White Boy Config

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-name WANv6_IN {
5. default-action drop
6. description "WAN inbound traffic forwarded to LAN"
7. enable-default-log
8. rule 10 {
9. action accept
10. description "Allow established/related sessions"
11. state {
12. established enable
13. related enable
14. }
15. }
16. rule 20 {
17. action drop
18. description "Drop invalid state"
19. state {
20. invalid enable
21. }
22. }
23. }
24. :
25. firewall {
26. all-ping enable
27. broadcast-ping disable
28. ipv6-name WANv6_IN {
29. default-action drop
30. description "WAN inbound traffic forwarded to LAN"
31. enable-default-log
32. rule 10 {
33. action accept
34. description "Allow established/related sessions"
35. state {
36. established enable
37. related enable
38. }
39. }
40. rule 20 {
41. action drop
42. description "Drop invalid state"
43. state {
44. invalid enable
45. }
46. }
47. }
48. ipv6-name WANv6_LOCAL {
49. default-action drop
50. description "WAN inbound traffic to the router"
51. enable-default-log
52. rule 10 {
53. action accept
54. description "Allow established/related sessions"
55. state {
56. established enable
57. related enable
58. }
59. }
60. rule 20 {
61. action drop
62. description "Drop invalid state"
63. state {
64. invalid enable
65. }
66. }
67. rule 30 {
68. action accept
69. description "Allow IPv6 icmp"
70. protocol ipv6-icmp
71. }
72. rule 40 {
73. action accept
74. description "allow dhcpv6"
75. destination {
76. port 546
77. }
78. protocol udp
79. source {
80. port 547
81. }
82. }
83. }
84. ipv6-receive-redirects disable
85. ipv6-src-route disable
86. ip-src-route disable
87. log-martians enable
88. name WAN_IN {
89. default-action drop
90. description "WAN to internal"
91. rule 10 {
92. action accept
93. description "Allow established/related"
94. state {
95. established enable
96. related enable
97. }
98. }
99. rule 20 {
100. action drop
101. description "Drop invalid state"
102. state {
103. invalid enable
104. }
105. }
106. }
107. name WAN_LOCAL {
108. default-action drop
109. description "WAN to router"
110. rule 10 {
111. action accept
112. description "Allow established/related"
113. state {
114. established enable
115. related enable
116. }
117. }
118. rule 20 {
119. action accept
120. description "Allow VPN Ping"
121. destination {
122. address 192.168.1.0/24
123. }
124. ipsec {
125. match-ipsec
126. }
127. log disable
128. protocol icmp
129. source {
130. address 192.168.2.0/24
131. }
132. state {
133. established enable
134. invalid disable
135. new enable
136. related enable
137. }
138. }
139. rule 30 {
140. action drop
141. description "Drop invalid state"
142. state {
143. invalid enable
144. }
145. }
146. }
147. receive-redirects disable
148. send-redirects enable
149. source-validation disable
150. syn-cookies enable
151. }
152. interfaces {
153. ethernet eth0 {
154. address dhcp
155. description Internet
156. dhcpv6-pd {
157. pd 0 {
158. interface eth1 {
159. host-address ::1
160. prefix-id :1
161. service slaac
162. }
163. interface eth2 {
164. host-address ::1
165. prefix-id :2
166. service slaac
167. }
168. prefix-length /48
169. }
170. rapid-commit enable
171. }
172. duplex auto
173. firewall {
174. in {
175. ipv6-name WANv6_IN
176. name WAN_IN
177. }
178. local {
179. ipv6-name WANv6_LOCAL
180. name WAN_LOCAL
181. }
182. }
183. speed auto
184. }
185. ethernet eth1 {
186. address 192.168.1.1/24
187. description Local
188. duplex auto
189. speed auto
190. }
191. ethernet eth2 {
192. address 192.168.2.1/24
193. description "Local 2"
194. duplex auto
195. speed auto
196. }
197. ethernet eth3 {
198. duplex auto
199. speed auto
200. }
201. loopback lo {
202. }
203. }
204. port-forward {
205. auto-firewall enable
206. hairpin-nat enable
207. lan-interface eth2
208. rule 1 {
209. description "Xbox one"
210. forward-to {
211. address 192.168.1.128
212. port 3074
213. }
214. original-port 88,3074,53,80,500,3544,4500
215. protocol tcp_udp
216. }
217. wan-interface eth0
218. }
219. service {
220. dhcp-server {
221. disabled false
222. hostfile-update disable
223. shared-network-name LAN1 {
224. authoritative enable
225. subnet 192.168.1.0/24 {
226. default-router 192.168.1.1
227. dns-server 192.168.1.1
228. lease 86400
229. start 192.168.1.38 {
230. stop 192.168.1.243
231. }
232. static-mapping XboxOne {
233. ip-address 192.168.1.128
234. mac-address xxxx
235. }
236. static-mapping amazon-fireTV {
237. ip-address 192.168.1.127
238. mac-address xxxx
239. }
240. }
241. }
242. shared-network-name LAN2 {
243. authoritative enable
244. subnet 192.168.2.0/24 {
245. default-router 192.168.2.1
246. dns-server 192.168.2.1
247. lease 86400
248. start 192.168.2.38 {
249. stop 192.168.2.243
250. }
251. static-mapping PC {
252. ip-address 192.168.2.38
253. mac-address xxxxx
254. }
255. }
256. }
257. static-arp disable
258. use-dnsmasq disable
259. }
260. dns {
261. forwarding {
262. cache-size 150
263. listen-on eth1
264. listen-on eth2
265. }
266. }
267. gui {
268. http-port 80
269. https-port 443
270. older-ciphers enable
271. }
272. nat {
273. rule 5010 {
274. description "masquerade for WAN"
275. outbound-interface eth0
276. type masquerade
277. }
278. }
279. ssh {
280. port 22
281. protocol-version v2
282. }
283. }
284. system {
285. host-name ubnt
286. login {
287. user madman {
288. authentication {
289. encrypted-password ****************
290. }
291. level admin
292. }
293. }
294. ntp {
295. server 0.ubnt.pool.ntp.org {
296. }
297. server 1.ubnt.pool.ntp.org {
298. }
299. server 2.ubnt.pool.ntp.org {
300. }
301. server 3.ubnt.pool.ntp.org {
302. }
303. }
304. syslog {
305. global {
306. facility all {
307. level notice
308. }
309. facility protocols {
310. level debug
311. }
312. }
313. }
314. time-zone UTC
315. }