Config

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 10 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 20 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 10 {
31. action accept
32. description "Allow established/related"
33. state {
34. established enable
35. related enable
36. }
37. }
38. rule 20 {
39. action drop
40. description "Drop invalid state"
41. state {
42. invalid enable
43. }
44. }
45. }
46. receive-redirects disable
47. send-redirects enable
48. source-validation disable
49. syn-cookies enable
50. }
51. interfaces {
52. bridge br0 {
53. address 10.0.1.1/24
54. description "Local Bridge"
55. promiscuous enable
56. }
57. ethernet eth0 {
58. address dhcp
59. description Internet
60. duplex auto
61. firewall {
62. in {
63. name WAN_IN
64. }
65. local {
66. name WAN_LOCAL
67. }
68. }
69. poe {
70. output off
71. }
72. speed auto
73. }
74. ethernet eth1 {
75. bridge-group {
76. bridge br0
77. }
78. description "Local Bridge"
79. duplex auto
80. poe {
81. output off
82. }
83. speed auto
84. }
85. ethernet eth2 {
86. description "Local Bridge"
87. duplex auto
88. poe {
89. output off
90. }
91. speed auto
92. }
93. ethernet eth3 {
94. description "Local Bridge"
95. duplex auto
96. poe {
97. output off
98. }
99. speed auto
100. }
101. ethernet eth4 {
102. description "Local Bridge"
103. duplex auto
104. poe {
105. output 48v
106. }
107. speed auto
108. }
109. loopback lo {
110. }
111. switch switch0 {
112. bridge-group {
113. bridge br0
114. }
115. description "Local Bridge"
116. switch-port {
117. interface eth2 {
118. }
119. interface eth3 {
120. }
121. interface eth4 {
122. }
123. }
124. }
125. }
126. service {
127. dhcp-server {
128. disabled false
129. hostfile-update disable
130. shared-network-name LAN_BR {
131. authoritative enable
132. subnet 10.0.1.0/24 {
133. default-router 10.0.1.1
134. dns-server 1.1.1.1
135. dns-server 1.0.0.1
136. lease 86400
137. start 10.0.1.100 {
138. stop 10.0.1.254
139. }
140. static-mapping Bishopi {
141. ip-address 10.0.1.101
142. mac-address ac:87:a3:0b:69:79
143. }
144. static-mapping Unifi_AP {
145. ip-address 10.0.1.100
146. mac-address fc:ec:da:19:a5:78
147. }
148. }
149. }
150. }
151. dns {
152. forwarding {
153. cache-size 150
154. listen-on br0
155. }
156. }
157. gui {
158. https-port 443
159. }
160. nat {
161. rule 5010 {
162. description "masquerade for WAN"
163. outbound-interface eth0
164. type masquerade
165. }
166. }
167. ssh {
168. port 22
169. protocol-version v2
170. }
171. unms {
172. disable
173. }
174. }
175. system {
176. host-name EdgeRouter
177. login {
178. user ***** {
179. authentication {
180. encrypted-password *****
181. }
182. level admin
183. }
184. }
185. ntp {
186. server 0.ubnt.pool.ntp.org {
187. }
188. server 1.ubnt.pool.ntp.org {
189. }
190. server 2.ubnt.pool.ntp.org {
191. }
192. server 3.ubnt.pool.ntp.org {
193. }
194. }
195. syslog {
196. global {
197. facility all {
198. level notice
199. }
200. facility protocols {
201. level debug
202. }
203. }
204. }
205. time-zone UTC
206. }