firewall { all-ping enable broadcast-ping disable ipv6-name WANv6

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-name WANv6_IN {
5. default-action drop
6. description "WAN IPv6 naar LAN"
7. rule 10 {
8. action accept
9. description "Allow established/related"
10. state {
11. established enable
12. related enable
13. }
14. }
15. rule 20 {
16. action drop
17. description "Drop invalid state"
18. state {
19. invalid enable
20. }
21. }
22. rule 30 {
23. action accept
24. description "Allow IPv6 icmp"
25. icmpv6 {
26. type echo-request
27. }
28. protocol ipv6-icmp
29. }
30. }
31. ipv6-name WANv6_LOCAL {
32. default-action drop
33. description "WAN IPv6 naar Router"
34. rule 10 {
35. action accept
36. description "Allow established/related"
37. state {
38. established enable
39. related enable
40. }
41. }
42. rule 20 {
43. action drop
44. description "Drop invalid state"
45. state {
46. invalid enable
47. }
48. }
49. rule 30 {
50. action accept
51. description "Allow IPv6 icmp"
52. protocol ipv6-icmp
53. }
54. rule 40 {
55. action accept
56. description "Allow dhcpv6"
57. destination {
58. port 546
59. }
60. protocol udp
61. source {
62. port 547
63. }
64. }
65. }
66. ipv6-receive-redirects disable
67. ipv6-src-route disable
68. ip-src-route disable
69. log-martians enable
70. name WAN_IN {
71. default-action drop
72. description "WAN naar LAN"
73. rule 10 {
74. action accept
75. description "Allow established/related"
76. log disable
77. state {
78. established enable
79. related enable
80. }
81. }
82. rule 20 {
83. action drop
84. description "Drop invalid state"
85. state {
86. invalid enable
87. }
88. }
89. }
90. name WAN_LOCAL {
91. default-action drop
92. description "WAN naar Router"
93. rule 10 {
94. action accept
95. description "Allow established/related"
96. log disable
97. state {
98. established enable
99. invalid disable
100. new disable
101. related enable
102. }
103. }
104. rule 20 {
105. action drop
106. description "Drop invalid state"
107. state {
108. established disable
109. invalid enable
110. new disable
111. related disable
112. }
113. }
114. }
115. receive-redirects disable
116. send-redirects enable
117. source-validation disable
118. syn-cookies enable
119. }
120. interfaces {
121. ethernet eth0 {
122. description FTTH
123. duplex auto
124. mtu 1512
125. speed auto
126. vif 4 {
127. address dhcp
128. description "KPN IPTV"
129. dhcp-options {
130. client-option "send vendor-class-identifier "IPTV_RG";"
131. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
132. default-route no-update
133. default-route-distance 210
134. name-server update
135. }
136. mtu 1500
137. }
138. vif 6 {
139. description "KPN Internet"
140. mtu 1508
141. pppoe 0 {
142. default-route auto
143. dhcpv6-pd {
144. no-dns
145. pd 0 {
146. interface eth1 {
147. host-address ::1
148. no-dns
149. prefix-id :1
150. service slaac
151. }
152. prefix-length /48
153. }
154. rapid-commit enable
155. }
156. firewall {
157. in {
158. ipv6-name WANv6_IN
159. name WAN_IN
160. }
161. local {
162. ipv6-name WANv6_LOCAL
163. name WAN_LOCAL
164. }
165. }
166. idle-timeout 180
167. ipv6 {
168. address {
169. autoconf
170. }
171. dup-addr-detect-transmits 1
172. enable {
173. }
174. }
175. mtu 1500
176. name-server auto
177. password ppp
178. user-id XX-XX-XX-XX-XX-XX@internet
179. }
180. }
181. }
182. ethernet eth1 {
183. address 192.168.2.1/24
184. description Thuis
185. duplex auto
186. ipv6 {
187. dup-addr-detect-transmits 1
188. router-advert {
189. cur-hop-limit 64
190. link-mtu 0
191. managed-flag false
192. max-interval 600
193. name-server 2a02:a47f:e000::53
194. name-server 2a02:a47f:e000::54
195. other-config-flag false
196. prefix ::/64 {
197. autonomous-flag true
198. on-link-flag true
199. valid-lifetime 2592000
200. }
201. radvd-options "RDNSS 2a02:a47f:e000::53 2a02:a47f:e000::54 {};"
202. reachable-time 0
203. retrans-timer 0
204. send-advert true
205. }
206. }
207. speed auto
208. }
209. ethernet eth2 {
210. description "Niet in gebruik"
211. duplex auto
212. speed auto
213. }
214. loopback lo {
215. }
216. }
217. protocols {
218. igmp-proxy {
219. interface eth0.4 {
220. alt-subnet 0.0.0.0/0
221. role upstream
222. threshold 1
223. }
224. interface eth0.5 {
225. alt-subnet 0.0.0.0/0
226. role upstream
227. threshold 1
228. }
229. interface eth1 {
230. alt-subnet 0.0.0.0/0
231. role downstream
232. threshold 1
233. }
234. }
235. static {
236. interface-route6 ::/0 {
237. next-hop-interface pppoe0 {
238. }
239. }
240. }
241. }
242. service {
243. dhcp-server {
244. disabled false
245. global-parameters "option vendor-class-identifier code 60 = string;"
246. global-parameters "option broadcast-address code 28 = ip-address;"
247. hostfile-update disable
248. shared-network-name Thuis {
249. authoritative enable
250. subnet 192.168.2.0/24 {
251. lease 86400
252. start 192.168.2.2 {
253. stop 192.168.2.200
254. }
255. }
256. }
257. static-arp disable
258. use-dnsmasq enable
259. }
260. dns {
261. forwarding {
262. cache-size 4000
263. listen-on eth1
264. name-server 1.1.1.1
265. name-server 208.67.220.220
266. name-server 2a02:a47f:e000::53
267. name-server 2a02:a47f:e000::54
268. options listen-address=192.168.2.1
269. }
270. }
271. gui {
272. http-port 80
273. https-port 443
274. older-ciphers enable
275. }
276. nat {
277. rule 5000 {
278. description IPTV
279. destination {
280. address 213.75.112.0/21
281. }
282. log disable
283. outbound-interface eth0.4
284. protocol all
285. source {
286. address 192.168.2.0/24
287. }
288. type masquerade
289. }
290. rule 5010 {
291. description Internet
292. log disable
293. outbound-interface pppoe0
294. protocol all
295. type masquerade
296. }
297. rule 5020 {
298. description AoIP
299. destination {
300. address 239.355.255.0/21
301. }
302. log disable
303. outbound-interface eth0.5
304. protocol all
305. source {
306. address 192.168.2.0/24
307. }
308. type masquerade
309. }
310. }
311. ssh {
312. port 22
313. protocol-version v2
314. }
315. telnet {
316. port 23
317. }
318. unms {
319. disable
320. }
321. }
322. system {
323. domain-name thuis.local
324. host-name Thuis
325. login {
326. user ubnt {
327. authentication {
328. plaintext-password "ubnt"
329. }
330. level admin
331. }
332. }
333. name-server 127.0.0.1
334. ntp {
335. server 0.nl.pool.ntp.org {
336. }
337. server 1.nl.pool.ntp.org {
338. }
339. server ntp0.nl.net {
340. }
341. server ntp1.nl.net {
342. }
343. server time.kpn.net {
344. }
345. }
346. offload {
347. hwnat disable
348. ipsec enable
349. ipv4 {
350. forwarding enable
351. gre enable
352. pppoe enable
353. vlan enable
354. }
355. ipv6 {
356. forwarding enable
357. pppoe disable
358. vlan enable
359. }
360. }
361. syslog {
362. global {
363. facility all {
364. level notice
365. }
366. facility protocols {
367. level debug
368. }
369. }
370. }
371. time-zone Europe/Amsterdam
372. traffic-analysis {
373. dpi disable
374. export disable
375. }
376. }
377.  
378.  
379. /* Warning: Do not remove the following line. */
380. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
381. /* Release version: v1.10.8.5142440.181120.1645 */