule 632 destination group port-group 'pg-webex'
1481. set firewall name lan-wan rule 632 log 'enable'
1482. set firewall name lan-wan rule 632 protocol 'tcp_udp'
1483. set firewall name lan-wan rule 634 action 'accept'
1484. set firewall name lan-wan rule 634 destination group port-group 'pg-vpn_globalprotect'
1485. set firewall name lan-wan rule 634 log 'enable'
1486. set firewall name lan-wan rule 634 protocol 'udp'
1487. set firewall name lan-wan rule 635 action 'accept'
1488. set firewall name lan-wan rule 635 destination group port-group 'pg-person2work_genesys'
1489. set firewall name lan-wan rule 635 log 'enable'
1490. set firewall name lan-wan rule 635 protocol 'udp'
1491. set firewall name lan-wan rule 636 action 'accept'
1492. set firewall name lan-wan rule 636 destination group port-group 'pg-person2work_webrtc'
1493. set firewall name lan-wan rule 636 log 'enable'
1494. set firewall name lan-wan rule 636 protocol 'tcp_udp'
1495. set firewall name lan-wan rule 637 action 'accept'
1496. set firewall name lan-wan rule 637 destination group port-group 'pg-person1work_lotusnotes'
1497. set firewall name lan-wan rule 637 log 'enable'
1498. set firewall name lan-wan rule 637 protocol 'tcp'
1499. set firewall name lan-wan rule 700 action 'accept'
1500. set firewall name lan-wan rule 700 destination group port-group 'pg-ftp'
1501. set firewall name lan-wan rule 700 log 'enable'
1502. set firewall name lan-wan rule 700 protocol 'tcp'
1503. set firewall name mgmt-cam default-action 'drop'
1504. set firewall name mgmt-cam enable-default-log
1505. set firewall name mgmt-cam rule 1 action 'accept'
1506. set firewall name mgmt-cam rule 1 state established 'enable'
1507. set firewall name mgmt-cam rule 1 state related 'enable'
1508. set firewall name mgmt-cam rule 2 action 'drop'
1509. set firewall name mgmt-cam rule 2 log 'enable'
1510. set firewall name mgmt-cam rule 2 state invalid 'enable'
1511. set firewall name mgmt-dmz default-action 'drop'
1512. set firewall name mgmt-dmz enable-default-log
1513. set firewall name mgmt-dmz rule 1 action 'accept'
1514. set firewall name mgmt-dmz rule 1 state established 'enable'
1515. set firewall name mgmt-dmz rule 1 state related 'enable'
1516. set firewall name mgmt-dmz rule 2 action 'drop'
1517. set firewall name mgmt-dmz rule 2 log 'enable'
1518. set firewall name mgmt-dmz rule 2 state invalid 'enable'
1519. set firewall name mgmt-dmz rule 100 action 'accept'
1520. set firewall name mgmt-dmz rule 100 log 'enable'
1521. set firewall name mgmt-dmz rule 100 protocol 'icmp'
1522. set firewall name mgmt-dmz rule 300 action 'accept'
1523. set firewall name mgmt-dmz rule 300 destination group address-group 'ag-fileserver'
1524. set firewall name mgmt-dmz rule 300 destination group port-group 'pg-smb'
1525. set firewall name mgmt-dmz rule 300 log 'enable'
1526. set firewall name mgmt-dmz rule 300 protocol 'tcp'
1527. set firewall name mgmt-dmz rule 300 source group address-group 'ag-hypervisors'
1528. set firewall name mgmt-dmz rule 400 action 'accept'
1529. set firewall name mgmt-dmz rule 400 destination group address-group 'ntpservers'
1530. set firewall name mgmt-dmz rule 400 destination group port-group 'pg-ntp'
1531. set firewall name mgmt-dmz rule 400 log 'enable'
1532. set firewall name mgmt-dmz rule 400 protocol 'udp'
1533. set firewall name mgmt-dmz rule 450 action 'accept'
1534. set firewall name mgmt-dmz rule 450 destination group address-group 'ag-dc'
1535. set firewall name mgmt-dmz rule 450 destination group port-group 'pg-domain'
1536. set firewall name mgmt-dmz rule 450 log 'enable'
1537. set firewall name mgmt-dmz rule 450 protocol 'tcp_udp'
1538. set firewall name mgmt-dmz rule 500 action 'accept'
1539. set firewall name mgmt-dmz rule 500 destination group address-group 'dnsforwarders'
1540. set firewall name mgmt-dmz rule 500 destination group port-group 'pg-dns'
1541. set firewall name mgmt-dmz rule 500 log 'enable'
1542. set firewall name mgmt-dmz rule 500 protocol 'tcp_udp'
1543. set firewall name mgmt-dmz rule 950 action 'accept'
1544. set firewall name mgmt-dmz rule 950 destination group address-group 'ag-cert_web'
1545. set firewall name mgmt-dmz rule 950 destination group port-group 'pg-ocsp'
1546. set firewall name mgmt-dmz rule 950 log 'enable'
1547. set firewall name mgmt-dmz rule 950 protocol 'tcp'
1548. set firewall name mgmt-dmz rule 951 action 'accept'
1549. set firewall name mgmt-dmz rule 951 destination group address-group 'ag-cert_issuer'
1550. set firewall name mgmt-dmz rule 951 destination group port-group 'pg-cert_issuer'
1551. set firewall name mgmt-dmz rule 951 log 'enable'
1552. set firewall name mgmt-dmz rule 951 protocol 'tcp'
1553. set firewall name mgmt-dmz rule 952 action 'accept'
1554. set firewall name mgmt-dmz rule 952 description 'FOR SETTING UP MELLANOX SWITCHES - DELETE'
1555. set firewall name mgmt-dmz rule 952 destination group address-group 'ag-cert_web'
1556. set firewall name mgmt-dmz rule 952 destination group port-group 'pg-web'
1557. set firewall name mgmt-dmz rule 952 log 'enable'
1558. set firewall name mgmt-dmz rule 952 protocol 'tcp'
1559. set firewall name mgmt-download default-action 'drop'
1560. set firewall name mgmt-download enable-default-log
1561. set firewall name mgmt-download rule 1 action 'accept'
1562. set firewall name mgmt-download rule 1 state established 'enable'
1563. set firewall name mgmt-download rule 1 state related 'enable'
1564. set firewall name mgmt-download rule 2 action 'drop'
1565. set firewall name mgmt-download rule 2 log 'enable'
1566. set firewall name mgmt-download rule 2 state invalid 'enable'
1567. set firewall name mgmt-firewall default-action 'drop'
1568. set firewall name mgmt-firewall enable-default-log
1569. set firewall name mgmt-firewall rule 1 action 'accept'
1570. set firewall name mgmt-firewall rule 1 state established 'enable'
1571. set firewall name mgmt-firewall rule 1 state related 'enable'
1572. set firewall name mgmt-firewall rule 2 action 'drop'
1573. set firewall name mgmt-firewall rule 2 log 'enable'
1574. set firewall name mgmt-firewall rule 2 state invalid 'enable'
1575. set firewall name mgmt-firewall rule 10 action 'accept'
1576. set firewall name mgmt-firewall rule 10 destination group address-group 'ag-vrrp-mgmt'
1577. set firewall name mgmt-firewall rule 10 protocol 'vrrp'
1578. set firewall name mgmt-firewall rule 10 source group address-group 'ag-vrrp-mgmt'
1579. set firewall name mgmt-firewall rule 100 action 'accept'
1580. set firewall name mgmt-firewall rule 100 log 'enable'
1581. set firewall name mgmt-firewall rule 100 protocol 'icmp'
1582. set firewall name mgmt-firewall rule 231 action 'accept'
1583. set firewall name mgmt-firewall rule 231 description 'Allow UniFi Controller Adaption'
1584. set firewall name mgmt-firewall rule 231 destination group address-group 'ag-bcast_limit'
1585. set firewall name mgmt-firewall rule 231 destination group port-group 'pg-unifi_adapt'
1586. set firewall name mgmt-firewall rule 231 log 'enable'
1587. set firewall name mgmt-firewall rule 231 protocol 'udp'
1588. set firewall name mgmt-firewall rule 580 action 'accept'
1589. set firewall name mgmt-firewall rule 580 description 'Allow UPS discover'
