Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "firewall": {
- "all-ping": "enable",
- "broadcast-ping": "disable",
- "group": {
- "address-group": {
- "authorized_guests": {
- "description": "authorized guests MAC addresses"
- },
- "guest_allow_addresses": {
- "description": "allow addresses for guests"
- },
- "guest_allow_dns_servers": {
- "description": "allow dns servers for guests"
- },
- "guest_portal_address": {
- "description": "guest portal address"
- },
- "guest_restricted_addresses": {
- "address": [
- "192.168.0.0/16"
- ],
- "description": "restricted addresses for guests"
- },
- "unifi_controller_addresses": {
- "address": [
- "192.168.1.13"
- ]
- }
- },
- "ipv6-network-group": {
- "corporate_networkv6": {
- "description": "IPv6 corporate subnets"
- },
- "guest_networkv6": {
- "description": "IPv6 guest subnets"
- }
- },
- "network-group": {
- "captive_portal_subnets": {
- "description": "captive portal subnets"
- },
- "corporate_network": {
- "description": "corporate subnets",
- "network": [
- "192.168.1.0/24"
- ]
- },
- "guest_allow_subnets": {
- "description": "allow subnets for guests"
- },
- "guest_network": {
- "description": "guest subnets"
- },
- "guest_restricted_subnets": {
- "description": "restricted subnets for guests"
- },
- "remote_client_vpn_network": {
- "description": "remote client VPN subnets"
- },
- "remote_site_vpn_network": {
- "description": "remote site VPN subnets"
- },
- "remote_user_vpn_network": {
- "description": "Remote User VPN subnets"
- }
- },
- "port-group": {
- "guest_portal_ports": {
- "description": "guest portal ports"
- },
- "guest_portal_redirector_ports": {
- "description": "guest portal redirector ports",
- "port": [
- "39080",
- "39443"
- ]
- },
- "unifi_controller_ports-tcp": {
- "description": "unifi tcp ports",
- "port": [
- "8080"
- ]
- },
- "unifi_controller_ports-udp": {
- "description": "unifi udp ports",
- "port": [
- "3478"
- ]
- }
- }
- },
- "ip-src-route": "disable",
- "ipv6-name": {
- "AUTHORIZED_GUESTSv6": {
- "default-action": "drop",
- "description": "authorization check packets from guest network"
- },
- "GUESTv6_IN": {
- "default-action": "accept",
- "description": "packets from guest network",
- "rule": {
- "3001": {
- "action": "drop",
- "description": "drop packets to intranet",
- "destination": {
- "group": {
- "ipv6-network-group": "corporate_networkv6"
- }
- }
- }
- }
- },
- "GUESTv6_LOCAL": {
- "default-action": "drop",
- "description": "packets from guest network to gateway",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow DNS",
- "destination": {
- "port": "53"
- },
- "protocol": "udp"
- },
- "3002": {
- "action": "accept",
- "description": "allow ICMP",
- "protocol": "icmp"
- }
- }
- },
- "GUESTv6_OUT": {
- "default-action": "accept",
- "description": "packets forward to guest network"
- },
- "LANv6_IN": {
- "default-action": "accept",
- "description": "packets from intranet"
- },
- "LANv6_LOCAL": {
- "default-action": "accept",
- "description": "packets from intranet to gateway"
- },
- "LANv6_OUT": {
- "default-action": "accept",
- "description": "packets forward to intranet"
- },
- "WANv6_IN": {
- "default-action": "drop",
- "description": "packets from internet to intranet",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3002": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- }
- }
- },
- "WANv6_LOCAL": {
- "default-action": "drop",
- "description": "packets from internet to gateway",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "Allow neighbor advertisements",
- "icmpv6": {
- "type": "neighbor-advertisement"
- },
- "protocol": "ipv6-icmp"
- },
- "3002": {
- "action": "accept",
- "description": "Allow neighbor solicitation",
- "icmpv6": {
- "type": "neighbor-solicitation"
- },
- "protocol": "ipv6-icmp"
- },
- "3003": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3004": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- }
- }
- },
- "WANv6_OUT": {
- "default-action": "accept",
- "description": "packets to internet"
- }
- },
- "ipv6-receive-redirects": "disable",
- "ipv6-src-route": "disable",
