Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-name WANv6_IN {
- default-action drop
- description "WAN inbound traffic forwarded to LAN"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related sessions"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- :
- firewall {
- all-ping enable
- broadcast-ping disable
- ipv6-name WANv6_IN {
- default-action drop
- description "WAN inbound traffic forwarded to LAN"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related sessions"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- ipv6-name WANv6_LOCAL {
- default-action drop
- description "WAN inbound traffic to the router"
- enable-default-log
- rule 10 {
- action accept
- description "Allow established/related sessions"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- rule 30 {
- action accept
- description "Allow IPv6 icmp"
- protocol ipv6-icmp
- }
- rule 40 {
- action accept
- description "allow dhcpv6"
- destination {
- port 546
- }
- protocol udp
- source {
- port 547
- }
- }
- }
- ipv6-receive-redirects disable
- ipv6-src-route disable
- ip-src-route disable
- log-martians enable
- name WAN_IN {
- default-action drop
- description "WAN to internal"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- name WAN_LOCAL {
- default-action drop
- description "WAN to router"
- rule 10 {
- action accept
- description "Allow established/related"
- state {
- established enable
- related enable
- }
- }
- rule 20 {
- action accept
- description "Allow VPN Ping"
- destination {
- address 192.168.1.0/24
- }
- ipsec {
- match-ipsec
- }
- log disable
- protocol icmp
- source {
- address 192.168.2.0/24
- }
- state {
- established enable
- invalid disable
- new enable
- related enable
- }
- }
- rule 30 {
- action drop
- description "Drop invalid state"
- state {
- invalid enable
- }
- }
- }
- receive-redirects disable
- send-redirects enable
- source-validation disable
- syn-cookies enable
- }
- interfaces {
- ethernet eth0 {
- address dhcp
- description Internet
- dhcpv6-pd {
- pd 0 {
- interface eth1 {
- host-address ::1
- prefix-id :1
- service slaac
- }
- interface eth2 {
- host-address ::1
- prefix-id :2
- service slaac
- }
- prefix-length /48
- }
- rapid-commit enable
- }
- duplex auto
- firewall {
- in {
- ipv6-name WANv6_IN
- name WAN_IN
- }
- local {
- ipv6-name WANv6_LOCAL
- name WAN_LOCAL
- }
- }
- speed auto
- }
- ethernet eth1 {
- address 192.168.1.1/24
- description Local
- duplex auto
- speed auto
- }
- ethernet eth2 {
- address 192.168.2.1/24
- description "Local 2"
- duplex auto
- speed auto
- }
- ethernet eth3 {
- duplex auto
- speed auto
- }
- loopback lo {
- }
- }
- port-forward {
- auto-firewall enable
- hairpin-nat enable
- lan-interface eth2
- rule 1 {
- description "Xbox one"
- forward-to {
- address 192.168.1.128
- port 3074
- }
- original-port 88,3074,53,80,500,3544,4500
- protocol tcp_udp
- }
- wan-interface eth0
- }
- service {
- dhcp-server {
- disabled false
- hostfile-update disable
- shared-network-name LAN1 {
- authoritative enable
- subnet 192.168.1.0/24 {
- default-router 192.168.1.1
- dns-server 192.168.1.1
- lease 86400
- start 192.168.1.38 {
- stop 192.168.1.243
- }
- static-mapping XboxOne {
- ip-address 192.168.1.128
- mac-address xxxx
- }
- static-mapping amazon-fireTV {
- ip-address 192.168.1.127
- mac-address xxxx
- }
- }
- }
- shared-network-name LAN2 {
- authoritative enable
- subnet 192.168.2.0/24 {
- default-router 192.168.2.1
- dns-server 192.168.2.1
- lease 86400
- start 192.168.2.38 {
- stop 192.168.2.243
- }
- static-mapping PC {
- ip-address 192.168.2.38
- mac-address xxxxx
- }
- }
- }
- static-arp disable
- use-dnsmasq disable
- }
- dns {
- forwarding {
- cache-size 150
- listen-on eth1
- listen-on eth2
- }
- }
- gui {
- http-port 80
- https-port 443
- older-ciphers enable
- }
- nat {
- rule 5010 {
- description "masquerade for WAN"
- outbound-interface eth0
- type masquerade
- }
- }
- ssh {
- port 22
- protocol-version v2
- }
- }
- system {
- host-name ubnt
- login {
- user madman {
- authentication {
- encrypted-password ****************
- }
- level admin
- }
- }
- ntp {
- server 0.ubnt.pool.ntp.org {
- }
- server 1.ubnt.pool.ntp.org {
- }
- server 2.ubnt.pool.ntp.org {
- }
- server 3.ubnt.pool.ntp.org {
- }
- }
- syslog {
- global {
- facility all {
- level notice
- }
- facility protocols {
- level debug
- }
- }
- }
- time-zone UTC
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement