Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- global-options {
- state-policy {
- established {
- action "accept"
- }
- invalid {
- action "drop"
- }
- related {
- action "accept"
- }
- }
- }
- group {
- interface-group IOT {
- interface "eth2"
- }
- interface-group LAN {
- interface "eth1"
- }
- interface-group WAN {
- interface "eth0"
- }
- network-group NET-INSIDE-v4 {
- network "192.168.10.0/24"
- network "192.168.11.0/24"
- }
- }
- ipv4 {
- forward {
- filter {
- rule 100 {
- action "jump"
- destination {
- group {
- network-group "NET-INSIDE-v4"
- }
- }
- inbound-interface {
- group "WAN"
- }
- jump-target "OUTSIDE-IN"
- }
- rule 500 {
- action "reject"
- inbound-interface {
- group "LAN"
- }
- outbound-interface {
- group "IOT"
- }
- }
- }
- }
- input {
- filter {
- default-action "drop"
- rule 20 {
- action "jump"
- destination {
- port "22"
- }
- jump-target "VyOS_MANAGEMENT"
- protocol "tcp"
- }
- rule 30 {
- action "accept"
- icmp {
- type-name "echo-request"
- }
- protocol "icmp"
- state "new"
- }
- rule 40 {
- action "accept"
- destination {
- port "53"
- }
- protocol "tcp_udp"
- source {
- group {
- network-group "NET-INSIDE-v4"
- }
- }
- }
- rule 50 {
- action "accept"
- source {
- address "127.0.0.0/8"
- }
- }
- }
- }
- name OUTSIDE-IN {
- default-action "drop"
- }
- name VyOS_MANAGEMENT {
- default-action "return"
- rule 15 {
- action "accept"
- inbound-interface {
- group "LAN"
- }
- }
- rule 20 {
- action "drop"
- inbound-interface {
- group "WAN"
- }
- recent {
- count "4"
- time "minute"
- }
- state "new"
- }
- rule 21 {
- action "accept"
- inbound-interface {
- group "WAN"
- }
- state "new"
- }
- }
- }
- }
- interfaces {
- ethernet eth0 {
- address "192.168.1.2/24"
- hw-id "52:54:00:9f:c6:cd"
- }
- ethernet eth1 {
- address "192.168.10.1/24"
- description "lan"
- hw-id "52:54:00:e9:60:fd"
- }
- ethernet eth2 {
- address "192.168.11.1/24"
- description "IOT"
- hw-id "52:54:00:8b:e9:1d"
- }
- loopback lo {
- }
- }
- nat {
- source {
- rule 100 {
- outbound-interface {
- name "eth0"
- }
- source {
- address "192.168.10.0/24"
- }
- translation {
- address "masquerade"
- }
- }
- rule 101 {
- outbound-interface {
- name "eth0"
- }
- source {
- address "192.168.11.0/24"
- }
- translation {
- address "masquerade"
- }
- }
- }
- }
- protocols {
- static {
- route 0.0.0.0/0 {
- next-hop 192.168.1.1 {
- }
- }
- }
- }
- service {
- dhcp-server {
- shared-network-name IOT {
- subnet 192.168.11.0/24 {
- lease "86400"
- option {
- default-router "192.168.11.1"
- name-server "192.168.11.1"
- }
- range 0 {
- start "192.168.11.20"
- stop "192.168.11.200"
- }
- subnet-id "11"
- }
- }
- shared-network-name LAN {
- subnet 192.168.10.0/24 {
- option {
- default-router "192.168.10.1"
- name-server "192.168.10.1"
- }
- range 0 {
- start "192.168.10.20"
- stop "192.168.10.200"
- }
- subnet-id "1"
- }
- }
- }
- dns {
- forwarding {
- allow-from "192.168.10.0/24"
- allow-from "192.168.11.0/24"
- cache-size "0"
- listen-address "192.168.10.1"
- listen-address "192.168.11.1"
- name-server 1.0.0.1 {
- }
- name-server 1.1.1.1 {
- }
- name-server 8.8.4.4 {
- }
- name-server 8.8.8.8 {
- }
- }
- }
- ntp {
- allow-client {
- address "127.0.0.0/8"
- address "169.254.0.0/16"
- address "10.0.0.0/8"
- address "172.16.0.0/12"
- address "192.168.0.0/16"
- address "::1/128"
- address "fe80::/10"
- address "fc00::/7"
- }
- server time1.vyos.net {
- }
- server time2.vyos.net {
- }
- server time3.vyos.net {
- }
- }
- ssh {
- port "22"
- }
- }
- system {
- config-management {
- commit-revisions "100"
- }
- conntrack {
- modules {
- ftp
- h323
- nfs
- pptp
- sip
- sqlnet
- tftp
- }
- }
- console {
- device ttyS0 {
- speed "115200"
- }
- }
- host-name "vyos"
- login {
- user vyos {
- authentication {
- encrypted-password
- plaintext-password ""
- }
- }
- }
- name-server "192.168.10.1"
- syslog {
- global {
- facility all {
- level "info"
- }
- facility local7 {
- level "debug"
- }
- }
- }
- }
- // Warning: Do not remove the following line.
- // vyos-config-version: "bgp@5:broadcast-relay@1:cluster@2:config-management@1:conntrack@5:conntrack-sync@2:container@2:dhcp-relay@2:dhcp-server@11:dhcpv6-server@5:dns-dynamic@4:dns-forwarding@4:firewall@15:flow-accounting@1:https@6:ids@1:interfaces@32:ipoe-server@3:ipsec@13:isis@3:l2tp@9:lldp@2:mdns@1:monitoring@1:nat@7:nat66@3:ntp@3:openconnect@2:openvpn@1:ospf@2:pim@1:policy@8:pppoe-server@9:pptp@5:qos@2:quagga@11:rip@1:rpki@2:salt@1:snmp@3:ssh@2:sstp@6:system@27:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
- // Release version: 1.5-rolling-202404280021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement