Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- group {
- address-group Block-going-out {
- address 192.168.10.67
- description "Blocks devices from accessing internet"
- }
- }
- ipv6-name HE-To-LAN {
- default-action drop
- }
- ipv6-name HE-to-LAN {
- default-action drop
- description "HE to LAN"
- rule 1 {
- action accept
- description "Drop non-related incoming IPv6"
- state {
- established enable
- related enable
- }
- }
- rule 2 {
- action drop
- state {
- invalid enable
- }
- }
- }
- ipv6-name LAN-to-HE {
- default-action accept
- description "LAN to HE"
- rule 1 {
- action accept
- state {
- established enable
- related enable
- }
- }
- rule 2 {
- action drop
- state {
- invalid enable
- }
- }
- }
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name LAN_IN {
- default-action accept
- description "This is used for blocking external for one device"
- rule 1 {
- action drop
- log disable
- protocol all
- source {
- group {
- address-group Block-going-out
- }
- }
- }
- }
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 21 {
- action accept
- description "allow icmp"
- log disable
- protocol icmp
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- ethernet eth0 {
- address dhcp
- description Internet
- duplex auto
- firewall {
- in {
- name WAN_IN
- }
- local {
- name WAN_LOCAL
- }
- }
- speed auto
- }
- ethernet eth1 {
- duplex auto
- speed auto
- }
- ethernet eth2 {
- duplex auto
- speed auto
- }
- ethernet eth3 {
- address 192.168.99.1/24
- description "temp to toughswitch"
- duplex auto
- speed auto
- vif 5 {
- address 192.168.5.1/24
- mtu 1500
- }
- vif 10 {
- address 192.168.0.1/24
- description manForVM
- mtu 1500
- }
- vif 11 {
- address 192.168.10.1/24
- address 2001:470:1f08:253::1/64
- description unifi
- dhcpv6-options {
- parameters-only
- }
- firewall {
- in {
- ipv6-name LAN-to-HE
- name LAN_IN
- }
- }
- mtu 1500
- }
- vif 50 {
- address 192.168.50.1/24
- description "tivo vlan 50"
- mtu 1500
- }
- vif 90 {
- address 192.168.90.1/24
- description "vlan for powerline"
- mtu 1500
- }
- vif 100 {
- address 192.168.1.1/24
- description "192.168.1.x VLAN"
- }
- }
- ethernet eth4 {
- address 192.168.200.1/24
- description TimeMachine
- duplex auto
- poe {
- output off
- }
- speed auto
- }
- loopback lo {
- }
- switch switch0 {
- description Local
- mtu 1500
- }
- tunnel tun0 {
- address 2001:470:1f08:253::2/64
- description "HE.NET IPv6 Tunnel"
- encapsulation sit
- firewall {
- in {
- ipv6-name HE-to-LAN
- }
- local {
- ipv6-name HE-to-LAN
- }
- }
- local-ip 86.20.231.213
- multicast disable
- remote-ip 216.66.80.26
- ttl 255
- }
- }
- port-forward {
- auto-firewall enable
- hairpin-nat enable
- lan-interface eth2
- lan-interface eth4
- lan-interface eth3.90
- lan-interface eth3.10
- lan-interface eth3.100
- lan-interface eth3.50
- lan-interface eth3.11
- rule 1 {
- description "SSH to media"
- forward-to {
- address 192.168.90.254
- port 22
- }
- original-port 22
- protocol tcp
- }
- rule 2 {
- description "transmission to media"
- forward-to {
- address 192.168.90.254
- port 9091
- }
- original-port 9091
- protocol tcp
- }
- rule 3 {
- description "subsonic to media"
- forward-to {
- address 192.168.90.254
- port 4040
- }
- original-port 4040
- protocol tcp
- }
- rule 4 {
- description openvpn
- forward-to {
- address 192.168.0.2
- port 1194
- }
- original-port 1194
- protocol tcp_udp
- }
- rule 5 {
- description http
- forward-to {
- address 192.168.1.10
- port 80
- }
- original-port 80
- protocol tcp
- }
- rule 6 {
- description https
- forward-to {
- address 192.168.1.10
- port 443
- }
- original-port 443
- protocol tcp
- }
- rule 7 {
- description mqtt
- forward-to {
- address 192.168.10.254
- port 1880
- }
- original-port 1880
- protocol tcp
- }
- rule 8 {
- description Guacamole
- forward-to {
- address 192.168.1.65
- port 8080
