Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 21 {
- action accept
- description "Allow Ping"
- destination {
- group {
- address-group ADDRv4_eth0
- }
- }
- icmp {
- type 8
- }
- log disable
- protocol icmp
- }
- rule 30 {
- action accept
- description openvpn
- destination {
- port 1194
- }
- protocol udp
- }
- rule 31 {
- action accept
- description "Allow VPN"
- destination {
- address 10.20.28.0/22
- }
- ipsec {
- match-ipsec
- }
- log disable
- protocol all
- source {
- address 10.20.32.0/24
- }
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- ethernet eth0 {
- address dhcp
- address dhcpv6
- description Internet
- duplex auto
- firewall {
- in {
- name WAN_IN
- }
- local {
- name WAN_LOCAL
- }
- }
- speed auto
- }
- ethernet eth1 {
- address 10.20.30.1/22
- address 10.20.30.40/22
- address 10.20.28.1/22
- description LAN
- dhcp-options {
- default-route update
- default-route-distance 210
- name-server update
- }
- duplex auto
- speed auto
- }
- ethernet eth2 {
- description Local
- duplex auto
- speed auto
- }
- loopback lo {
- }
- }
- port-forward {
- auto-firewall enable
- hairpin-nat enable
- lan-interface eth1
- (various service rules)
- wan-interface eth0
- }
- protocols {
- static {
- }
- }
- service {
- dhcp-server {
- disabled false
- hostfile-update enable
- shared-network-name LAN {
- authoritative enable
- subnet 10.20.28.0/22 {
- default-router 10.20.30.40
- dns-server 8.8.8.8
- dns-server 8.8.4.4
- domain-name mydomain.com
- lease 600
- start 10.20.30.100 {
- stop 10.20.30.200
- }
- (static mappings)
- unifi-controller 10.20.31.113
- }
- }
- static-arp disable
- use-dnsmasq disable
- }
- dns {
- forwarding {
- cache-size 150
- listen-on eth1
- listen-on vtun0
- }
- }
- gui {
- http-port 80
- https-port 443
- older-ciphers enable
- }
- nat {
- rule 5010 {
- description "masquerade for WAN"
- outbound-interface eth0
- type masquerade
- }
- }
- snmp {
- community public {
- authorization ro
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- (unms thing)
- upnp {
- listen-on eth1 {
- outbound-interface eth0
- }
- }
- }
- system {
- config-management {
- commit-revisions 10
- }
- conntrack {
- expect-table-size 65536
- hash-size 65536
- table-size 524288
- }
- host-name EdgeRouterLite
- login {
- user hbh7 {
- authentication {
- encrypted-password ****************
- plaintext-password ****************
- public-keys rsa-key-20160821 {
- key ****************
- type ssh-rsa
- }
- }
- full-name "hbh7"
- level admin
- }
- }
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- offload {
- hwnat disable
- ipsec enable
- ipv4 {
- forwarding enable
- gre enable
- pppoe enable
- vlan enable
- }
- ipv6 {
- forwarding enable
- pppoe disable
- vlan enable
- }
- }
- package {
- repository wheezy {
- components "main contrib non-free"
- distribution wheezy
- password ****************
- url http://http.us.debian.org/debian
- username ""
- }
- }
- static-host-mapping {
- host-name router {
- inet 1.1.1.1
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- time-zone America/New_York
- traffic-analysis {
- custom-category Games {
- name "Valve Steam"
- }
- custom-category Web {
- name SSL/TLS
- name QUIC
- }
- dpi enable
- export enable
- }
- }
- traffic-control {
- }
- vpn {
- ipsec {
- auto-firewall-nat-exclude enable
- esp-group FOO0 {
- proposal 1 {
- encryption aes256
- hash sha1
- }
- }
- ike-group FOO0 {
- proposal 1 {
- dh-group 14
- encryption aes256
- hash sha1
- }
- }
- site-to-site {
- peer 128.(IP) {
- authentication {
- mode pre-shared-secret
- pre-shared-secret ****************
- }
- connection-type respond
- description "Dorm Network"
- ike-group FOO0
- local-address any
- tunnel 1 {
- esp-group FOO0
- local {
- prefix 10.20.28.0/22
- }
- remote {
- prefix 10.20.32.0/24
- }
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement