API tools faq
paste
Advertisement
Guest User

Maconf

a guest
Nov 29th, 2023
270
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.77 KB | None | 0 0
raw download clone embed print report
  1. super, merci beaucoup !
  2. la voici
  3. [code]firewall {
  4. all-ping enable
  5. broadcast-ping disable
  6. group {
  7. address-group SSH-clients {
  8. address 82.64.194.117
  9. address 193.168.147.39
  10. description ""
  11. }
  12. address-group Xymon-clients {
  13. address 82.64.194.117
  14. address 193.168.147.39
  15. address 195.154.217.217
  16. description ""
  17. }
  18. ipv6-address-group SSH-clients-IPv6 {
  19. description "Trusted IPv6 clients"
  20. ipv6-address 2a07:abc4::1:10a
  21. ipv6-address 2a01:e0a:512:75f0::/64
  22. ipv6-address 2a01:cb08:91d:3200::/64
  23. ipv6-address 2a01:e0a:5f2:34f0::/64
  24. }
  25. ipv6-address-group Xymon-clients-IPv6 {
  26. description "Xymon clients"
  27. ipv6-address 2a07:abc4::1:10a
  28. ipv6-address 2a01:e0a:512:75f0::/64
  29. }
  30. ipv6-network-group AWS_Lambda-IPv6 {
  31. description "IPv6 pool used by AWS Lambda in subnet subnet-0a2c4021dc001905e"
  32. ipv6-network 2a05:d012:27c:3810::/64
  33. }
  34. ipv6-network-group Free_Mobile-IPv6 {
  35. description "Prefix /64 Free Mobile"
  36. ipv6-network 2a0d:e487:12f:f29b::/64
  37. }
  38. ipv6-network-group Lognes-IPv6 {
  39. description "Reseau makelofine a Lognes"
  40. ipv6-network 2a01:e0a:512:75f0::/64
  41. }
  42. ipv6-network-group Paul {
  43. description "Reseau Paul @Monthry"
  44. ipv6-network 2a01:cb08:91d:3200::/64
  45. }
  46. ipv6-network-group Siouz-IPv6 {
  47. description "Freebox Siouz"
  48. ipv6-network 2a01:e0a:5f2:34f0::/64
  49. }
  50. }
  51. ipv6-name WANv6_IN {
  52. default-action drop
  53. description "WAN inbound traffic forwarded to LAN"
  54. enable-default-log
  55. rule 10 {
  56. action accept
  57. description "Allow established/related sessions"
  58. log disable
  59. state {
  60. established enable
  61. related enable
  62. }
  63. }
  64. rule 20 {
  65. action drop
  66. description "Drop invalid state"
  67. log disable
  68. state {
  69. invalid enable
  70. }
  71. }
  72. rule 25 {
  73. action accept
  74. description "Allow ICMPv6"
  75. log disable
  76. protocol icmpv6
  77. }
  78. rule 30 {
  79. action accept
  80. description "SSH to walter from trusted clients"
  81. destination {
  82. address 2a01:0e0a:0348:bda0:1337::2
  83. port 22
  84. }
  85. log disable
  86. protocol tcp
  87. source {
  88. group {
  89. ipv6-address-group SSH-clients-IPv6
  90. }
  91. }
  92. }
  93. rule 40 {
  94. action accept
  95. description "Xymon to walter"
  96. destination {
  97. address 2a01:0e0a:0348:bda0:1337::2
  98. port 1984
  99. }
  100. log disable
  101. protocol tcp
  102. source {
  103. group {
  104. ipv6-address-group Xymon-clients-IPv6
  105. }
  106. }
  107. }
  108. rule 42 {
  109. action accept
  110. description "Xymon to walter"
  111. destination {
  112. address 2a01:0e0a:0348:bda0:1337::2
  113. port 1984
  114. }
  115. log disable
  116. protocol tcp
  117. source {
  118. group {
  119. ipv6-network-group Lognes-IPv6
  120. }
  121. }
  122. }
  123. rule 50 {
  124. action accept
  125. description "HTTP/HTTPS to walter"
  126. destination {
  127. address 2a01:0e0a:0348:bda0:1337::2
  128. port 80,443
  129. }
  130. log disable
  131. protocol tcp
  132. state {
  133. established enable
  134. new enable
  135. }
  136. }
  137. rule 60 {
  138. action accept
  139. description "DNS to walter"
  140. destination {
  141. address 2a01:0e0a:0348:bda0:1337::2
  142. port 53
  143. }
  144. log disable
  145. protocol tcp_udp
  146. state {
  147. established enable
  148. new enable
  149. }
  150. }
  151. rule 70 {
  152. action reject
  153. description "IMAP/POP3 to walter"
  154. destination {
  155. address 2a01:0e0a:0348:bda0:1337::2
  156. port 110,143,993,995
  157. }
  158. log disable
  159. protocol tcp
  160. }
  161. rule 80 {
  162. action accept
  163. description "SMTP to walter"
  164. destination {
  165. address 2a01:0e0a:0348:bda0:1337::2
  166. port 25,465,587
  167. }
  168. log disable
  169. protocol tcp
  170. }
  171. rule 90 {
  172. action accept
  173. description "Plex to walter"
  174. destination {
  175. address 2a01:0e0a:0348:bda0:1337::2
  176. port 32400
  177. }
  178. log disable
  179. protocol tcp
  180. }
  181. }
  182. ipv6-name wan_local-6 {
  183. default-action drop
  184. description "WAN inbound traffic to the router"
  185. enable-default-log
  186. rule 10 {
  187. action accept
  188. description "Allow established/related sessions"
  189. log disable
  190. state {
  191. established enable
  192. related enable
  193. }
  194. }
  195. rule 15 {
  196. action accept
  197. description "Allow DHCPv6"
  198. destination {
  199. port 546
  200. }
  201. log disable
  202. protocol udp
  203. source {
  204. port 547
  205. }
  206. }
  207. rule 20 {
  208. action drop
  209. description "Drop invalid state"
  210. log disable
  211. state {
  212. invalid enable
  213. }
  214. }
  215. rule 25 {
  216. action accept
  217. description "Allow ICMPv6"
  218. log disable
  219. protocol icmpv6
  220. }
  221. rule 30 {
  222. action accept
  223. description "SSH to walter from trusted clients"
  224. destination {
  225. address 2a01:0e0a:0348:bda0:1337::2
  226. port 22
  227. }
  228. log disable
  229. protocol tcp
  230. source {
  231. group {
  232. ipv6-address-group SSH-clients-IPv6
  233. }
  234. }
  235. }
  236. rule 40 {
  237. action accept
  238. description "Xymon to walter"
  239. destination {
  240. address 2a01:0e0a:0348:bda0:1337::2
  241. port 1984
  242. }
  243. log disable
  244. protocol tcp
  245. source {
  246. group {
  247. ipv6-address-group Xymon-clients-IPv6
  248. }
  249. }
  250. }
  251. rule 42 {
  252. action accept
  253. description "Xymon to walter"
  254. destination {
  255. address 2a01:0e0a:0348:bda0:1337::2
  256. port 1984
  257. }
  258. log disable
  259. protocol tcp
  260. source {
  261. group {
  262. ipv6-network-group Lognes-IPv6
  263. }
  264. }
  265. }
  266. rule 50 {
  267. action accept
  268. description "HTTP/HTTPS to walter"
  269. destination {
  270. address 2a01:0e0a:0348:bda0:1337::2
  271. port 80,443
  272. }
  273. log disable
  274. protocol tcp
  275. state {
  276. established enable
  277. new enable
  278. }
  279. }
  280. rule 60 {
  281. action accept
  282. description "DNS to walter"
  283. destination {
  284. address 2a01:0e0a:0348:bda0:1337::2
  285. port 53
  286. }
  287. log disable
  288. protocol tcp_udp
  289. }
  290. rule 70 {
  291. action reject
  292. description "IMAP/POP3 to walter"
  293. destination {
  294. address 2a01:0e0a:0348:bda0:1337::2
  295. port 110,143,993,995
  296. }
  297. log disable
  298. protocol tcp
  299. }
  300. rule 80 {
  301. action accept
  302. description "SMTP to walter"
  303. destination {
  304. address 2a01:0e0a:0348:bda0:1337::2
  305. port 25,465,587
  306. }
  307. log disable
  308. protocol tcp
  309. }
  310. rule 90 {
  311. action accept
  312. description "Plex to walter"
  313. destination {
  314. address 2a01:0e0a:0348:bda0:1337::2
  315. port 32400
  316. }
  317. log disable
  318. protocol tcp
  319. }
  320. }
  321. ipv6-receive-redirects disable
  322. ipv6-src-route disable
  323. ip-src-route disable
  324. log-martians enable
  325. name SSH {
  326. default-action accept
  327. description ""
  328. rule 1 {
  329. action accept
  330. destination {
  331. address 82.65.79.87
  332. port 22
  333. }
  334. log disable
  335. protocol tcp
  336. source {
  337. group {
  338. address-group SSH-clients
  339. }
  340. }
  341. state {
  342. established enable
  343. invalid disable
  344. new enable
  345. related disable
  346. }
  347. }
  348. }
  349. name WAN_IN {
  350. default-action drop
  351. description "WAN to internal"
  352. rule 10 {
  353. action accept
  354. description "Allow established/related"
  355. log disable
  356. state {
  357. established enable
  358. related enable
  359. }
  360. }
  361. rule 20 {
  362. action drop
  363. description "Drop invalid state"
  364. log disable
  365. state {
  366. invalid enable
  367. }
  368. }
  369. }
  370. name WAN_LOCAL {
  371. default-action drop
  372. description "WAN to router"
  373. rule 10 {
  374. action accept
  375. description "Allow established/related"
  376. log disable
  377. state {
  378. established enable
  379. related enable
  380. }
  381. }
  382. rule 20 {
  383. action drop
  384. description "Drop invalid state"
  385. log disable
  386. state {
  387. invalid enable
  388. }
  389. }
  390. }
  391. name Xymon {
  392. default-action accept
  393. description ""
  394. rule 1 {
  395. action accept
  396. destination {
  397. address 82.65.79.87
  398. port 1984
  399. }
  400. log enable
  401. protocol tcp
  402. source {
  403. group {
  404. address-group Xymon-clients
  405. }
  406. }
  407. state {
  408. established enable
  409. invalid disable
  410. new enable
  411. related disable
  412. }
  413. }
  414. }
  415. receive-redirects disable
  416. send-redirects enable
  417. source-validation disable
  418. syn-cookies enable
  419. }
  420. interfaces {
  421. ethernet eth0 {
  422. address dhcp
  423. description Internet
  424. dhcpv6-pd {
  425. pd 0 {
  426. interface switch0 {
  427. host-address ::1
  428. service slaac
  429. }
  430. prefix-length /64
  431. }
  432. rapid-commit enable
  433. }
  434. duplex auto
  435. firewall {
  436. in {
  437. ipv6-name WANv6_IN
  438. }
  439. local {
  440. ipv6-name wan_local-6
  441. name WAN_LOCAL
  442. }
  443. }
  444. ipv6 {
  445. address {
  446. }
  447. dup-addr-detect-transmits 1
  448. }
  449. speed auto
  450. }
  451. ethernet eth1 {
  452. description Local
  453. duplex auto
  454. speed auto
  455. }
  456. ethernet eth2 {
  457. description Local
  458. duplex auto
  459. speed auto
  460. }
  461. ethernet eth3 {
  462. description Local
  463. duplex auto
  464. speed auto
  465. }
  466. ethernet eth4 {
  467. description Local
  468. duplex auto
  469. poe {
  470. output off
  471. }
  472. speed auto
  473. }
  474. loopback lo {
  475. }
  476. switch switch0 {
  477. address 192.168.1.254/24
  478. address 2a01:e0a:348:bda0::1/64
  479. address fe80::7:1/64
  480. description Local
  481. firewall {
  482. out {
  483. ipv6-name wan_local-6
  484. }
  485. }
  486. ipv6 {
  487. dup-addr-detect-transmits 1
  488. router-advert {
  489. cur-hop-limit 64
  490. link-mtu 0
  491. managed-flag false
  492. max-interval 600
  493. other-config-flag true
  494. prefix 2a01:e0a:348:bda0::/64 {
  495. autonomous-flag true
  496. on-link-flag true
  497. valid-lifetime 2592000
  498. }
  499. radvd-options "RDNSS 2a01:e0a:348:bda0:1337::2 2a07:abc4::1:10a {};"
  500. reachable-time 0
  501. retrans-timer 0
  502. send-advert true
  503. }
  504. }
  505. mtu 1500
  506. switch-port {
  507. interface eth1 {
  508. }
  509. interface eth2 {
  510. }
  511. interface eth3 {
  512. }
  513. interface eth4 {
  514. }
  515. vlan-aware disable