- }
- original-port 8080
- protocol tcp
- }
- rule 9 {
- description "SNMP HTTP"
- forward-to {
- address 192.168.1.54
- port 80
- }
- original-port 1234
- protocol tcp
- }
- rule 10 {
- description "media server http"
- forward-to {
- address 192.168.90.254
- port 80
- }
- original-port 1912
- protocol tcp
- }
- rule 11 {
- description rundeck
- forward-to {
- address 192.168.1.56
- port 4440
- }
- original-port 4440
- protocol tcp
- }
- rule 12 {
- description mosquitto
- forward-to {
- address 192.168.10.254
- port 1883
- }
- original-port 1883
- protocol tcp
- }
- wan-interface eth0
- }
- protocols {
- static {
- interface-route6 ::/0 {
- next-hop-interface tun0 {
- }
- }
- }
- }
- service {
- dhcp-server {
- disabled false
- hostfile-update disable
- shared-network-name 192.168.1.x {
- authoritative disable
- subnet 192.168.1.0/24 {
- bootfile-name pxelinux.0
- bootfile-server 192.168.1.100
- default-router 192.168.1.1
- dns-server 192.168.1.254
- lease 86400
- start 192.168.1.20 {
- stop 192.168.1.200
- }
- static-mapping Guacamole {
- ip-address 192.168.1.65
- mac-address 00:50:56:9a:38:e9
- }
- subnet-parameters "filename "/pxe-boot/pxelinux.0";"
- }
- }
- shared-network-name TimeMachine {
- authoritative disable
- subnet 192.168.200.0/24 {
- default-router 192.168.200.1
- dns-server 8.8.8.8
- lease 86400
- start 192.168.200.10 {
- stop 192.168.200.20
- }
- }
- }
- shared-network-name Wifi {
- authoritative disable
- subnet 192.168.10.0/24 {
- default-router 192.168.10.1
- dns-server 192.168.1.254
- domain-name local.home
- lease 86400
- start 192.168.10.50 {
- stop 192.168.10.150
- }
- static-mapping BedroomPi {
- ip-address 192.168.10.51
- mac-address 44:33:4c:3a:d3:29
- }
- static-mapping DashButton {
- ip-address 192.168.10.67
- mac-address 18:74:2e:70:76:cc
- }
- static-mapping Gems-Iphone {
- ip-address 192.168.10.72
- mac-address d4:a3:3d:ac:ce:3f
- }
- static-mapping Gem-work-laptop-4G1DVY1 {
- ip-address 192.168.10.62
- mac-address 34:23:87:58:52:f4
- }
- static-mapping HUAWEI_Mate_10_Pro-7fb61c {
- ip-address 192.168.10.73
- mac-address 94:0e:6b:6c:4b:a8
- }
- static-mapping Peters-MBP {
- ip-address 192.168.10.53
- mac-address f4:0f:24:1c:13:80
- }
- static-mapping Taylors-iPad {
- ip-address 192.168.10.56
- mac-address d0:4f:7e:71:d2:1d
- }
- static-mapping Zachs-Tablet {
- ip-address 192.168.10.64
- mac-address 88:71:e5:c7:5a:bd
- }
- }
- }
- shared-network-name powerline-vlan90 {
- authoritative disable
- subnet 192.168.90.0/24 {
- default-router 192.168.90.1
- dns-server 194.168.4.100
- dns-server 194.168.8.100
- lease 86400
- start 192.168.90.10 {
- stop 192.168.90.100
- }
- }
- }
- static-arp disable
- use-dnsmasq disable
- }
- dns {
- forwarding {
- cache-size 150
- listen-on eth3.5
- listen-on eth3.10
- listen-on eth3.11
- listen-on eth3.50
- listen-on eth3.90
- listen-on eth3.100
- listen-on eth4
- }
- }
- gui {
- http-port 80
- https-port 443
- older-ciphers enable
- }
- nat {
- rule 5010 {
- description "masquerade for WAN"
- outbound-interface eth0
- type masquerade
- }
- }
- snmp {
- community home {
- authorization ro
- client 192.168.1.81
- }
- listen-address 192.168.1.1 {
- port 161
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- unms {
- disable
- }
- }
- system {
- domain-name home.local
- host-name ubnt
- login {
- user peter {
- authentication {
- encrypted-password ****************
- plaintext-password ****************
- }
- level admin
- }
- user ubnt {
- authentication {
- encrypted-password ****************
- }
- level admin
- }
- }
- name-server 192.168.1.254
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- offload {
- hwnat enable
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- time-zone Europe/London
- traffic-analysis {
- dpi enable
- export enable
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement