Vyos Config

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. config-trap disable
5. ipv6-name WANv6_IN {
6. default-action drop
7. description "WAN IPv6 naar LAN"
8. rule 10 {
9. action accept
10. description "Allow established/related"
11. state {
12. established enable
13. related enable
14. }
15. }
16. rule 20 {
17. action drop
18. description "Drop invalid state"
19. state {
20. invalid enable
21. }
22. }
23. rule 30 {
24. action accept
25. description "Allow IPv6 icmp"
26. icmpv6 {
27. type echo-request
28. }
29. protocol ipv6-icmp
30. }
31. }
32. ipv6-name WANv6_LOCAL {
33. default-action drop
34. description "WAN IPv6 naar Router"
35. rule 10 {
36. action accept
37. description "Allow established/related"
38. state {
39. established enable
40. related enable
41. }
42. }
43. rule 20 {
44. action drop
45. description "Drop invalid state"
46. state {
47. invalid enable
48. }
49. }
50. rule 30 {
51. action accept
52. description "Allow IPv6 icmp"
53. protocol ipv6-icmp
54. }
55. rule 40 {
56. action accept
57. description "Allow dhcpv6"
58. destination {
59. port 546
60. }
61. protocol udp
62. source {
63. port 547
64. }
65. }
66. }
67. ipv6-receive-redirects disable
68. ipv6-src-route disable
69. ip-src-route disable
70. log-martians enable
71. name wan_in {
72. default-action drop
73. description "WAN naar LAN"
74. rule 10 {
75. action accept
76. description "Allow Established/Related"
77. log disable
78. state {
79. established enable
80. related enable
81. }
82. }
83. rule 20 {
84. action drop
85. description "Drop Invalid State"
86. state {
87. invalid enable
88. }
89. }
90. }
91. name wan_local {
92. default-action drop
93. description "WAN naar Router"
94. rule 10 {
95. action accept
96. description "Allow Established/related"
97. log disable
98. state {
99. established enable
100. invalid disable
101. new disable
102. related enable
103. }
104. }
105. rule 20 {
106. action drop
107. description "Drop Invalid State"
108. state {
109. established disable
110. invalid enable
111. new disable
112. related disable
113. }
114. }
115. }
116. options {
117. interface pppoe0 {
118. adjust-mss 1452
119. }
120. }
121. receive-redirects disable
122. send-redirects enable
123. source-validation disable
124. syn-cookies enable
125. twa-hazards-protection disable
126. }
127. interfaces {
128. ethernet eth0 {
129. description FTTH
130. duplex auto
131. hw-id 90:e2:ba:39:d6:cb
132. mtu 1512
133. speed auto
134. vif 4 {
135. address dhcp
136. description "KPN IPTV"
137. dhcp-options {
138. client-id "request subnet-mask, routers, rfc3442-classless-static-routes;"
139. no-default-route
140. vendor-class-id IPTV_RG
141. }
142. ip {
143. source-validation loose
144. }
145. mtu 1500
146. }
147. vif 6 {
148. firewall {
149. in {
150. name wan_in
151. }
152. local {
153. name wan_in
154. }
155. }
156. mtu 1508
157. }
158. }
159. ethernet eth1 {
160. address 192.168.178.1/24
161. description Thuis
162. duplex auto
163. hw-id 90:e2:ba:39:d6:ca
164. speed auto
165. }
166. loopback lo {
167. }
168. pppoe pppoe0 {
169. authentication {
170. password ppp
171. user [email protected]
172. }
173. default-route auto
174. dhcpv6-options {
175. pd 0 {
176. }
177. }
178. firewall {
179. in {
180. ipv6-name WANv6_IN
181. name wan_in
182. }
183. local {
184. ipv6-name WANv6_LOCAL
185. name wan_local
186. }
187. }
188. idle-timeout 180
189. ipv6 {
190. address {
191. autoconf
192. }
193. }
194. mtu 1492
195. source-interface eth0.6
196. }
197. }
198. nat {
199. source {
200. rule 5000 {
201. description IPTV
202. destination {
203. address 213.75.112.0/21
204. }
205. outbound-interface eth0.4
206. protocol all
207. source {
208. address 192.168.178.0/24
209. }
210. translation {
211. address masquerade
212. }
213. }
214. rule 5010 {
215. description Internet
216. outbound-interface pppoe0
217. protocol all
218. translation {
219. address masquerade
220. }
221. }
222. }
223. }
224. protocols {
225. igmp-proxy {
226. interface eth0.4 {
227. alt-subnet 224.0.0.0/8
228. alt-subnet 0.0.0.0/0
229. role upstream
230. threshold 1
231. }
232. interface eth1 {
233. alt-subnet 192.168.178.0/24
234. role downstream
235. threshold 1
236. }
237. }
238. static {
239. interface-route 0.0.0.0/0 {
240. next-hop-interface pppoe0 {
241. distance 1
242. }
243. }
244. route 213.75.112.0/21 {
245. next-hop 10.213.96.1 {
246. }
247. }
248. }
249. }
250. service {
251. dhcp-server {
252. global-parameters "option vendor-class-identifier code 60 = string;"
253. global-parameters "option broadcast-address code 28 = ip-address;"
254. hostfile-update
255. shared-network-name Thuis {
256. subnet 192.168.178.0/24 {
257. default-router 192.168.178.1
258. dns-server 195.121.1.34
259. lease 86400
260. range Home {
261. start 192.168.178.2
262. stop 192.168.178.250
263. }
264. }
265. }
266. }
267. ssh {
268. }
269. }
270. system {
271. config-management {
272. commit-revisions 100
273. }
274. console {
275. device ttyS0 {
276. speed 115200
277. }
278. }
279. host-name vyos
280. login {
281. user vyos {
282. authentication {
283. encrypted-password $6$AF85oMBV0a$Mtdnk768P29VIUUAZjwHDJW0kA8S/gywbtLGrGtmVErHxZ/wxbld0YmgT87oNhoTiCz4/hJ1TDILJHIhnX/Md0
284. plaintext-password ""
285. }
286. }
287. }
288. ntp {
289. server 0.pool.ntp.org {
290. }
291. server 1.pool.ntp.org {
292. }
293. server 2.pool.ntp.org {
294. }
295. }
296. syslog {
297. global {
298. facility all {
299. level info
300. }
301. facility protocols {
302. level debug
303. }
304. }
305. }
306. }
307.  
308.  
309. // Warning: Do not remove the following line.
310. // vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@1:conntrack-sync@1:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@17:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@6:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webgui@1:webproxy@2:zone-policy@1"
311. // Release version: 1.3-rolling-202012160217
312.