1590. set firewall name mgmt-firewall rule 580 destination group address-group 'ag-bcast_limit'
1591. set firewall name mgmt-firewall rule 580 destination group port-group 'pg-ups_web'
1592. set firewall name mgmt-firewall rule 580 log 'enable'
1593. set firewall name mgmt-firewall rule 580 protocol 'udp'
1594. set firewall name mgmt-firewall rule 580 source group address-group 'ag-ups_mgmt'
1595. set firewall name mgmt-firewall rule 600 action 'accept'
1596. set firewall name mgmt-firewall rule 600 description 'Allow DHCP relay from WiFi AP'
1597. set firewall name mgmt-firewall rule 600 destination group address-group 'ag-bcast_limit'
1598. set firewall name mgmt-firewall rule 600 destination group port-group 'pg-dhcp'
1599. set firewall name mgmt-firewall rule 600 log 'enable'
1600. set firewall name mgmt-firewall rule 600 protocol 'udp'
1601. set firewall name mgmt-firewall rule 610 action 'drop'
1602. set firewall name mgmt-firewall rule 610 description 'Drop Netbios traffic from logs'
1603. set firewall name mgmt-firewall rule 610 destination group port-group 'pg-netbios'
1604. set firewall name mgmt-firewall rule 610 log 'disable'
1605. set firewall name mgmt-firewall rule 610 protocol 'udp'
1606. set firewall name mgmt-firewall rule 650 action 'accept'
1607. set firewall name mgmt-firewall rule 650 description 'Accept Conntrack Sync'
1608. set firewall name mgmt-firewall rule 650 destination group address-group 'ag-ct_sync'
1609. set firewall name mgmt-firewall rule 650 destination group port-group 'pg-ct_sync'
1610. set firewall name mgmt-firewall rule 650 protocol 'udp'
1611. set firewall name mgmt-firewall rule 650 source group address-group 'ag-vrrp-mgmt'
1612. set firewall name mgmt-firewall rule 900 action 'accept'
1613. set firewall name mgmt-firewall rule 900 destination group port-group 'pg-ssh'
1614. set firewall name mgmt-firewall rule 900 log 'enable'
1615. set firewall name mgmt-firewall rule 900 protocol 'tcp'
1616. set firewall name mgmt-guest default-action 'drop'
1617. set firewall name mgmt-guest enable-default-log
1618. set firewall name mgmt-guest rule 1 action 'accept'
1619. set firewall name mgmt-guest rule 1 state established 'enable'
1620. set firewall name mgmt-guest rule 1 state related 'enable'
1621. set firewall name mgmt-guest rule 2 action 'drop'
1622. set firewall name mgmt-guest rule 2 log 'enable'
1623. set firewall name mgmt-guest rule 2 state invalid 'enable'
1624. set firewall name mgmt-lan default-action 'drop'
1625. set firewall name mgmt-lan enable-default-log
1626. set firewall name mgmt-lan rule 1 action 'accept'
1627. set firewall name mgmt-lan rule 1 state established 'enable'
1628. set firewall name mgmt-lan rule 1 state related 'enable'
1629. set firewall name mgmt-lan rule 2 action 'drop'
1630. set firewall name mgmt-lan rule 2 log 'enable'
1631. set firewall name mgmt-lan rule 2 state invalid 'enable'
1632. set firewall name mgmt-lan rule 100 action 'accept'
1633. set firewall name mgmt-lan rule 100 log 'enable'
1634. set firewall name mgmt-lan rule 100 protocol 'icmp'
1635. set firewall name mgmt-public default-action 'drop'
1636. set firewall name mgmt-public enable-default-log
1637. set firewall name mgmt-public rule 1 action 'accept'
1638. set firewall name mgmt-public rule 1 state established 'enable'
1639. set firewall name mgmt-public rule 1 state related 'enable'
1640. set firewall name mgmt-public rule 2 action 'drop'
1641. set firewall name mgmt-public rule 2 log 'enable'
1642. set firewall name mgmt-public rule 2 state invalid 'enable'
1643. set firewall name mgmt-public rule 100 action 'accept'
1644. set firewall name mgmt-public rule 100 log 'enable'
1645. set firewall name mgmt-public rule 100 protocol 'icmp'
1646. set firewall name mgmt-public rule 224 action 'accept'
1647. set firewall name mgmt-public rule 224 destination group address-group 'ag-docker_pub'
1648. set firewall name mgmt-public rule 224 destination group port-group 'pg-portainer_agent'
1649. set firewall name mgmt-public rule 224 log 'enable'
1650. set firewall name mgmt-public rule 224 protocol 'tcp'
1651. set firewall name mgmt-public rule 224 source group address-group 'ag-dockerhosts'
1652. set firewall name mgmt-wan default-action 'drop'
1653. set firewall name mgmt-wan enable-default-log
1654. set firewall name mgmt-wan rule 1 action 'accept'
1655. set firewall name mgmt-wan rule 1 state established 'enable'
1656. set firewall name mgmt-wan rule 1 state related 'enable'
1657. set firewall name mgmt-wan rule 2 action 'drop'
1658. set firewall name mgmt-wan rule 2 log 'enable'
1659. set firewall name mgmt-wan rule 2 state invalid 'enable'
1660. set firewall name mgmt-wan rule 100 action 'accept'
1661. set firewall name mgmt-wan rule 100 log 'enable'
1662. set firewall name mgmt-wan rule 100 protocol 'icmp'
1663. set firewall name mgmt-wan rule 198 action 'accept'
1664. set firewall name mgmt-wan rule 198 destination group port-group 'pg-web'
1665. set firewall name mgmt-wan rule 198 log 'enable'
1666. set firewall name mgmt-wan rule 198 protocol 'tcp'
1667. set firewall name mgmt-wan rule 198 source group address-group 'ag-hypervisors'
1668. set firewall name mgmt-wan rule 199 action 'accept'
1669. set firewall name mgmt-wan rule 199 destination group port-group 'pg-web'
1670. set firewall name mgmt-wan rule 199 log 'enable'
1671. set firewall name mgmt-wan rule 199 protocol 'tcp'
1672. set firewall name mgmt-wan rule 199 source group address-group 'ag-dockerhosts'
1673. set firewall name mgmt-wan rule 200 action 'accept'
1674. set firewall name mgmt-wan rule 200 destination group port-group 'pg-web'
1675. set firewall name mgmt-wan rule 200 log 'enable'
1676. set firewall name mgmt-wan rule 200 protocol 'tcp'
1677. set firewall name mgmt-wan rule 200 source group address-group 'wifiaps'
1678. set firewall name mgmt-wan rule 787 action 'accept'
1679. set firewall name mgmt-wan rule 787 description 'TEST Allow HTTP/HTTPS'
1680. set firewall name mgmt-wan rule 787 destination group port-group 'pg-web'
1681. set firewall name mgmt-wan rule 787 log 'enable'
1682. set firewall name mgmt-wan rule 787 protocol 'tcp'
1683. set firewall name mgmt-wan rule 787 source group address-group 'ag-testWEB'
1684. set firewall name mgmt-wan rule 788 action 'accept'
1685. set firewall name mgmt-wan rule 788 description 'TEST Allow NTP'
1686. set firewall name mgmt-wan rule 788 destination group port-group 'pg-ntp'
1687. set firewall name mgmt-wan rule 788 log 'enable'
1688. set firewall name mgmt-wan rule 788 protocol 'udp'
1689. set firewall name mgmt-wan rule 788 source group address-group 'ag-testNTP'
1690. set firewall name mgmt-wan rule 789 action 'accept'
1691. set firewall name mgmt-wan rule 789 description 'TEST Allow DNS'
1692. set firewall name mgmt-wan rule 789 destination group port-group 'pg-dns'
1693. set firewall name mgmt-wan rule 789 log 'enable'
1694. set firewall name mgmt-wan rule 789 protocol 'tcp_udp'
1695. set firewall name mgmt-wan rule 789 source group address-group 'ag-testDNS_fw'
1696. set firewall name public-cam default-action 'drop'
1697. set firewall name public-cam enable-default-log
1698. set firewall name public-cam rule 1 action 'accept'
1699. set firewall name public-cam rule 1 state established 'enable'