- "log-martians": "enable",
- "modify": {
- "LOAD_BALANCE": {
- "description": "LOAD_BALANCE",
- "rule": {
- "3000": {
- "action": "modify",
- "destination": {
- "address": "185.6.48.0/26"
- },
- "modify": {
- "table": "1"
- },
- "protocol": "all"
- },
- "3001": {
- "action": "accept",
- "destination": {
- "group": {
- "address-group": "NETv4_eth2.34"
- }
- }
- },
- "3002": {
- "action": "accept",
- "destination": {
- "group": {
- "address-group": "NETv4_eth3.4"
- }
- }
- },
- "3003": {
- "action": "accept",
- "destination": {
- "group": {
- "network-group": "corporate_network"
- }
- },
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3004": {
- "action": "accept",
- "destination": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- },
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3005": {
- "action": "accept",
- "destination": {
- "group": {
- "network-group": "remote_site_vpn_network"
- }
- },
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3006": {
- "action": "accept",
- "destination": {
- "group": {
- "network-group": "remote_client_vpn_network"
- }
- },
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3007": {
- "action": "accept",
- "destination": {
- "group": {
- "address-group": "guest_portal_address",
- "port-group": "guest_portal_ports"
- }
- },
- "source": {
- "group": {
- "network-group": "guest_network"
- }
- }
- },
- "3008": {
- "action": "accept",
- "destination": {
- "group": {
- "network-group": "captive_portal_subnets"
- },
- "port": "443"
- },
- "protocol": "tcp",
- "source": {
- "group": {
- "network-group": "guest_network"
- }
- }
- },
- "3009": {
- "action": "accept",
- "destination": {
- "group": {
- "address-group": "guest_allow_addresses"
- }
- },
- "source": {
- "group": {
- "network-group": "guest_network"
- }
- }
- },
- "3010": {
- "action": "modify",
- "modify": {
- "lb-group": "wan_failover"
- }
- }
- }
- }
- },
- "name": {
- "AUTHORIZED_GUESTS": {
- "default-action": "drop",
- "description": "authorization check packets from guest network"
- },
- "GUEST_IN": {
- "default-action": "accept",
- "description": "packets from guest network",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow DNS packets to external name servers",
- "destination": {
- "port": "53"
- },
- "protocol": "tcp_udp"
- },
- "3002": {
- "action": "accept",
- "description": "allow packets to captive portal",
- "destination": {
- "group": {
- "network-group": "captive_portal_subnets"
- },
- "port": "443"
- },
- "protocol": "tcp"
- },
- "3003": {
- "action": "accept",
- "description": "allow packets to allow subnets",
- "destination": {
- "group": {
- "address-group": "guest_allow_addresses"
- }
- }
- },
- "3004": {
- "action": "drop",
- "description": "drop packets to restricted subnets",
- "destination": {
- "group": {
- "address-group": "guest_restricted_addresses"
- }
- }
- },
- "3005": {
- "action": "drop",
- "description": "drop packets to intranet",
- "destination": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3006": {
- "action": "drop",
- "description": "drop packets to remote user",
- "destination": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- }
- },
- "3007": {
- "action": "drop",
- "description": "authorized guests white list",
- "destination": {
- "group": {
- "address-group": "authorized_guests"
- }
- }
- }
- }
- },
- "GUEST_LOCAL": {
- "default-action": "drop",
- "description": "packets from guest network to gateway",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow DNS",
- "destination": {
- "port": "53"
- },
- "protocol": "udp"
- },
- "3002": {
- "action": "accept",
- "description": "allow ICMP",
- "protocol": "icmp"
- },
- "3003": {
- "action": "accept",
- "description": "allow to DHCP server",
- "destination": {
- "port": "67"
- },
- "protocol": "udp",
- "source": {
- "port": "68"
- }
- }
- }
- },
- "GUEST_OUT": {
- "default-action": "accept",
- "description": "packets forward to guest network"
- },
- "LAN_IN": {
- "default-action": "accept",
- "description": "packets from intranet",
- "rule": {
- "6001": {
- "action": "accept",
- "description": "accounting defined network 192.168.1.0/24",
