LisbonDaysINN

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name Eth2-Guest {
9. default-action drop
10. description ""
11. rule 1 {
12. action drop
13. description "block all protocols"
14. destination {
15. address 192.168.1.0/24
16. }
17. log enable
18. protocol all
19. }
20. rule 2 {
21. action drop
22. description "block ping"
23. destination {
24. address 192.168.1.0/24
25. }
26. log disable
27. protocol icmp
28. }
29. rule 3 {
30. action accept
31. log disable
32. protocol all
33. }
34. }
35. name WAN_IN {
36. default-action drop
37. description "WAN to internal"
38. rule 10 {
39. action accept
40. state {
41. established enable
42. related enable
43. }
44. }
45. rule 20 {
46. action drop
47. state {
48. invalid enable
49. }
50. }
51. }
52. name WAN_LOCAL {
53. default-action drop
54. description "WAN to router"
55. rule 10 {
56. action accept
57. state {
58. established enable
59. related enable
60. }
61. }
62. rule 20 {
63. action drop
64. state {
65. invalid enable
66. }
67. }
68. }
69. receive-redirects disable
70. send-redirects enable
71. source-validation disable
72. syn-cookies enable
73. }
74. interfaces {
75. ethernet eth0 {
76. address 192.168.1.1/24
77. description Local
78. duplex auto
79. speed auto
80. }
81. ethernet eth1 {
82. address dhcp
83. description Internet
84. duplex auto
85. firewall {
86. in {
87. name WAN_IN
88. }
89. local {
90. name WAN_LOCAL
91. }
92. }
93. speed auto
94. }
95. ethernet eth2 {
96. address 192.168.2.1/24
97. description "Local 2"
98. duplex auto
99. firewall {
100. in {
101. name Eth2-Guest
102. }
103. out {
104. name Eth2-Guest
105. }
106. }
107. speed auto
108. }
109. loopback lo {
110. }
111. }
112. service {
113. dhcp-server {
114. disabled false
115. hostfile-update disable
116. shared-network-name LAN1 {
117. authoritative disable
118. subnet 192.168.1.0/24 {
119. default-router 192.168.1.1
120. dns-server 192.168.1.1
121. lease 86400
122. start 192.168.1.21 {
123. stop 192.168.1.240
124. }
125. }
126. }
127. shared-network-name LAN2 {
128. authoritative disable
129. subnet 192.168.2.0/24 {
130. default-router 192.168.2.1
131. dns-server 192.168.2.1
132. lease 86400
133. start 192.168.2.21 {
134. stop 192.168.2.240
135. }
136. }
137. }
138. }
139. dns {
140. forwarding {
141. cache-size 150
142. listen-on eth0
143. listen-on eth2
144. }
145. }
146. gui {
147. https-port 443
148. }
149. nat {
150. rule 5010 {
151. outbound-interface eth1
152. type masquerade
153. }
154. }
155. ssh {
156. port 22
157. protocol-version v2
158. }
159. }
160. system {
161. host-name ubnt
162. login {
163. user ubnt {
164. authentication {
165. encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
166. }
167. level admin
168. }
169. }
170. ntp {
171. server 0.ubnt.pool.ntp.org {
172. }
173. server 1.ubnt.pool.ntp.org {
174. }
175. server 2.ubnt.pool.ntp.org {
176. }
177. server 3.ubnt.pool.ntp.org {
178. }
179. }
180. syslog {
181. global {
182. facility all {
183. level notice
184. }
185. facility protocols {
186. level debug
187. }
188. }
189. }
190. time-zone UTC
191. }
192.  
193.  
194. /* Warning: Do not remove the following line. */
195. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
196. /* Release version: v1.5.0.4677648.140620.1301 */