1700. set firewall name public-cam rule 1 state related 'enable'
1701. set firewall name public-cam rule 2 action 'drop'
1702. set firewall name public-cam rule 2 log 'enable'
1703. set firewall name public-cam rule 2 state invalid 'enable'
1704. set firewall name public-dmz default-action 'drop'
1705. set firewall name public-dmz enable-default-log
1706. set firewall name public-dmz rule 1 action 'accept'
1707. set firewall name public-dmz rule 1 state established 'enable'
1708. set firewall name public-dmz rule 1 state related 'enable'
1709. set firewall name public-dmz rule 2 action 'drop'
1710. set firewall name public-dmz rule 2 log 'enable'
1711. set firewall name public-dmz rule 2 state invalid 'enable'
1712. set firewall name public-dmz rule 100 action 'accept'
1713. set firewall name public-dmz rule 100 log 'enable'
1714. set firewall name public-dmz rule 100 protocol 'icmp'
1715. set firewall name public-dmz rule 100 source group network-group 'vpnusers'
1716. set firewall name public-dmz rule 200 action 'accept'
1717. set firewall name public-dmz rule 200 destination group port-group 'pg-web'
1718. set firewall name public-dmz rule 200 log 'enable'
1719. set firewall name public-dmz rule 200 protocol 'tcp'
1720. set firewall name public-dmz rule 200 source group network-group 'vpnusers'
1721. set firewall name public-dmz rule 222 action 'accept'
1722. set firewall name public-dmz rule 222 destination group address-group 'ag-traccar_mysql'
1723. set firewall name public-dmz rule 222 destination group port-group 'pg-mysql'
1724. set firewall name public-dmz rule 222 log 'enable'
1725. set firewall name public-dmz rule 222 protocol 'tcp'
1726. set firewall name public-dmz rule 222 source group address-group 'ag-traccar_srv'
1727. set firewall name public-dmz rule 300 action 'accept'
1728. set firewall name public-dmz rule 300 destination group address-group 'ag-fileserver'
1729. set firewall name public-dmz rule 300 destination group port-group 'pg-smb'
1730. set firewall name public-dmz rule 300 log 'enable'
1731. set firewall name public-dmz rule 300 protocol 'tcp'
1732. set firewall name public-dmz rule 300 source group network-group 'vpnusers'
1733. set firewall name public-dmz rule 385 action 'accept'
1734. set firewall name public-dmz rule 385 destination group address-group 'ag-blueiris'
1735. set firewall name public-dmz rule 385 destination group port-group 'pg-blueiris'
1736. set firewall name public-dmz rule 385 log 'enable'
1737. set firewall name public-dmz rule 385 protocol 'tcp'
1738. set firewall name public-dmz rule 385 source group network-group 'vpnusers'
1739. set firewall name public-dmz rule 400 action 'accept'
1740. set firewall name public-dmz rule 400 destination group address-group 'ntpservers'
1741. set firewall name public-dmz rule 400 destination group port-group 'pg-ntp'
1742. set firewall name public-dmz rule 400 log 'enable'
1743. set firewall name public-dmz rule 400 protocol 'udp'
1744. set firewall name public-dmz rule 500 action 'accept'
1745. set firewall name public-dmz rule 500 destination group address-group 'dnsforwarders'
1746. set firewall name public-dmz rule 500 destination group port-group 'pg-dns'
1747. set firewall name public-dmz rule 500 log 'enable'
1748. set firewall name public-dmz rule 500 protocol 'tcp_udp'
1749. set firewall name public-dmz rule 501 action 'accept'
1750. set firewall name public-dmz rule 501 description 'Allow HTTP for pihole interface'
1751. set firewall name public-dmz rule 501 destination group address-group 'dns-piholes'
1752. set firewall name public-dmz rule 501 destination group port-group 'pg-pihole'
1753. set firewall name public-dmz rule 501 log 'enable'
1754. set firewall name public-dmz rule 501 protocol 'tcp'
1755. set firewall name public-dmz rule 505 action 'accept'
1756. set firewall name public-dmz rule 505 description 'Allow admin interface for DNS blocking services'
1757. set firewall name public-dmz rule 505 destination group address-group 'dns-piholes'
1758. set firewall name public-dmz rule 505 destination group port-group 'pg-dnsblock_admin'
1759. set firewall name public-dmz rule 505 log 'enable'
1760. set firewall name public-dmz rule 505 protocol 'tcp'
1761. set firewall name public-dmz rule 505 source group network-group 'vpnusers'
1762. set firewall name public-dmz rule 551 action 'accept'
1763. set firewall name public-dmz rule 551 destination group address-group 'ag-bf_webreports'
1764. set firewall name public-dmz rule 551 destination group port-group 'pg-bf_webreports'
1765. set firewall name public-dmz rule 551 log 'enable'
1766. set firewall name public-dmz rule 551 protocol 'tcp'
1767. set firewall name public-dmz rule 552 action 'accept'
1768. set firewall name public-dmz rule 552 destination group address-group 'ag-bf_server'
1769. set firewall name public-dmz rule 552 destination group port-group 'pg-bf_server'
1770. set firewall name public-dmz rule 552 log 'enable'
1771. set firewall name public-dmz rule 552 protocol 'tcp'
1772. set firewall name public-dmz rule 800 action 'accept'
1773. set firewall name public-dmz rule 800 destination group port-group 'pg-rdp'
1774. set firewall name public-dmz rule 800 log 'enable'
1775. set firewall name public-dmz rule 800 protocol 'tcp_udp'
1776. set firewall name public-dmz rule 800 source group network-group 'vpnusers'
1777. set firewall name public-dmz rule 950 action 'accept'
1778. set firewall name public-dmz rule 950 destination group address-group 'ag-cert_web'
1779. set firewall name public-dmz rule 950 destination group port-group 'pg-ocsp'
1780. set firewall name public-dmz rule 950 log 'enable'
1781. set firewall name public-dmz rule 950 protocol 'tcp'
1782. set firewall name public-dmz rule 950 source group network-group 'vpnusers'
1783. set firewall name public-download default-action 'drop'
1784. set firewall name public-download enable-default-log
1785. set firewall name public-download rule 1 action 'accept'
1786. set firewall name public-download rule 1 state established 'enable'
1787. set firewall name public-download rule 1 state related 'enable'
1788. set firewall name public-download rule 2 action 'drop'
1789. set firewall name public-download rule 2 log 'enable'
1790. set firewall name public-download rule 2 state invalid 'enable'
1791. set firewall name public-download rule 100 action 'accept'
1792. set firewall name public-download rule 100 log 'enable'
1793. set firewall name public-download rule 100 protocol 'icmp'
1794. set firewall name public-download rule 100 source group network-group 'vpnusers'
1795. set firewall name public-download rule 800 action 'accept'
1796. set firewall name public-download rule 800 destination group port-group 'pg-rdp'
1797. set firewall name public-download rule 800 log 'enable'
1798. set firewall name public-download rule 800 protocol 'tcp_udp'
1799. set firewall name public-download rule 800 source group network-group 'vpnusers'
1800. set firewall name public-download rule 900 action 'accept'
1801. set firewall name public-download rule 900 destination group port-group 'pg-ssh'
1802. set firewall name public-download rule 900 log 'enable'
1803. set firewall name public-download rule 900 protocol 'tcp'
