Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- config-trap disable
- ipv6-name WANv6_IN {
- default-action drop
- description "WAN IPv6 naar LAN"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 30 {
- action accept
- description "Allow IPv6 icmp"
- icmpv6 {
- type echo-request
- }
- protocol ipv6-icmp
- }
- }
- ipv6-name WANv6_LOCAL {
- default-action drop
- description "WAN IPv6 naar Router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 30 {
- action accept
- description "Allow IPv6 icmp"
- protocol ipv6-icmp
- }
- rule 40 {
- action accept
- description "Allow dhcpv6"
- destination {
- port 546
- }
- protocol udp
- source {
- port 547
- }
- }
- }
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name wan_in {
- default-action drop
- description "WAN naar LAN"
- rule 10 {
- action accept
- description "Allow Established/Related"
- log disable
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop Invalid State"
- state {
- invalid enable
- }
- }
- }
- name wan_local {
- default-action drop
- description "WAN naar Router"
- rule 10 {
- action accept
- description "Allow Established/related"
- log disable
- state {
- established enable
- invalid disable
- new disable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop Invalid State"
- state {
- established disable
- invalid enable
- new disable
- related disable
- }
- }
- }
- options {
- interface pppoe0 {
- adjust-mss 1452
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- twa-hazards-protection disable
- }
- interfaces {
- ethernet eth0 {
- description FTTH
- duplex auto
- hw-id 90:e2:ba:39:d6:cb
- mtu 1512
- speed auto
- vif 4 {
- address dhcp
- description "KPN IPTV"
- dhcp-options {
- client-id "request subnet-mask, routers, rfc3442-classless-static-routes;"
- no-default-route
- vendor-class-id IPTV_RG
- }
- ip {
- source-validation loose
- }
- mtu 1500
- }
- vif 6 {
- firewall {
- in {
- name wan_in
- }
- local {
- name wan_in
- }
- }
- mtu 1508
- }
- }
- ethernet eth1 {
- address 192.168.178.1/24
- description Thuis
- duplex auto
- hw-id 90:e2:ba:39:d6:ca
- speed auto
- }
- loopback lo {
- }
- pppoe pppoe0 {
- authentication {
- password ppp
- user pietjepuk@xs4all.nl
- }
- default-route auto
- dhcpv6-options {
- pd 0 {
- }
- }
- firewall {
- in {
- ipv6-name WANv6_IN
- name wan_in
- }
- local {
- ipv6-name WANv6_LOCAL
- name wan_local
- }
- }
- idle-timeout 180
- ipv6 {
- address {
- autoconf
- }
- }
- mtu 1492
- source-interface eth0.6
- }
- }
- nat {
- source {
- rule 5000 {
- description IPTV
- destination {
- address 213.75.112.0/21
- }
- outbound-interface eth0.4
- protocol all
- source {
- address 192.168.178.0/24
- }
- translation {
- address masquerade
- }
- }
- rule 5010 {
- description Internet
- outbound-interface pppoe0
- protocol all
- translation {
- address masquerade
- }
- }
- }
- }
- protocols {
- igmp-proxy {
- interface eth0.4 {
- alt-subnet 224.0.0.0/8
- alt-subnet 0.0.0.0/0
- role upstream
- threshold 1
- }
- interface eth1 {
- alt-subnet 192.168.178.0/24
- role downstream
- threshold 1
- }
- }
- static {
- interface-route 0.0.0.0/0 {
- next-hop-interface pppoe0 {
- distance 1
- }
- }
- route 213.75.112.0/21 {
- next-hop 10.213.96.1 {
- }
- }
- }
- }
- service {
- dhcp-server {
- global-parameters "option vendor-class-identifier code 60 = string;"
- global-parameters "option broadcast-address code 28 = ip-address;"
- hostfile-update
- shared-network-name Thuis {
- subnet 192.168.178.0/24 {
- default-router 192.168.178.1
- dns-server 195.121.1.34
- lease 86400
- range Home {
- start 192.168.178.2
- stop 192.168.178.250
- }
- }
- }
- }
- ssh {
- }
- }
- system {
- config-management {
- commit-revisions 100
- }
- console {
- device ttyS0 {
- speed 115200
- }
- }
- host-name vyos
- login {
- user vyos {
- authentication {
- encrypted-password $6$AF85oMBV0a$Mtdnk768P29VIUUAZjwHDJW0kA8S/gywbtLGrGtmVErHxZ/wxbld0YmgT87oNhoTiCz4/hJ1TDILJHIhnX/Md0
- plaintext-password ""
- }
- }
- }
- ntp {
- server 0.pool.ntp.org {
- }
- server 1.pool.ntp.org {
- }
- server 2.pool.ntp.org {
- }
- }
- syslog {
- global {
- facility all {
- level info
- }
- facility protocols {
- level debug
- }
- }
- }
- }
- // Warning: Do not remove the following line.
- // vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@17:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1"
- // Release version: 1.3-rolling-202012160217
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement