Guest User

Untitled

a guest
Aug 30th, 2015
285
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. group {
  5. network-group LocalNetworks {
  6. description ""
  7. network 10.0.0.0/8
  8. network 172.16.0.0/12
  9. network 192.168.0.0/16
  10. }
  11. port-group UnwantedPorts {
  12. description ""
  13. port smtp
  14. port 67-68
  15. port 135-139
  16. port 213
  17. port 389
  18. port 445
  19. port 464
  20. }
  21. }
  22. ipv6-receive-redirects disable
  23. ipv6-src-route disable
  24. ip-src-route disable
  25. log-martians enable
  26. name WAN_IN {
  27. default-action drop
  28. description "WAN to Internal"
  29. enable-default-log
  30. rule 1 {
  31. action accept
  32. description "Allow established/related"
  33. log enable
  34. protocol all
  35. state {
  36. established enable
  37. invalid disable
  38. new disable
  39. related enable
  40. }
  41. }
  42. rule 2 {
  43. action drop
  44. description "Drop invalid state"
  45. log enable
  46. protocol all
  47. state {
  48. established disable
  49. invalid enable
  50. new disable
  51. related disable
  52. }
  53. }
  54. }
  55. name WAN_LOCAL {
  56. default-action drop
  57. description "WAN to router"
  58. enable-default-log
  59. rule 1 {
  60. action accept
  61. description "Allow established/related"
  62. log disable
  63. protocol all
  64. state {
  65. established enable
  66. invalid disable
  67. new disable
  68. related enable
  69. }
  70. }
  71. rule 2 {
  72. action drop
  73. description "Drop invalid state"
  74. log disable
  75. protocol all
  76. state {
  77. established disable
  78. invalid enable
  79. new disable
  80. related disable
  81. }
  82. }
  83. }
  84. name WAN_OUT {
  85. default-action accept
  86. enable-default-log
  87. rule 1 {
  88. action accept
  89. description "Allow SMTP to KPN"
  90. destination {
  91. address 213.75.63.13
  92. port 25
  93. }
  94. log disable
  95. protocol tcp
  96. source {
  97. address 192.168.2.0/24
  98. }
  99. }
  100. rule 2 {
  101. action drop
  102. description "Block unwanted outgoing traffic"
  103. destination {
  104. group {
  105. port-group UnwantedPorts
  106. }
  107. }
  108. log enable
  109. protocol tcp_udp
  110. }
  111. rule 3 {
  112. action drop
  113. description "Block private IP-spaces from entering WAN"
  114. destination {
  115. group {
  116. network-group LocalNetworks
  117. }
  118. }
  119. log enable
  120. protocol all
  121. }
  122. }
  123. options {
  124. }
  125. receive-redirects disable
  126. send-redirects enable
  127. source-validation disable
  128. syn-cookies enable
  129. }
  130. interfaces {
  131. bridge br0 {
  132. aging 300
  133. bridged-conntrack disable
  134. description "br0 - Telefonie"
  135. hello-time 2
  136. max-age 20
  137. priority 32768
  138. promiscuous disable
  139. stp false
  140. }
  141. ethernet eth0 {
  142. description "eth0 - FTTH"
  143. duplex auto
  144. mtu 1512
  145. speed auto
  146. vif 4 {
  147. address dhcp
  148. description "VLAN 0.4 - IPTV"
  149. dhcp-options {
  150. client-option "send vendor-class-identifier "IPTV_RG";"
  151. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  152. default-route no-update
  153. default-route-distance 254
  154. name-server update
  155. }
  156. }
  157. vif 6 {
  158. description "VLAN 0.6 - Internet"
  159. firewall {
  160. }
  161. mtu 1508
  162. pppoe 0 {
  163. default-route auto
  164. firewall {
  165. in {
  166. name WAN_IN
  167. }
  168. local {
  169. name WAN_LOCAL
  170. }
  171. out {
  172. name WAN_OUT
  173. }
  174. }
  175. idle-timeout 180
  176. mtu 1500