1804. set firewall name public-download rule 900 source group network-group 'vpnusers'
1805. set firewall name public-firewall default-action 'drop'
1806. set firewall name public-firewall enable-default-log
1807. set firewall name public-firewall rule 1 action 'accept'
1808. set firewall name public-firewall rule 1 state established 'enable'
1809. set firewall name public-firewall rule 1 state related 'enable'
1810. set firewall name public-firewall rule 2 action 'drop'
1811. set firewall name public-firewall rule 2 log 'enable'
1812. set firewall name public-firewall rule 2 state invalid 'enable'
1813. set firewall name public-firewall rule 10 action 'accept'
1814. set firewall name public-firewall rule 10 destination group address-group 'ag-vrrp-public'
1815. set firewall name public-firewall rule 10 protocol 'vrrp'
1816. set firewall name public-firewall rule 10 source group address-group 'ag-vrrp-public'
1817. set firewall name public-firewall rule 900 action 'accept'
1818. set firewall name public-firewall rule 900 destination group port-group 'pg-ssh'
1819. set firewall name public-firewall rule 900 log 'enable'
1820. set firewall name public-firewall rule 900 protocol 'tcp'
1821. set firewall name public-firewall rule 900 source group network-group 'vpnusers'
1822. set firewall name public-guest default-action 'drop'
1823. set firewall name public-guest enable-default-log
1824. set firewall name public-guest rule 1 action 'accept'
1825. set firewall name public-guest rule 1 state established 'enable'
1826. set firewall name public-guest rule 1 state related 'enable'
1827. set firewall name public-guest rule 2 action 'drop'
1828. set firewall name public-guest rule 2 log 'enable'
1829. set firewall name public-guest rule 2 state invalid 'enable'
1830. set firewall name public-iot default-action 'drop'
1831. set firewall name public-iot rule 555 action 'accept'
1832. set firewall name public-iot rule 555 destination group address-group 'ag-tv_server'
1833. set firewall name public-iot rule 555 destination group port-group 'pg-tvh_web'
1834. set firewall name public-iot rule 555 log 'enable'
1835. set firewall name public-iot rule 555 protocol 'tcp'
1836. set firewall name public-iot rule 555 source group network-group 'vpnusers'
1837. set firewall name public-lan default-action 'drop'
1838. set firewall name public-lan enable-default-log
1839. set firewall name public-lan rule 1 action 'accept'
1840. set firewall name public-lan rule 1 state established 'enable'
1841. set firewall name public-lan rule 1 state related 'enable'
1842. set firewall name public-lan rule 2 action 'drop'
1843. set firewall name public-lan rule 2 log 'enable'
1844. set firewall name public-lan rule 2 state invalid 'enable'
1845. set firewall name public-lan rule 777 action 'accept'
1846. set firewall name public-lan rule 777 destination group address-group 'ag-printer'
1847. set firewall name public-lan rule 777 destination group port-group 'pg-printer_web'
1848. set firewall name public-lan rule 777 log 'enable'
1849. set firewall name public-lan rule 777 protocol 'tcp'
1850. set firewall name public-lan rule 777 source group network-group 'vpnusers'
1851. set firewall name public-lan rule 800 action 'accept'
1852. set firewall name public-lan rule 800 destination group address-group 'mgmtfromlan'
1853. set firewall name public-lan rule 800 destination group port-group 'pg-rdp'
1854. set firewall name public-lan rule 800 log 'enable'
1855. set firewall name public-lan rule 800 protocol 'tcp_udp'
1856. set firewall name public-lan rule 800 source group network-group 'vpnusers'
1857. set firewall name public-mgmt default-action 'drop'
1858. set firewall name public-mgmt enable-default-log
1859. set firewall name public-mgmt rule 1 action 'accept'
1860. set firewall name public-mgmt rule 1 state established 'enable'
1861. set firewall name public-mgmt rule 1 state related 'enable'
1862. set firewall name public-mgmt rule 2 action 'drop'
1863. set firewall name public-mgmt rule 2 log 'enable'
1864. set firewall name public-mgmt rule 2 state invalid 'enable'
1865. set firewall name public-mgmt rule 100 action 'accept'
1866. set firewall name public-mgmt rule 100 log 'enable'
1867. set firewall name public-mgmt rule 100 protocol 'icmp'
1868. set firewall name public-mgmt rule 100 source group network-group 'vpnusers'
1869. set firewall name public-mgmt rule 200 action 'accept'
1870. set firewall name public-mgmt rule 200 destination group port-group 'pg-web'
1871. set firewall name public-mgmt rule 200 log 'enable'
1872. set firewall name public-mgmt rule 200 protocol 'tcp'
1873. set firewall name public-mgmt rule 200 source group network-group 'vpnusers'
1874. set firewall name public-mgmt rule 230 action 'accept'
1875. set firewall name public-mgmt rule 230 destination group address-group 'ag-omada'
1876. set firewall name public-mgmt rule 230 destination group port-group 'pg-omada'
1877. set firewall name public-mgmt rule 230 log 'enable'
1878. set firewall name public-mgmt rule 230 protocol 'tcp'
1879. set firewall name public-mgmt rule 230 source group network-group 'vpnusers'
1880. set firewall name public-mgmt rule 400 action 'accept'
1881. set firewall name public-mgmt rule 400 destination group address-group 'ntpservers'
1882. set firewall name public-mgmt rule 400 destination group port-group 'pg-ntp'
1883. set firewall name public-mgmt rule 400 log 'enable'
1884. set firewall name public-mgmt rule 400 protocol 'udp'
1885. set firewall name public-mgmt rule 456 action 'accept'
1886. set firewall name public-mgmt rule 456 destination group address-group 'ag-vcenter'
1887. set firewall name public-mgmt rule 456 destination group port-group 'pg-vcenter'
1888. set firewall name public-mgmt rule 456 log 'enable'
1889. set firewall name public-mgmt rule 456 protocol 'tcp'
1890. set firewall name public-mgmt rule 456 source group network-group 'vpnusers'
1891. set firewall name public-mgmt rule 633 action 'accept'
1892. set firewall name public-mgmt rule 633 destination group address-group 'ag-portainer'
1893. set firewall name public-mgmt rule 633 destination group port-group 'pg-portainer'
1894. set firewall name public-mgmt rule 633 log 'enable'
1895. set firewall name public-mgmt rule 633 protocol 'tcp'
1896. set firewall name public-mgmt rule 633 source group network-group 'vpnusers'
1897. set firewall name public-mgmt rule 800 action 'accept'
1898. set firewall name public-mgmt rule 800 destination group port-group 'pg-rdp'
1899. set firewall name public-mgmt rule 800 log 'enable'
1900. set firewall name public-mgmt rule 800 protocol 'tcp_udp'
1901. set firewall name public-mgmt rule 800 source group network-group 'vpnusers'
1902. set firewall name public-mgmt rule 900 action 'accept'
1903. set firewall name public-mgmt rule 900 destination group port-group 'pg-ssh'
1904. set firewall name public-mgmt rule 900 log 'enable'
1905. set firewall name public-mgmt rule 900 protocol 'tcp'
1906. set firewall name public-mgmt rule 900 source group network-group 'vpnusers'
1907. set firewall name public-wan default-action 'drop'
1908. set firewall name public-wan enable-default-log
1909. set firewall name public-wan rule 1 action 'accept'
1910. set firewall name public-wan rule 1 state established 'enable'
1911. set firewall name public-wan rule 1 state related 'enable'
1912. set firewall name public-wan rule 2 action 'drop'
1913. set firewall name public-wan rule 2 log 'enable'
1914. set firewall name public-wan rule 2 state invalid 'enable'
1915. set firewall name public-wan rule 100 action 'accept'
1916. set firewall name public-wan rule 100 log 'enable'
1917. set firewall name public-wan rule 100 protocol 'icmp'
1918. set firewall name public-wan rule 200 action 'accept'
1919. set firewall name public-wan rule 200 destination group port-group 'pg-web'
1920. set firewall name public-wan rule 200 log 'enable'
1921. set firewall name public-wan rule 200 protocol 'tcp'
1922. set firewall name public-wan rule 200 source group address-group 'ag-vpn_servers'
1923. set firewall name public-wan rule 221 action 'accept'
1924. set firewall name public-wan rule 221 destination group port-group 'pg-web'
1925. set firewall name public-wan rule 221 log 'enable'
1926. set firewall name public-wan rule 221 protocol 'tcp'
1927. set firewall name public-wan rule 221 source group address-group 'ag-docker_pub'
1928. set firewall name public-wan rule 700 action 'accept'
1929. set firewall name public-wan rule 700 destination group port-group 'pg-ftp'
1930. set firewall name public-wan rule 700 log 'enable'
1931. set firewall name public-wan rule 700 protocol 'tcp'
1932. set firewall name public-wan rule 700 source group address-group 'ag-vpn_servers'
1933. set firewall name wan-cam default-action 'drop'
1934. set firewall name wan-cam enable-default-log
1935. set firewall name wan-cam rule 1 action 'accept'
1936. set firewall name wan-cam rule 1 state established 'enable'
1937. set firewall name wan-cam rule 1 state related 'enable'
1938. set firewall name wan-cam rule 2 action 'drop'
1939. set firewall name wan-cam rule 2 log 'enable'
1940. set firewall name wan-cam rule 2 state invalid 'enable'
1941. set firewall name wan-dmz default-action 'drop'
1942. set firewall name wan-dmz enable-default-log
1943. set firewall name wan-dmz rule 1 action 'accept'
1944. set firewall name wan-dmz rule 1 state established 'enable'
1945. set firewall name wan-dmz rule 1 state related 'enable'
1946. set firewall name wan-dmz rule 2 action 'drop'
1947. set firewall name wan-dmz rule 2 log 'enable'
1948. set firewall name wan-dmz rule 2 state invalid 'enable'
1949. set firewall name wan-download default-action 'drop'
1950. set firewall name wan-download enable-default-log
1951. set firewall name wan-download rule 1 action 'accept'
1952. set firewall name wan-download rule 1 state established 'enable'
1953. set firewall name wan-download rule 1 state related 'enable'
1954. set firewall name wan-download rule 2 action 'drop'
1955. set firewall name wan-download rule 2 log 'enable'
1956. set firewall name wan-download rule 2 state invalid 'enable'
1957. set firewall name wan-firewall default-action 'drop'
1958. set firewall name wan-firewall enable-default-log
1959. set firewall name wan-firewall rule 1 action 'accept'
1960. set firewall name wan-firewall rule 1 state established 'enable'
1961. set firewall name wan-firewall rule 1 state related 'enable'
1962. set firewall name wan-firewall rule 2 action 'drop'
1963. set firewall name wan-firewall rule 2 log 'enable'
1964. set firewall name wan-firewall rule 2 state invalid 'enable'
1965. set firewall name wan-firewall rule 600 action 'drop'
1966. set firewall name wan-firewall rule 600 description 'Disable ISP DHCP and dont log it'
1967. set firewall name wan-firewall rule 600 destination group address-group 'ag-bcast_limit'
1968. set firewall name wan-firewall rule 600 destination group port-group 'pg-dhcp'
1969. set firewall name wan-firewall rule 600 log 'disable'
1970. set firewall name wan-firewall rule 600 protocol 'udp'
1971. set firewall name wan-firewall rule 600 source group port-group 'pg-dhcp'
1972. set firewall name wan-guest default-action 'drop'
1973. set firewall name wan-guest enable-default-log
1974. set firewall name wan-guest rule 1 action 'accept'
1975. set firewall name wan-guest rule 1 state established 'enable'
1976. set firewall name wan-guest rule 1 state related 'enable'
1977. set firewall name wan-guest rule 2 action 'drop'
1978. set firewall name wan-guest rule 2 log 'enable'
1979. set firewall name wan-guest rule 2 state invalid 'enable'
1980. set firewall name wan-iot default-action 'drop'
1981. set firewall name wan-iot enable-default-log
1982. set firewall name wan-iot rule 1 action 'accept'
1983. set firewall name wan-iot rule 1 state established 'enable'
1984. set firewall name wan-iot rule 1 state related 'enable'
1985. set firewall name wan-iot rule 2 action 'drop'
1986. set firewall name wan-iot rule 2 log 'enable'
1987. set firewall name wan-iot rule 2 state invalid 'enable'
1988. set firewall name wan-lan default-action 'drop'
1989. set firewall name wan-lan enable-default-log
1990. set firewall name wan-lan rule 1 action 'accept'
1991. set firewall name wan-lan rule 1 state established 'enable'
1992. set firewall name wan-lan rule 1 state related 'enable'
1993. set firewall name wan-lan rule 2 action 'drop'
1994. set firewall name wan-lan rule 2 log 'enable'
1995. set firewall name wan-lan rule 2 state invalid 'enable'
1996. set firewall name wan-mgmt default-action 'drop'
1997. set firewall name wan-mgmt enable-default-log
1998. set firewall name wan-mgmt rule 1 action 'accept'
1999. set firewall name wan-mgmt rule 1 state established 'enable'
2000. set firewall name wan-mgmt rule 1 state related 'enable'
2001. set firewall name wan-mgmt rule 2 action 'drop'
2002. set firewall name wan-mgmt rule 2 log 'enable'
2003. set firewall name wan-mgmt rule 2 state invalid 'enable'
2004. set firewall name wan-public default-action 'drop'
2005. set firewall name wan-public enable-default-log
2006. set firewall name wan-public rule 1 action 'accept'
2007. set firewall name wan-public rule 1 state established 'enable'
2008. set firewall name wan-public rule 1 state related 'enable'
2009. set firewall name wan-public rule 2 action 'drop'
2010. set firewall name wan-public rule 2 log 'enable'
2011. set firewall name wan-public rule 2 state invalid 'enable'
2012. set firewall name wan-public rule 220 action 'accept'
2013. set firewall name wan-public rule 220 destination group address-group 'ag-vpn_pri'
2014. set firewall name wan-public rule 220 destination group port-group 'pg-vpn_pri'
2015. set firewall name wan-public rule 220 log 'enable'
2016. set firewall name wan-public rule 220 protocol 'tcp'
2017. set firewall name wan-public rule 221 action 'accept'
2018. set firewall name wan-public rule 221 destination group address-group 'ag-vpn_bck'
2019. set firewall name wan-public rule 221 destination group port-group 'pg-vpn_bck'
2020. set firewall name wan-public rule 221 log 'enable'
2021. set firewall name wan-public rule 221 protocol 'udp'
2022. set firewall receive-redirects 'disable'
2023. set firewall send-redirects 'enable'
2024. set firewall source-validation 'disable'
2025. set firewall syn-cookies 'enable'
2026. set firewall twa-hazards-protection 'disable'
2027. set high-availability vrrp group cam address 192.168.53.253/24
2028. set high-availability vrrp group cam advertise-interval '1'
2029. set high-availability vrrp group cam description 'Cam'
2030. set high-availability vrrp group cam interface 'eth0.53'
2031. set high-availability vrrp group cam preempt-delay '3'
2032. set high-availability vrrp group cam priority '254'
2033. set high-availability vrrp group cam rfc3768-compatibility
2034. set high-availability vrrp group cam vrid '53'
2035. set high-availability vrrp group dmz address 192.168.67.253/24
2036. set high-availability vrrp group dmz advertise-interval '1'
2037. set high-availability vrrp group dmz description 'DMZ'
2038. set high-availability vrrp group dmz interface 'eth0.67'
2039. set high-availability vrrp group dmz preempt-delay '3'
2040. set high-availability vrrp group dmz priority '254'
2041. set high-availability vrrp group dmz rfc3768-compatibility
2042. set high-availability vrrp group dmz vrid '67'
2043. set high-availability vrrp group download address 192.168.79.253/24
2044. set high-availability vrrp group download advertise-interval '1'
2045. set high-availability vrrp group download description 'Download'
2046. set high-availability vrrp group download interface 'eth0.79'
2047. set high-availability vrrp group download preempt-delay '3'
2048. set high-availability vrrp group download priority '254'
2049. set high-availability vrrp group download rfc3768-compatibility
2050. set high-availability vrrp group download vrid '79'
2051. set high-availability vrrp group guest address 192.168.131.253/24
2052. set high-availability vrrp group guest advertise-interval '1'
2053. set high-availability vrrp group guest description 'Guest'
2054. set high-availability vrrp group guest interface 'eth0.131'
2055. set high-availability vrrp group guest preempt-delay '3'
2056. set high-availability vrrp group guest priority '254'
2057. set high-availability vrrp group guest rfc3768-compatibility
2058. set high-availability vrrp group guest vrid '131'
2059. set high-availability vrrp group iot address 192.168.11.253/24
2060. set high-availability vrrp group iot advertise-interval '1'
2061. set high-availability vrrp group iot description 'IOT'
2062. set high-availability vrrp group iot interface 'eth0.11'
2063. set high-availability vrrp group iot preempt-delay '3'
2064. set high-availability vrrp group iot priority '254'
2065. set high-availability vrrp group iot rfc3768-compatibility
2066. set high-availability vrrp group iot vrid '11'
2067. set high-availability vrrp group lan address 192.168.13.253/24
2068. set high-availability vrrp group lan advertise-interval '1'
2069. set high-availability vrrp group lan description 'LAN'
2070. set high-availability vrrp group lan interface 'eth0.13'
2071. set high-availability vrrp group lan preempt-delay '3'
2072. set high-availability vrrp group lan priority '254'
2073. set high-availability vrrp group lan rfc3768-compatibility
2074. set high-availability vrrp group lan vrid '13'
2075. set high-availability vrrp group mgmt address 192.168.7.253/24
2076. set high-availability vrrp group mgmt advertise-interval '1'
2077. set high-availability vrrp group mgmt description 'Management'
2078. set high-availability vrrp group mgmt interface 'eth0.7'
2079. set high-availability vrrp group mgmt preempt-delay '3'
2080. set high-availability vrrp group mgmt priority '254'
2081. set high-availability vrrp group mgmt rfc3768-compatibility
2082. set high-availability vrrp group mgmt vrid '7'
2083. set high-availability vrrp group public address 192.168.17.253/24
2084. set high-availability vrrp group public advertise-interval '1'
2085. set high-availability vrrp group public description 'Public'
2086. set high-availability vrrp group public interface 'eth0.17'
2087. set high-availability vrrp group public preempt-delay '3'
2088. set high-availability vrrp group public priority '254'
2089. set high-availability vrrp group public rfc3768-compatibility
2090. set high-availability vrrp group public vrid '17'
2091. set high-availability vrrp sync-group sync member 'cam'
2092. set high-availability vrrp sync-group sync member 'guest'
2093. set high-availability vrrp sync-group sync member 'mgmt'
2094. set high-availability vrrp sync-group sync member 'lan'
2095. set high-availability vrrp sync-group sync member 'iot'
2096. set high-availability vrrp sync-group sync member 'public'
2097. set high-availability vrrp sync-group sync member 'dmz'
2098. set high-availability vrrp sync-group sync member 'download'
2099. set high-availability vrrp sync-group sync transition-script backup '/config/scripts/vrrp-trans-fail.sh backup'
2100. set high-availability vrrp sync-group sync transition-script fault '/config/scripts/vrrp-trans-fail.sh backup'
2101. set high-availability vrrp sync-group sync transition-script master '/config/scripts/vrrp-trans-master.sh master'
2102. set high-availability vrrp sync-group sync transition-script stop '/config/scripts/vrrp-trans-fail.sh backup'
2103. set interfaces ethernet eth0 duplex 'auto'
2104. set interfaces ethernet eth0 hw-id '00:50:56:9f:be:a5'
2105. set interfaces ethernet eth0 offload gro
2106. set interfaces ethernet eth0 offload gso
2107. set interfaces ethernet eth0 offload sg
2108. set interfaces ethernet eth0 offload tso
2109. set interfaces ethernet eth0 ring-buffer rx '4096'
2110. set interfaces ethernet eth0 ring-buffer tx '4096'
2111. set interfaces ethernet eth0 speed 'auto'
2112. set interfaces ethernet eth0 vif 7 address '192.168.7.252/24'
2113. set interfaces ethernet eth0 vif 7 description 'Management'
2114. set interfaces ethernet eth0 vif 11 address '192.168.11.252/24'
2115. set interfaces ethernet eth0 vif 11 description 'IOT'
2116. set interfaces ethernet eth0 vif 13 address '192.168.13.252/24'
2117. set interfaces ethernet eth0 vif 13 description 'LAN'
2118. set interfaces ethernet eth0 vif 17 address '192.168.17.252/24'
2119. set interfaces ethernet eth0 vif 17 description 'Public'
2120. set interfaces ethernet eth0 vif 53 address '192.168.53.252/24'
2121. set interfaces ethernet eth0 vif 53 description 'Cam'
2122. set interfaces ethernet eth0 vif 67 address '192.168.67.252/24'
2123. set interfaces ethernet eth0 vif 67 description 'DMZ'
2124. set interfaces ethernet eth0 vif 79 address '192.168.79.252/24'
2125. set interfaces ethernet eth0 vif 79 description 'Download'
2126. set interfaces ethernet eth0 vif 131 address '192.168.131.252/24'
2127. set interfaces ethernet eth0 vif 131 description 'Guest'
2128. set interfaces ethernet eth0 vif 167 address 'dhcp'
2129. set interfaces ethernet eth0 vif 167 description 'WAN'
2130. set interfaces ethernet eth0 vif 197 address 'dhcp'
2131. set interfaces ethernet eth0 vif 197 description 'WAN_BCK'
2132. set interfaces loopback lo
2133. set load-balancing wan enable-local-traffic
2134. set load-balancing wan flush-connections
2135. set load-balancing wan interface-health eth0.167 failure-count '3'
2136. set load-balancing wan interface-health eth0.167 nexthop 'dhcp'
2137. set load-balancing wan interface-health eth0.167 success-count '1'
2138. set load-balancing wan interface-health eth0.167 test 10 resp-time '5'
2139. set load-balancing wan interface-health eth0.167 test 10 target '1.0.0.1'
2140. set load-balancing wan interface-health eth0.167 test 10 ttl-limit '1'