- "source": {
- "address": "192.168.1.0/24"
- }
- }
- }
- },
- "LAN_LOCAL": {
- "default-action": "accept",
- "description": "packets from intranet to gateway"
- },
- "LAN_OUT": {
- "default-action": "accept",
- "description": "packets forward to intranet",
- "rule": {
- "6001": {
- "action": "accept",
- "description": "accounting defined network 192.168.1.0/24",
- "destination": {
- "address": "192.168.1.0/24"
- }
- }
- }
- },
- "WAN_IN": {
- "default-action": "drop",
- "description": "packets from internet to intranet",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3002": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- }
- }
- },
- "WAN_LOCAL": {
- "default-action": "drop",
- "description": "packets from internet to gateway",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3002": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- }
- }
- },
- "WAN_OUT": {
- "default-action": "accept",
- "description": "packets to internet"
- }
- },
- "options": {
- "mss-clamp": {
- "interface-type": [
- "pppoe",
- "pptp",
- "vti"
- ],
- "mss": "1452"
- },
- "mss-clamp6": {
- "interface-type": [
- "pppoe",
- "pptp"
- ],
- "mss": "1452"
- }
- },
- "receive-redirects": "disable",
- "send-redirects": "enable",
- "source-validation": "disable",
- "syn-cookies": "enable"
- },
- "interfaces": {
- "ethernet": {
- "eth0": {
- "address": [
- "192.168.1.1/24"
- ],
- "duplex": "auto",
- "firewall": {
- "in": {
- "ipv6-name": "LANv6_IN",
- "modify": "LOAD_BALANCE",
- "name": "LAN_IN"
- },
- "local": {
- "ipv6-name": "LANv6_LOCAL",
- "name": "LAN_LOCAL"
- },
- "out": {
- "ipv6-name": "LANv6_OUT",
- "name": "LAN_OUT"
- }
- },
- "speed": "auto"
- },
- "eth1": {
- "disable": "''",
- "duplex": "auto",
- "speed": "auto"
- },
- "eth2": {
- "duplex": "auto",
- "speed": "auto",
- "vif": {
- "34": {
- "address": [
- "dhcp"
- ],
- "dhcp-options": {
- "client-option": [
- "retry 60;"
- ],
- "default-route": "update",
- "default-route-distance": "1",
- "name-server": "no-update"
- },
- "firewall": {
- "in": {
- "ipv6-name": "WANv6_IN",
- "name": "WAN_IN"
- },
- "local": {
- "ipv6-name": "WANv6_LOCAL",
- "name": "WAN_LOCAL"
- },
- "out": {
- "ipv6-name": "WANv6_OUT",
- "name": "WAN_OUT"
- }
- }
- }
- }
- },
- "eth3": {
- "duplex": "auto",
- "speed": "auto",
- "vif": {
- "4": {
- "address": [
- "dhcp"
- ],
- "dhcp-options": {
- "client-option": [
- "retry 60;"
- ],
- "default-route": "update",
- "default-route-distance": "220",
- "name-server": "update"
- },
- "firewall": {
- "in": {
- "ipv6-name": "WANv6_IN",
- "name": "WAN_IN"
- },
- "local": {
- "ipv6-name": "WANv6_LOCAL",
- "name": "WAN_LOCAL"
- },
- "out": {
- "ipv6-name": "WANv6_OUT",
- "name": "WAN_OUT"
- }
- }
- }
- }
- }
- },
- "loopback": {
- "lo": "''"
- }
- },
- "load-balance": {
- "group": {
- "wan_failover": {
- "interface": {
- "eth2.34": {
- "route-test": {
- "initial-delay": "20",
- "interval": "10"
- }
- },
- "eth3.4": {
- "failover-only": "''",
- "route-test": {
- "initial-delay": "20",
- "interval": "10"
- }
- }
- },
- "lb-local": "enable",
- "lb-local-metric-change": "enable",
- "sticky": {
- "dest-addr": "enable",
- "dest-port": "enable",
- "source-addr": "enable"
- },
- "transition-script": "/config/scripts/wan-event-report.sh"
- }
- }
- },
- "port-forward": {
- "auto-firewall": "disable",
- "hairpin-nat": "enable",
- "lan-interface": [
- "eth0"
- ],
- "wan-interface": "eth2.34"
- },
- "protocols": {
- "igmp-proxy": {
- "interface": {
- "eth0": {
- "alt-subnet": [
- "0.0.0.0/0"
- ],
- "role": "downstream",
- "threshold": "1"
- },
- "eth3.4": {
- "alt-subnet": [
- "0.0.0.0/0"
- ],
- "role": "upstream",
- "threshold": "1"
- }
- }
- },
- "static": {
- "route": {
- "185.6.48.0/26": {
- "next-hop": {
- "10.10.48.1": "''"
- }
- }
- },
- "table": {
- "1": {
- "route": {
- "0.0.0.0/0": {
- "next-hop": {
- "10.10.48.1": "''"
- }
- }
- }
- }
- }
- }
- },
- "service": {
- "dhcp-server": {
- "disabled": "false",
- "hostfile-update": "enable",
- "shared-network-name": {
- "net_LAN_192.168.1.0-24": {
- "authoritative": "enable",
- "description": "vlan1",
- "subnet": {
- "192.168.1.0/24": {
