API tools faq
paste
Guest User

Untitled

a guest
Feb 5th, 2020
503
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.94 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-receive-redirects disable
  5. ipv6-src-route disable
  6. ip-src-route disable
  7. log-martians enable
  8. name WAN_IN {
  9. default-action drop
  10. description "packets from Internet to the LAN"
  11. rule 1 {
  12. action accept
  13. description "allow established session to the LAN"
  14. log disable
  15. protocol all
  16. state {
  17. established enable
  18. invalid disable
  19. new disable
  20. related enable
  21. }
  22. }
  23. rule 3 {
  24. action drop
  25. description "drop invalid state"
  26. log disable
  27. protocol all
  28. state {
  29. established disable
  30. invalid enable
  31. new disable
  32. related disable
  33. }
  34. }
  35. }
  36. name WAN_LOCAL {
  37. default-action drop
  38. description "packets from Internet to the router"
  39. rule 1 {
  40. action accept
  41. description "allow established session to the router"
  42. log disable
  43. protocol all
  44. state {
  45. established enable
  46. invalid disable
  47. new disable
  48. related enable
  49. }
  50. }
  51. rule 2 {
  52. action drop
  53. description "drop invalid state"
  54. log disable
  55. protocol all
  56. state {
  57. established disable
  58. invalid enable
  59. new disable
  60. related disable
  61. }
  62. }
  63. rule 3 {
  64. action accept
  65. description "allow ping"
  66. log disable
  67. protocol icmp
  68. }
  69. }
  70. receive-redirects disable
  71. send-redirects enable
  72. source-validation disable
  73. syn-cookies enable
  74. }
  75. interfaces {
  76. ethernet eth0 {
  77. address 192.168.2.254/24
  78. description LAN
  79. duplex auto
  80. firewall {
  81. in {
  82. }
  83. local {
  84. }
  85. out {
  86. }
  87. }
  88. speed auto
  89. }
  90. ethernet eth1 {
  91. description WAN
  92. duplex auto
  93. firewall {
  94. in {
  95. }
  96. local {
  97. }
  98. }
  99. speed auto
  100. vif 4 {
  101. address dhcp
  102. description WAN-IPTV
  103. firewall {
  104. in {
  105. }
  106. local {
  107. }
  108. }
  109. mac 1C:74:0D:XX:XX:XX
  110. }
  111. vif 34 {
  112. address dhcp
  113. description WAN-INTERNET
  114. dhcp-options {
  115. default-route update
  116. default-route-distance 50
  117. name-server update
  118. }
  119. firewall {
  120. in {
  121. name WAN_IN
  122. }
  123. local {
  124. name WAN_LOCAL
  125. }
  126. }
  127. mac 1C:74:0D:XX:XX:XX
  128. }
  129. }
  130. ethernet eth2 {
  131. disable
  132. duplex auto
  133. firewall {
  134. in {
  135. }
  136. local {
  137. }
  138. out {
  139. }
  140. }
  141. speed auto
  142. }
  143. loopback lo {
  144. }
  145. }
  146. port-forward {
  147. auto-firewall enable
  148. hairpin-nat enable
  149. lan-interface eth0
  150. rule 1 {
  151. description tv
  152. forward-to {
  153. address 192.168.2.22
  154. port 20222
  155. }
  156. original-port 20222
  157. protocol tcp
  158. }
  159. wan-interface eth1.34
  160. }
  161. protocols {
  162. igmp-proxy {
  163. interface eth0 {
  164. role downstream
  165. threshold 1
  166. whitelist 239.0.0.0/16
  167. whitelist 225.0.71.0/24
  168. whitelist 224.0.0.0/16
  169. }
  170. interface eth1 {
  171. role disabled
  172. threshold 1
  173. }
  174. interface eth1.4 {
  175. alt-subnet 0.0.0.0/0
  176. role upstream
  177. threshold 1
  178. }
  179. interface eth1.34 {
  180. role disabled
  181. threshold 1
  182. }
  183. interface eth2 {
  184. role disabled
  185. threshold 1
  186. }
  187. }
  188. static {
  189. route 185.6.48.0/26 {
  190. next-hop 10.10.28.1 {
  191. }
  192. }
  193. }
  194. }
  195. service {
  196. dhcp-server {
  197. disabled false
  198. hostfile-update disable
  199. shared-network-name LAN {
  200. authoritative disable
  201. subnet 192.168.2.0/24 {
  202. default-router 192.168.2.254
  203. dns-server 192.168.2.254
  204. lease 86400
  205. start 192.168.2.1 {
  206. stop 192.168.2.253
  207. }
  208. static-mapping server {
  209. ip-address 192.168.2.1
  210. mac-address F4:6D:04:E1:0B:1C
  211. }
  212. }
  213. }
  214. use-dnsmasq disable
  215. }
  216. gui {
  217. http-port 80
  218. https-port 443
  219. older-ciphers enable
  220. }
  221. nat {
  222. rule 2 {
  223. description ipv-srtp-abox1
  224. disable
  225. inbound-interface eth1.4
  226. inside-address {
  227. address 192.168.1.20
  228. port 555-65000
  229. }
  230. log disable
  231. protocol udp
  232. source {
  233. address 185.6.48.0/26
  234. }
  235. type destination
  236. }
  237. rule 5000 {
  238. description masquerade
  239. log disable
  240. outbound-interface eth1.34
  241. protocol all
  242. type masquerade
  243. }
  244. rule 5001 {
  245. description iptv1
  246. destination {
  247. }
  248. log disable
  249. outbound-interface eth1.4
  250. protocol all
  251. type masquerade
  252. }
  253. }
  254. ssh {
  255. port 22
  256. protocol-version v2
  257. }
  258. ubnt-discover {
  259. disable
  260. }
  261. upnp2 {
  262. listen-on eth0
  263. nat-pmp disable
  264. secure-mode disable
  265. wan eth1.34
  266. }
  267. }
  268. system {
  269. host-name ubnt
  270. login {
  271. user ubnt {
  272. authentication {
  273. encrypted-password $6$iGIg5gOaNpAx$d8xk1cwrn5H3LJXPeppEf/A5/CFKEzJmQLv75KK4tB5iqn6/owHpSaa6SmyBVHQ2EG9auQLBQqL5TcBKAPlOA.
  274. plaintext-password ""
  275. }
  276. full-name ""
  277. level admin
  278. }
  279. }
  280. ntp {
  281. server 0.ubnt.pool.ntp.org {
  282. }
  283. server 1.ubnt.pool.ntp.org {
  284. }
  285. server 2.ubnt.pool.ntp.org {
  286. }
  287. server 3.ubnt.pool.ntp.org {
  288. }
  289. }
  290. offload {
  291. hwnat disable
  292. ipsec enable
  293. ipv4 {
  294. forwarding enable
  295. vlan enable
  296. }
  297. ipv6 {
  298. forwarding disable
  299. }
  300. }
  301. package {
  302. repository wheezy {
  303. components "main contrib non-free"
  304. distribution wheezy
  305. password ""
  306. url http://http.us.debian.org/debian
  307. username ""
  308. }
  309. repository wheezy-security {
  310. components main
  311. distribution wheezy/updates
  312. password ""
  313. url http://security.debian.org
  314. username ""
  315. }
  316. }
  317. syslog {
  318. global {
  319. facility all {
  320. level notice
  321. }
  322. facility protocols {
  323. level debug
  324. }
  325. }
  326. }
  327. time-zone Europe/Amsterdam
  328. traffic-analysis {
  329. dpi disable
  330. export disable
  331. }
  332. }
  333.  
  334.  
  335. /* Warning: Do not remove the following line. */
  336. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
  337. /* Release version: v1.9.0.4901118.160804.1131 */
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!