2141. set load-balancing wan interface-health eth0.167 test 10 type 'ping'
2142. set load-balancing wan interface-health eth0.197 failure-count '3'
2143. set load-balancing wan interface-health eth0.197 nexthop 'dhcp'
2144. set load-balancing wan interface-health eth0.197 success-count '1'
2145. set load-balancing wan interface-health eth0.197 test 10 resp-time '5'
2146. set load-balancing wan interface-health eth0.197 test 10 target '1.1.1.1'
2147. set load-balancing wan interface-health eth0.197 test 10 ttl-limit '1'
2148. set load-balancing wan interface-health eth0.197 test 10 type 'ping'
2149. set load-balancing wan rule 5 destination address '192.168.0.0/16'
2150. set load-balancing wan rule 5 exclude
2151. set load-balancing wan rule 5 inbound-interface 'eth+'
2152. set load-balancing wan rule 5 protocol 'all'
2153. set load-balancing wan rule 6 destination address '172.16.0.0/12'
2154. set load-balancing wan rule 6 exclude
2155. set load-balancing wan rule 6 inbound-interface 'eth+'
2156. set load-balancing wan rule 6 protocol 'all'
2157. set load-balancing wan rule 7 destination address '10.0.0.0/8'
2158. set load-balancing wan rule 7 exclude
2159. set load-balancing wan rule 7 inbound-interface 'eth+'
2160. set load-balancing wan rule 7 protocol 'all'
2161. set load-balancing wan rule 10 failover
2162. set load-balancing wan rule 10 inbound-interface 'eth0.7v7'
2163. set load-balancing wan rule 10 interface eth0.167 weight '10'
2164. set load-balancing wan rule 10 interface eth0.197 weight '1'
2165. set load-balancing wan rule 10 protocol 'all'
2166. set load-balancing wan rule 20 failover
2167. set load-balancing wan rule 20 inbound-interface 'eth0.11v11'
2168. set load-balancing wan rule 20 interface eth0.167 weight '10'
2169. set load-balancing wan rule 20 interface eth0.197 weight '1'
2170. set load-balancing wan rule 20 protocol 'all'
2171. set load-balancing wan rule 30 failover
2172. set load-balancing wan rule 30 inbound-interface 'eth0.13v13'
2173. set load-balancing wan rule 30 interface eth0.167 weight '10'
2174. set load-balancing wan rule 30 interface eth0.197 weight '1'
2175. set load-balancing wan rule 30 protocol 'all'
2176. set load-balancing wan rule 40 failover
2177. set load-balancing wan rule 40 inbound-interface 'eth0.17v17'
2178. set load-balancing wan rule 40 interface eth0.167 weight '10'
2179. set load-balancing wan rule 40 interface eth0.197 weight '1'
2180. set load-balancing wan rule 40 protocol 'all'
2181. set load-balancing wan rule 50 failover
2182. set load-balancing wan rule 50 inbound-interface 'eth0.67v67'
2183. set load-balancing wan rule 50 interface eth0.167 weight '10'
2184. set load-balancing wan rule 50 interface eth0.197 weight '1'
2185. set load-balancing wan rule 50 protocol 'all'
2186. set load-balancing wan rule 70 failover
2187. set load-balancing wan rule 70 inbound-interface 'eth0.131v131'
2188. set load-balancing wan rule 70 interface eth0.167 weight '10'
2189. set load-balancing wan rule 70 interface eth0.197 weight '1'
2190. set load-balancing wan rule 70 protocol 'all'
2191. set load-balancing wan sticky-connections inbound
2192. set nat destination rule 200 description 'Redirect port for primary VPN server'
2193. set nat destination rule 200 destination port '443'
2194. set nat destination rule 200 inbound-interface 'eth0.167'
2195. set nat destination rule 200 log
2196. set nat destination rule 200 protocol 'tcp'
2197. set nat destination rule 200 translation address '192.168.17.100'
2198. set nat destination rule 200 translation port '443'
2199. set nat destination rule 201 description 'Redirect port for backup VPN server'
2200. set nat destination rule 201 destination port '443'
2201. set nat destination rule 201 inbound-interface 'eth0.167'
2202. set nat destination rule 201 log
2203. set nat destination rule 201 protocol 'udp'
2204. set nat destination rule 201 translation address '192.168.17.100'
2205. set nat destination rule 201 translation port '443'
2206. set nat destination rule 399 description 'Redirect DNS iot VLAN'
2207. set nat destination rule 399 destination address '!192.168.67.243-192.168.67.244'
2208. set nat destination rule 399 destination port '53'
2209. set nat destination rule 399 inbound-interface 'eth0.11v11'
2210. set nat destination rule 399 log
2211. set nat destination rule 399 protocol 'tcp_udp'
2212. set nat destination rule 399 translation address '192.168.67.243'
2213. set nat destination rule 399 translation port '53'
2214. set nat source rule 5010 description 'Masquerade for WAN'
2215. set nat source rule 5010 outbound-interface 'eth0.167'
2216. set nat source rule 5010 translation address 'masquerade'
2217. set nat source rule 5020 description 'Masquerade for WAN_BCK'
2218. set nat source rule 5020 outbound-interface 'eth0.197'
2219. set nat source rule 5020 translation address 'masquerade'
2220. set protocols static route 0.0.0.0/0 dhcp-interface 'eth0.167'
2221. set protocols static route 10.168.17.0/24 next-hop 192.168.17.100
2222. set protocols static route 10.168.19.0/24 next-hop 192.168.17.100
2223. set protocols static route 192.168.0.0/16 blackhole distance '254'
2224. set protocols static route 192.168.100.0/24 interface eth0.167
2225. set protocols static route 192.168.197.0/24 interface eth0.197
2226. set service conntrack-sync disable-external-cache
2227. set service conntrack-sync event-listen-queue-size '16'
2228. set service conntrack-sync failover-mechanism vrrp sync-group 'sync'
2229. set service conntrack-sync interface eth0.7
2230. set service conntrack-sync listen-address '192.168.7.252'
2231. set service conntrack-sync mcast-group '224.0.0.50'
2232. set service conntrack-sync sync-queue-size '16'
2233. set service dhcp-relay interface 'eth0.67'
2234. set service dhcp-relay interface 'eth0.11'
2235. set service dhcp-relay interface 'eth0.13'
2236. set service dhcp-relay interface 'eth0.131'
2237. set service dhcp-relay relay-options relay-agents-packets 'discard'
2238. set service dhcp-relay server '192.168.67.241'
2239. set service dhcp-relay server '192.168.67.242'
2240. set service dns dynamic interface eth0.167 service namecheap host-name 'is'
2241. set service dns dynamic interface eth0.167 service namecheap login 'flawed.network'
2242. set service dns dynamic interface eth0.167 service namecheap password 'takeaguess...'
2243. set service dns dynamic interface eth0.167 service namecheap protocol 'namecheap'
2244. set service dns dynamic interface eth0.167 service namecheap server 'dynamicdns.park-your-domain.com'
2245. set service mdns repeater interface 'eth0.11v11'
2246. set service mdns repeater interface 'eth0.13v13'
2247. set service mdns repeater interface 'eth0.131v131'
2248. set service ssh listen-address '192.168.7.252'
2249. set service ssh port '22'
2250. set system config-management commit-revisions '1000'
2251. set system conntrack expect-table-size '2048'
2252. set system conntrack hash-size '32768'
2253. set system conntrack modules ftp
2254. set system conntrack modules h323
2255. set system conntrack table-size '3145728'
2256. set system domain-name 'on.flawed.network'
2257. set system host-name 'vyos007'
2258. set system login user person1 authentication encrypted-password 'takeaguess...'