  177. name-server auto
  178. password kpn
  179. user-id macadres@internet
  180. }
  181. }
  182. vif 7 {
  183. bridge-group {
  184. bridge br0
  185. }
  186. description "VLAN 0.7 - Telefonie"
  187. }
  188. }
  189. ethernet eth1 {
  190. address 192.168.2.1/24
  191. description "eth1 - Internet & IPTV"
  192. duplex auto
  193. speed auto
  194. }
  195. ethernet eth2 {
  196. bridge-group {
  197. bridge br0
  198. }
  199. description "eth2 - ExperiaBox"
  200. duplex auto
  201. speed auto
  202. }
  203. loopback lo {
  204. }
  205. }
  206. protocols {
  207. igmp-proxy {
  208. interface eth0.4 {
  209. alt-subnet 10.142.64.0/28
  210. alt-subnet 213.75.112.0/21
  211. role upstream
  212. threshold 1
  213. }
  214. interface eth1 {
  215. role downstream
  216. threshold 1
  217. }
  218. }
  219. static {
  220. route 213.75.112.0/21 {
  221. next-hop 10.166.128.1 {
  222. }
  223. }
  224. }
  225. }
  226. service {
  227. dhcp-server {
  228. disabled false
  229. global-parameters "option vendor-class-identifier code 60 = string;"
  230. global-parameters "option broadcast-address code 28 = ip-address;"
  231. hostfile-update disable
  232. shared-network-name LAN {
  233. authoritative enable
  234. subnet 192.168.2.0/24 {
  235. default-router 192.168.2.1
  236. dns-server 208.67.222.123
  237. dns-server 208.67.220.123
  238. lease 86400
  239. start 192.168.2.20 {
  240. stop 192.168.2.254
  241. }
  242. subnet-parameters "option vendor-class-identifier "IPTV_RG";"
  243. subnet-parameters "option broadcast-address 192.168.2.255;"
  244. }
  245. }
  246. }
  247. dns {
  248. forwarding {
  249. cache-size 150
  250. listen-on eth1
  251. name-server 208.67.222.222
  252. name-server 208.67.220.220
  253. options listen-address=192.168.2.1
  254. }
  255. }
  256. gui {
  257. https-port 443
  258. }
  259. nat {
  260. rule 5000 {
  261. description IPTV
  262. destination {
  263. address 10.142.64.0/18
  264. }
  265. log disable
  266. outbound-interface eth0.4
  267. protocol all
  268. source {
  269. }
  270. type masquerade
  271. }
  272. rule 5001 {
  273. description IPTV
  274. destination {
  275. address 213.75.112.0/21
  276. }
  277. log disable
  278. outbound-interface eth0.4
  279. protocol all
  280. source {
  281. }
  282. type masquerade
  283. }
  284. rule 5002 {
  285. description "KPN Internet"
  286. log enable
  287. outbound-interface pppoe0
  288. protocol all
  289. source {
  290. address 192.168.2.0/24
  291. }
  292. type masquerade
  293. }
  294. }
  295. ssh {
  296. port 22
  297. protocol-version v2
  298. }
  299. }
  300. system {
  301. host-name ubnt
  302. login {
  303. user ubnt {
  304. authentication {
  305. encrypted-password "$1$zKNoUbAo$gomzUbYvgyUMcD436Wo66."
  306. }
  307. full-name Admin
  308. level admin
  309. }
  310. }
  311. ntp {
  312. server 0.ubnt.pool.ntp.org {
  313. }
  314. server 1.ubnt.pool.ntp.org {
  315. }
  316. server 2.ubnt.pool.ntp.org {
  317. }
  318. server 3.ubnt.pool.ntp.org {
  319. }
  320. }
  321. offload {
  322. ipv4 {
  323. forwarding enable
  324. pppoe enable
  325. vlan enable
  326. }
  327. }
  328. syslog {
  329. global {
  330. facility all {
  331. level notice
  332. }
  333. facility protocols {
  334. level debug
  335. }
  336. }
  337. }
  338. time-zone UTC
  339. traffic-analysis {
  340. dpi enable
  341. export enable
  342. }
  343. }
  344.  
  345.  
  346. /* Warning: Do not remove the following line. */
  347. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  348. /* Release version: v1.7.0.4783374.150622.1534 */
RAW Paste Data