- "default-router": "192.168.1.1",
- "dns-server": [
- "192.168.1.1"
- ],
- "domain-name": "localdomain",
- "lease": "86400",
- "start": {
- "192.168.1.6": {
- "stop": "192.168.1.254"
- }
- }
- }
- }
- }
- },
- "static-arp": "disable",
- "use-dnsmasq": "disable"
- },
- "dns": {
- "forwarding": {
- "cache-size": "10000",
- "except-interface": [
- "eth2.34",
- "eth3.4"
- ],
- "options": [
- "ptr-record=1.1.168.192.in-addr.arpa,Router",
- "host-record=unifi,192.168.1.13"
- ]
- }
- },
- "gui": {
- "http-port": "80",
- "https-port": "443",
- "older-ciphers": "enable"
- },
- "lldp": {
- "interface": {
- "eth2": {
- "disable": "''"
- },
- "eth3": {
- "disable": "''"
- }
- }
- },
- "nat": {
- "rule": {
- "6001": {
- "description": "MASQ corporate_network to WAN",
- "log": "disable",
- "outbound-interface": "eth2.34",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- },
- "type": "masquerade"
- },
- "6002": {
- "description": "MASQ remote_user_vpn_network to WAN",
- "log": "disable",
- "outbound-interface": "eth2.34",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- },
- "type": "masquerade"
- },
- "6003": {
- "description": "MASQ guest_network to WAN",
- "log": "disable",
- "outbound-interface": "eth2.34",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "guest_network"
- }
- },
- "type": "masquerade"
- },
- "6004": {
- "description": "MASQ eth3.4 out other WAN",
- "log": "disable",
- "outbound-interface": "eth2.34",
- "protocol": "all",
- "source": {
- "group": {
- "address-group": "ADDRv4_eth3.4"
- }
- },
- "type": "masquerade"
- },
- "6005": {
- "description": "MASQ corporate_network to WAN",
- "log": "disable",
- "outbound-interface": "eth3.4",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- },
- "type": "masquerade"
- },
- "6006": {
- "description": "MASQ remote_user_vpn_network to WAN",
- "log": "disable",
- "outbound-interface": "eth3.4",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- },
- "type": "masquerade"
- },
- "6007": {
- "description": "MASQ guest_network to WAN",
- "log": "disable",
- "outbound-interface": "eth3.4",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "guest_network"
- }
- },
- "type": "masquerade"
- },
- "6008": {
- "description": "MASQ eth2.34 out other WAN",
- "log": "disable",
- "outbound-interface": "eth3.4",
- "protocol": "all",
- "source": {
- "group": {
- "address-group": "ADDRv4_eth2.34"
- }
- },
- "type": "masquerade"
- }
- }
- },
- "ssh": {
- "port": "22",
- "protocol-version": "v2"
- }
- },
- "system": {
- "conntrack": {
- "expect-table-size": "2048",
- "hash-size": "32768",
- "modules": {
- "sip": {
- "disable": "''"
- }
- },
- "table-size": "262144",
- "timeout": {
- "icmp": "30",
- "other": "600",
- "tcp": {
- "close": "10",
- "close-wait": "60",
- "established": "7440",
- "fin-wait": "120",
- "last-ack": "30",
- "syn-recv": "60",
- "syn-sent": "120",
- "time-wait": "120"
- },
- "udp": {
- "other": "30",
- "stream": "180"
- }
- }
- },
- "domain-name": "localdomain",
- "host-name": "Router",
- "ip": {
- "override-hostname-ip": "192.168.1.1"
- },
- "login": {
- "user": {
- "marco": {
- "authentication": {
- "encrypted-password": ""
- },
- "level": "admin"
- }
- }
- },
- "name-server": [
- "1.1.1.1",
- "8.8.8.8"
- ],
- "ntp": {
- "server": {
- "0.ubnt.pool.ntp.org": "''",
- "1.ubnt.pool.ntp.org": "''",
- "2.ubnt.pool.ntp.org": "''",
- "3.ubnt.pool.ntp.org": "''"
- }
- },
- "offload": {
- "ipsec": "enable",
- "ipv4": {
- "forwarding": "enable",
- "gre": "enable",
- "pppoe": "enable",
- "vlan": "enable"
- },
- "ipv6": {
- "forwarding": "enable",
- "vlan": "enable"
- }
- },
- "static-host-mapping": {
- "host-name": {
- "setup.ubnt.com": {
- "alias": [
- "setup"
- ],
- "inet": [
- "192.168.1.1"
- ]
- }
- }
- },
- "syslog": {
- "global": {
- "facility": {
- "all": {
- "level": "notice"
- },
- "protocols": {
- "level": "debug"
- }
- }
- }
- },
- "time-zone": "Europe/Brussels",
- "traffic-analysis": {
- "dpi": "enable",
- "export": "disable"
- }
- },
- "unifi": {
- "mgmt": {
- "cfgversion": "7da1e71a6cf1295c"
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement