firewall { all-ping enable broadcast-ping disable ipv6-receive-re

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name LAN1_IN {
9. default-action accept
10. description ""
11. rule 1 {
12. action accept
13. log disable
14. protocol all
15. }
16. }
17. name WAN_IN {
18. default-action drop
19. description "WAN to internal"
20. rule 10 {
21. action accept
22. description "Allow established/related"
23. state {
24. established enable
25. related enable
26. }
27. }
28. rule 20 {
29. action drop
30. description "Drop invalid state"
31. state {
32. invalid enable
33. }
34. }
35. rule 21 {
36. action accept
37. description iptv
38. destination {
39. address 0.0.0.0/0
40. }
41. log enable
42. protocol udp
43. source {
44. address 203.167.247.45/32
45. }
46. }
47. rule 22 {
48. action accept
49. description iptv2
50. destination {
51. address 224.0.0.1
52. }
53. log enable
54. protocol igmp
55. source {
56. address 10.0.0.2
57. }
58. }
59. }
60. name WAN_LOCAL {
61. default-action drop
62. description "WAN to router"
63. rule 10 {
64. action accept
65. description "Allow established/related"
66. state {
67. established enable
68. related enable
69. }
70. }
71. rule 20 {
72. action drop
73. description "Drop invalid state"
74. state {
75. invalid enable
76. }
77. }
78. }
79. receive-redirects disable
80. send-redirects enable
81. source-validation disable
82. syn-cookies enable
83. }
84. interfaces {
85. ethernet eth0 {
86. address dhcp
87. description Internet
88. duplex auto
89. firewall {
90. in {
91. name WAN_IN
92. }
93. local {
94. name WAN_LOCAL
95. }
96. }
97. poe {
98. output off
99. }
100. speed auto
101. vif 10 {
102. address dhcp
103. description "VLAN 10"
104. }
105. }
106. ethernet eth1 {
107. address 192.168.1.1/24
108. description Local
109. duplex auto
110. firewall {
111. in {
112. name LAN1_IN
113. }
114. out {
115. name LAN1_IN
116. }
117. }
118. poe {
119. output off
120. }
121. speed auto
122. }
123. ethernet eth2 {
124. description "Local 2"
125. duplex auto
126. poe {
127. output off
128. }
129. speed auto
130. }
131. ethernet eth3 {
132. description "Local 2"
133. duplex auto
134. poe {
135. output off
136. }
137. speed auto
138. }
139. ethernet eth4 {
140. description "Local 2"
141. duplex auto
142. poe {
143. output 24v
144. }
145. speed auto
146. }
147. loopback lo {
148. }
149. switch switch0 {
150. address 192.168.2.1/24
151. description "Local 2"
152. firewall {
153. in {
154. name LAN1_IN
155. }
156. out {
157. name LAN1_IN
158. }
159. }
160. mtu 1500
161. switch-port {
162. interface eth2 {
163. }
164. interface eth3 {
165. }
166. interface eth4 {
167. }
168. vlan-aware disable
169. }
170. }
171. }
172. port-forward {
173. auto-firewall enable
174. hairpin-nat enable
175. lan-interface eth1
176. lan-interface switch0
177. wan-interface eth0.10
178. }
179. protocols {
180. igmp-proxy {
181. interface eth0.10 {
182. alt-subnet 203.167.247.45/32
183. role upstream
184. threshold 1
185. }
186. interface eth2 {
187. alt-subnet 192.168.2.0/24
188. role downstream
189. threshold 1
190. }
191. interface eth3 {
192. alt-subnet 192.168.2.0/24
193. role downstream
194. threshold 1
195. }
196. }
197. }
198. service {
199. dhcp-server {
200. disabled false
201. hostfile-update disable
202. shared-network-name LAN1 {
203. authoritative disable
204. subnet 192.168.1.0/24 {
205. default-router 192.168.1.1
206. dns-server 192.168.1.1
207. lease 86400
208. start 192.168.1.38 {
209. stop 192.168.1.243
210. }
211. }
212. }
213. shared-network-name LAN2 {
214. authoritative disable
215. subnet 192.168.2.0/24 {
216. default-router 192.168.2.1
217. dns-server 192.168.2.1
218. lease 86400
219. start 192.168.2.38 {
220. stop 192.168.2.243
221. }
222. }
223. }
224. }
225. dns {
226. forwarding {
227. cache-size 150
228. listen-on eth1
229. listen-on switch0
230. }
231. }
232. gui {
233. http-port 80
234. https-port 443
235. older-ciphers enable
236. }
237. nat {
238. rule 5010 {
239. log disable
240. outbound-interface eth0.10
241. protocol all
242. type masquerade
243. }
244. }
245. ssh {
246. port 22
247. protocol-version v2
248. }
249. }
250. system {
251. host-name ubnt
252. login {
253. user ubnt {
254. authentication {
255. encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
256. }
257. level admin
258. }
259. }
260. ntp {
261. server 0.ubnt.pool.ntp.org {
262. }
263. server 1.ubnt.pool.ntp.org {
264. }
265. server 2.ubnt.pool.ntp.org {
266. }
267. server 3.ubnt.pool.ntp.org {
268. }
269. }
270. syslog {
271. global {
272. facility all {
273. level notice
274. }
275. facility protocols {
276. level debug
277. }
278. }
279. }
280. time-zone Pacific/Auckland
281. traffic-analysis {
282. dpi enable
283. export enable
284. }
285. }
286.  
287.  
288. /* Warning: Do not remove the following line. */
289. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
290. /* Release version: v1.8.5.4884695.160608.1057 */