2259. set system name-server '192.168.67.241'
2260. set system name-server '192.168.67.242'
2261. set system ntp listen-address '192.168.67.252'
2262. set system ntp server 192.168.67.241
2263. set system ntp server 192.168.67.242
2264. set system sysctl parameter net.netfilter.nf_conntrack_buckets value '1572864'
2265. set system syslog global facility all level 'info'
2266. set system syslog global facility protocols level 'debug'
2267. set system time-zone 'Australia/Melbourne'
2268. set zone-policy zone cam default-action 'drop'
2269. set zone-policy zone cam from dmz firewall name 'dmz-cam'
2270. set zone-policy zone cam from download firewall name 'download-cam'
2271. set zone-policy zone cam from firewall firewall name 'firewall-cam'
2272. set zone-policy zone cam from guest firewall name 'guest-cam'
2273. set zone-policy zone cam from lan firewall name 'lan-cam'
2274. set zone-policy zone cam from mgmt firewall name 'mgmt-cam'
2275. set zone-policy zone cam from public firewall name 'public-cam'
2276. set zone-policy zone cam from wan firewall name 'wan-cam'
2277. set zone-policy zone cam interface 'eth0.53v53'
2278. set zone-policy zone cam interface 'eth0.53'
2279. set zone-policy zone dmz default-action 'drop'
2280. set zone-policy zone dmz from cam firewall name 'cam-dmz'
2281. set zone-policy zone dmz from download firewall name 'download-dmz'
2282. set zone-policy zone dmz from firewall firewall name 'firewall-dmz'
2283. set zone-policy zone dmz from guest firewall name 'guest-dmz'
2284. set zone-policy zone dmz from iot firewall name 'iot-dmz'
2285. set zone-policy zone dmz from lan firewall name 'lan-dmz'
2286. set zone-policy zone dmz from mgmt firewall name 'mgmt-dmz'
2287. set zone-policy zone dmz from public firewall name 'public-dmz'
2288. set zone-policy zone dmz from wan firewall name 'wan-dmz'
2289. set zone-policy zone dmz interface 'eth0.67'
2290. set zone-policy zone dmz interface 'eth0.67v67'
2291. set zone-policy zone download default-action 'drop'
2292. set zone-policy zone download from cam firewall name 'cam-download'
2293. set zone-policy zone download from dmz firewall name 'dmz-download'
2294. set zone-policy zone download from firewall firewall name 'firewall-download'
2295. set zone-policy zone download from guest firewall name 'guest-download'
2296. set zone-policy zone download from lan firewall name 'lan-download'
2297. set zone-policy zone download from mgmt firewall name 'mgmt-download'
2298. set zone-policy zone download from public firewall name 'public-download'
2299. set zone-policy zone download from wan firewall name 'wan-download'
2300. set zone-policy zone download interface 'eth0.79'
2301. set zone-policy zone download interface 'eth0.79v79'
2302. set zone-policy zone firewall default-action 'drop'
2303. set zone-policy zone firewall from cam firewall name 'cam-firewall'
2304. set zone-policy zone firewall from dmz firewall name 'dmz-firewall'
2305. set zone-policy zone firewall from download firewall name 'download-firewall'
2306. set zone-policy zone firewall from guest firewall name 'guest-firewall'
2307. set zone-policy zone firewall from iot firewall name 'iot-firewall'
2308. set zone-policy zone firewall from lan firewall name 'lan-firewall'
2309. set zone-policy zone firewall from mgmt firewall name 'mgmt-firewall'
2310. set zone-policy zone firewall from public firewall name 'public-firewall'
2311. set zone-policy zone firewall from wan firewall name 'wan-firewall'
2312. set zone-policy zone firewall local-zone
2313. set zone-policy zone guest default-action 'drop'
2314. set zone-policy zone guest from cam firewall name 'cam-guest'
2315. set zone-policy zone guest from dmz firewall name 'dmz-guest'
2316. set zone-policy zone guest from download firewall name 'download-guest'
2317. set zone-policy zone guest from firewall firewall name 'firewall-guest'
2318. set zone-policy zone guest from iot firewall name 'iot-guest'
2319. set zone-policy zone guest from lan firewall name 'lan-guest'
2320. set zone-policy zone guest from mgmt firewall name 'mgmt-guest'
2321. set zone-policy zone guest from public firewall name 'public-guest'
2322. set zone-policy zone guest from wan firewall name 'wan-guest'
2323. set zone-policy zone guest interface 'eth0.131'
2324. set zone-policy zone guest interface 'eth0.131v131'
2325. set zone-policy zone iot default-action 'drop'
2326. set zone-policy zone iot from dmz firewall name 'dmz-iot'
2327. set zone-policy zone iot from firewall firewall name 'firewall-iot'
2328. set zone-policy zone iot from guest firewall name 'guest-iot'
2329. set zone-policy zone iot from lan firewall name 'lan-iot'
2330. set zone-policy zone iot from wan firewall name 'wan-iot'
2331. set zone-policy zone iot interface 'eth0.11'
2332. set zone-policy zone iot interface 'eth0.11v11'
2333. set zone-policy zone lan default-action 'drop'
2334. set zone-policy zone lan from cam firewall name 'cam-lan'
2335. set zone-policy zone lan from dmz firewall name 'dmz-lan'
2336. set zone-policy zone lan from download firewall name 'download-lan'
2337. set zone-policy zone lan from firewall firewall name 'firewall-lan'
2338. set zone-policy zone lan from guest firewall name 'guest-lan'
2339. set zone-policy zone lan from iot firewall name 'iot-lan'
2340. set zone-policy zone lan from mgmt firewall name 'mgmt-lan'
2341. set zone-policy zone lan from public firewall name 'public-lan'
2342. set zone-policy zone lan from wan firewall name 'wan-lan'
2343. set zone-policy zone lan interface 'eth0.13'
2344. set zone-policy zone lan interface 'eth0.13v13'
2345. set zone-policy zone mgmt default-action 'drop'
2346. set zone-policy zone mgmt from cam firewall name 'cam-mgmt'
2347. set zone-policy zone mgmt from dmz firewall name 'dmz-mgmt'
2348. set zone-policy zone mgmt from download firewall name 'download-mgmt'
2349. set zone-policy zone mgmt from firewall firewall name 'firewall-mgmt'
2350. set zone-policy zone mgmt from guest firewall name 'guest-mgmt'
2351. set zone-policy zone mgmt from lan firewall name 'lan-mgmt'
2352. set zone-policy zone mgmt from public firewall name 'public-mgmt'
2353. set zone-policy zone mgmt from wan firewall name 'wan-mgmt'
2354. set zone-policy zone mgmt interface 'eth0.7'
2355. set zone-policy zone mgmt interface 'eth0.7v7'
2356. set zone-policy zone public default-action 'drop'
2357. set zone-policy zone public from cam firewall name 'cam-public'
2358. set zone-policy zone public from dmz firewall name 'dmz-public'
2359. set zone-policy zone public from download firewall name 'download-public'
2360. set zone-policy zone public from firewall firewall name 'firewall-public'
2361. set zone-policy zone public from guest firewall name 'guest-public'
2362. set zone-policy zone public from lan firewall name 'lan-public'
2363. set zone-policy zone public from mgmt firewall name 'mgmt-public'
2364. set zone-policy zone public from wan firewall name 'wan-public'
2365. set zone-policy zone public interface 'eth0.17'
2366. set zone-policy zone public interface 'eth0.17v17'
2367. set zone-policy zone wan default-action 'drop'
2368. set zone-policy zone wan from cam firewall name 'cam-wan'
2369. set zone-policy zone wan from dmz firewall name 'dmz-wan'
2370. set zone-policy zone wan from download firewall name 'download-wan'
2371. set zone-policy zone wan from firewall firewall name 'firewall-wan'
2372. set zone-policy zone wan from guest firewall name 'guest-wan'
2373. set zone-policy zone wan from iot firewall name 'iot-wan'
2374. set zone-policy zone wan from lan firewall name 'lan-wan'
2375. set zone-policy zone wan from mgmt firewall name 'mgmt-wan'
2376. set zone-policy zone wan from public firewall name 'public-wan'
2377. set zone-policy zone wan interface 'eth0.167'
2378. set zone-policy zone wan interface 'eth0.197'