firewall { all-ping enable broadcast-ping disable ipv6-receive-re

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 10 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 20 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 10 {
31. action accept
32. description "Allow established/related"
33. state {
34. established enable
35. related enable
36. }
37. }
38. rule 20 {
39. action drop
40. description "Drop invalid state"
41. state {
42. invalid enable
43. }
44. }
45. }
46. receive-redirects disable
47. send-redirects enable
48. source-validation disable
49. syn-cookies enable
50. }
51. interfaces {
52. ethernet eth0 {
53. duplex auto
54. speed auto
55. vif 4 {
56. address dhcp
57. description IP_TV
58. dhcp-options {
59. client-option "send vendor-class-identifier "IPTV_RG";"
60. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
61. default-route no-update
62. default-route-distance 210
63. name-server update
64. }
65. mac 42:9C:A6:A5:E2:A1
66. }
67. vif 34 {
68. address dhcp
69. description Internet
70. dhcp-options {
71. default-route update
72. default-route-distance 1
73. name-server update
74. }
75. firewall {
76. in {
77. name WAN_IN
78. }
79. local {
80. name WAN_LOCAL
81. }
82. }
83. mac 42:9C:A6:A5:E2:9F
84. }
85. }
86. ethernet eth1 {
87. address 192.168.1.1/24
88. description "Local 2"
89. duplex auto
90. speed auto
91. }
92. ethernet eth2 {
93. description Local
94. duplex auto
95. speed auto
96. }
97. ethernet eth3 {
98. description Local
99. duplex auto
100. speed auto
101. }
102. ethernet eth4 {
103. description Local
104. duplex auto
105. poe {
106. output pthru
107. }
108. speed auto
109. }
110. loopback lo {
111. }
112. switch switch0 {
113. address 192.168.3.1/24
114. description Local
115. mtu 1500
116. switch-port {
117. interface eth2 {
118. }
119. interface eth3 {
120. }
121. interface eth4 {
122. }
123. vlan-aware disable
124. }
125. }
126. }
127. load-balance {
128. }
129. protocols {
130. igmp-proxy {
131. interface eth0.4 {
132. alt-subnet 0.0.0.0/0
133. role upstream
134. threshold 1
135. }
136. interface eth1 {
137. alt-subnet 0.0.0.0/0
138. role downstream
139. threshold 1
140. }
141. }
142. static {
143. route 213.75.112.0/21 {
144. next-hop 10.242.176.1 {
145. }
146. }
147. }
148. }
149. service {
150. dhcp-server {
151. disabled false
152. global-parameters "option vendor-class-identifier code 60 = string;"
153. global-parameters "option broadcast-address code 28 = ip-address;"
154. hostfile-update disable
155. shared-network-name LAN1 {
156. authoritative enable
157. subnet 192.168.1.0/24 {
158. default-router 192.168.1.1
159. dns-server 192.168.1.1
160. lease 86400
161. start 192.168.1.38 {
162. stop 192.168.1.243
163. }
164. subnet-parameters "option vendor-class-identifier "IPTV_RG";"
165. subnet-parameters "option broadcast-address 192.168.1.255;"
166. }
167. }
168. shared-network-name LAN2 {
169. authoritative enable
170. subnet 192.168.3.0/24 {
171. default-router 192.168.3.1
172. dns-server 192.168.3.1
173. lease 86400
174. start 192.168.3.38 {
175. stop 192.168.3.243
176. }
177. }
178. }
179. static-arp disable
180. use-dnsmasq disable
181. }
182. dns {
183. forwarding {
184. cache-size 150
185. listen-on eth1
186. listen-on switch0
187. }
188. }
189. gui {
190. http-port 80
191. https-port 443
192. older-ciphers enable
193. }
194. nat {
195. rule 5000 {
196. description "masquerade to IPTV network"
197. destination {
198. address 213.75.112.0/21
199. }
200. log disable
201. outbound-interface eth0.4
202. protocol all
203. type masquerade
204. }
205. rule 5010 {
206. description "masquerade for WAN"
207. outbound-interface eth0.34
208. type masquerade
209. }
210. }
211. ssh {
212. port 22
213. protocol-version v2
214. }
215. }
216. system {
217. host-name ubnt
218. login {
219. user ubnt {
220. authentication {
221. encrypted-password $6$CmXAf5dF4ouandJ/$H8Cd.lvZcLShGIIXjcdb7WQkh4ayvzOw7e1uJ.Z75hg2TIAQEXaOJ.0nms70WYiNgulIXWChUHr9rTtBOe3Ej/
222. }
223. level admin
224. }
225. }
226. ntp {
227. server 0.ubnt.pool.ntp.org {
228. }
229. server 1.ubnt.pool.ntp.org {
230. }
231. server 2.ubnt.pool.ntp.org {
232. }
233. server 3.ubnt.pool.ntp.org {
234. }
235. }
236. syslog {
237. global {
238. facility all {
239. level notice
240. }
241. facility protocols {
242. level debug
243. }
244. }
245. }
246. time-zone UTC
247. }
248.  
249.  
250. /* Warning: Do not remove the following line. */
251. /* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
252. /* Release version: v1.10.7.5127989.181001.1227 */