  516. }
  517. }
  518. }
  519. port-forward {
  520. auto-firewall enable
  521. hairpin-nat enable
  522. lan-interface switch0
  523. rule 1 {
  524. description SMTP
  525. forward-to {
  526. address 192.168.1.7
  527. }
  528. original-port 25
  529. protocol tcp
  530. }
  531. rule 2 {
  532. description HTTP
  533. forward-to {
  534. address 192.168.1.7
  535. }
  536. original-port 80
  537. protocol tcp
  538. }
  539. rule 3 {
  540. description HTTPS
  541. forward-to {
  542. address 192.168.1.7
  543. }
  544. original-port 443
  545. protocol tcp
  546. }
  547. rule 4 {
  548. description SMTPS
  549. forward-to {
  550. address 192.168.1.7
  551. }
  552. original-port 465
  553. protocol tcp
  554. }
  555. rule 5 {
  556. description SMTPS2
  557. forward-to {
  558. address 192.168.1.7
  559. }
  560. original-port 587
  561. protocol tcp
  562. }
  563. rule 6 {
  564. description DNS
  565. forward-to {
  566. address 192.168.1.7
  567. }
  568. original-port 53
  569. protocol tcp_udp
  570. }
  571. wan-interface eth0
  572. }
  573. protocols {
  574. static {
  575. route6 ::/0 {
  576. next-hop fe80::72fc:8fff:fe68:2c36 {
  577. interface eth0
  578. }
  579. }
  580. }
  581. }
  582. service {
  583. dhcp-server {
  584. disabled false
  585. hostfile-update disable
  586. shared-network-name LAN {
  587. authoritative enable
  588. disable
  589. subnet 192.168.1.0/24 {
  590. default-router 192.168.1.254
  591. dns-server 192.168.1.254
  592. lease 86400
  593. start 192.168.1.38 {
  594. stop 192.168.1.243
  595. }
  596. }
  597. }
  598. static-arp disable
  599. use-dnsmasq disable
  600. }
  601. dhcpv6-server {
  602. shared-network-name ipv6_dns {
  603. name-server 2a01:e0a:348:bda0:1337::2
  604. name-server 2a07:abc4::1:10a
  605. subnet 2a01:e0a:348:bda0::/64 {
  606. domain-search lan
  607. domain-search makelofine.org
  608. domain-search noisy.makelofine.org
  609. domain-search lognes.makelofine.org
  610. name-server 2a01:e0a:348:bda0:1337::2
  611. name-server 2a07:abc4::1:10a
  612. }
  613. }
  614. }
  615. dns {
  616. }
  617. gui {
  618. http-port 80
  619. https-port 443
  620. older-ciphers disable
  621. }
  622. nat {
  623. rule 1 {
  624. description SSH
  625. destination {
  626. address 82.65.79.87
  627. port 22
  628. }
  629. inbound-interface eth0
  630. inside-address {
  631. address 192.168.1.7
  632. port 22
  633. }
  634. log disable
  635. protocol tcp
  636. source {
  637. group {
  638. address-group SSH-clients
  639. }
  640. }
  641. type destination
  642. }
  643. rule 2 {
  644. description Xymon
  645. destination {
  646. address 82.65.79.87
  647. port 1984
  648. }
  649. inbound-interface eth0
  650. inside-address {
  651. address 192.168.1.7
  652. port 1984
  653. }
  654. log disable
  655. protocol tcp
  656. source {
  657. group {
  658. address-group Xymon-clients
  659. }
  660. }
  661. type destination
  662. }
  663. rule 5010 {
  664. description "masquerade for WAN"
  665. log disable
  666. outbound-interface eth0
  667. type masquerade
  668. }
  669. }
  670. ssh {
  671. port 22
  672. protocol-version v2
  673. }
  674. ubnt-discover {
  675. disable
  676. }
  677. unms {
  678. disable
  679. }
  680. }
  681. system {
  682. analytics-handler {
  683. send-analytics-report false
  684. }
  685. conntrack {
  686. expect-table-size 2048
  687. hash-size 32768
  688. modules {
  689. rtsp {
  690. enable
  691. }
  692. }
  693. table-size 262144
  694. }
  695. crash-handler {
  696. send-crash-report false
  697. }
  698. host-name imperator
  699. login {
  700. user doctor {
  701. authentication {
  702. encrypted-password $5$tTuNeDevinerasJamais!
  703. plaintext-password ""
  704. public-keys user@pc3 {
  705. key AAAAB3NzaC1yc2EAAAADAQABAAABAQCE+VT/ahDoAkyRwVTNwOsEyroL4aOybPLNstWM7H0YyNz6vsTwu4m7TQFSU/wOqJ8ZHnnDjSFFKckRSixQnTBYn/2IWoOPxlkDY+cZg7C9gY2tyPsCvXi8xV0X8nSGiVPVL4HMPZoXjgzcMtXeJiK1bsfykY9GkhHjwv3LTMwEhLIVxtn2YX+b5mpuKCp6Y9D/7I0vexAB+gDFt59AC6ujuXhlYPxjLqU9AtOXBFhw6/ByvKybCkZ6VgpXFwaRRPML6DMxLan0GFro6cn2HdEI/A4/HDIDLrtCraqaBn9mRmJN7BS2wLE4OsLKGkFY8kJlsREuwnfFKi4vXuks+3cl
  706. type ssh-rsa
  707. }
  708. public-keys user@pc1 {
  709. key AAAAC3NzaC1lZDI1NTE5AAAAIFChfYqLEZjAuGBq/VmzWXRGAwm6XlzSNNqmpq6nlmZw
  710. type ssh-ed25519
  711. }
  712. public-keys user@pc2 {
  713. key AAAAB3NzaC1yc2EAAAADAQABAAABAQDA2/ExYTids7TCLs2VaXxfNxd7GT6nGFO3bmH32tuBh2wuHvLgPwoFXsnjGp3wJQd/0cMhv8fkd/2luX2rXBvNo0rL+ZkA8iqYFXOri1f1BGnM+QYUjPOglr1SYLnqIkQBV6rS044EedLaDOSqCfXeRAKUXUgbE9Xh0iFOoGaho6GnMR05i9tmMi7MINPY1U+6OvMXqtjgn7aSA0JE2p9AxECRjpCg1k/ijFdZ4+E52wOTpJYdgsgGgEw46DHC834je4/cnR2ehHTA0OUvUMbFZNrYBC9e7SI5wDZ2F2fBDxXuOx0ar+H3SNdoc0V8VRjbhaXONQDZaYeCHf2LlKTN
  714. type ssh-rsa
  715. }
  716. }
  717. full-name doctor
  718. level admin
  719. }
  720. }
  721. name-server 192.168.1.7
  722. name-server 193.168.147.39
  723. name-server 212.27.40.240
  724. name-server 2a01:e0a:348:bda1::1337:2
  725. name-server 2001:41d0:404:200::c4d
  726. ntp {
  727. server 0.ubnt.pool.ntp.org {
  728. }
  729. server 1.ubnt.pool.ntp.org {
  730. }
  731. server 2.ubnt.pool.ntp.org {
  732. }
  733. server 3.ubnt.pool.ntp.org {
  734. }
  735. }
  736. offload {
  737. hwnat enable
  738. }
  739. package {
  740. repository stretch {
  741. components "main contrib non-free"
  742. distribution stretch
  743. password ""
  744. url http://archive.debian.org/debian
  745. username ""
  746. }
  747. }
  748. syslog {
  749. global {
  750. facility all {
  751. level notice
  752. }
  753. facility protocols {
  754. level debug
  755. }
  756. }
  757. host 192.168.1.7 {
  758. facility all {
  759. level warning
  760. }
  761. }
  762. }
  763. time-zone Europe/Paris
  764. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!