Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "firewall": {
- "all-ping": "enable",
- "broadcast-ping": "disable",
- "group": {
- "address-group": {
- "GUEST_SUBNET": {
- "address": [
- "10.50.2.1-10.50.2.254"
- ],
- "description": "customized"
- },
- "OpenDNS_SERVERS": {
- "address": [
- "208.67.222.222",
- "208.67.220.220"
- ],
- "description": "customized"
- },
- "RyanTest": {
- "address": [
- "70.47.178.150"
- ],
- "description": "customized"
- },
- "authorized_guests": {
- "description": "authorized guests MAC addresses"
- },
- "googledns": {
- "address": [
- "8.8.8.8",
- "8.8.4.4"
- ],
- "description": "customized"
- },
- "guest_allow_addresses": {
- "description": "allow addresses for guests"
- },
- "guest_allow_dns_servers": {
- "description": "allow dns servers for guests"
- },
- "guest_portal_address": {
- "description": "guest portal address"
- },
- "guest_restricted_addresses": {
- "address": [
- "192.168.0.0/16",
- "172.16.0.0/12",
- "10.0.0.0/8"
- ],
- "description": "restricted addresses for guests"
- },
- "unifi_controller_addresses": {
- "address": [
- "10.29.1.250"
- ]
- },
- "voip_sip_server_addresses": {
- "description": "VOIP SIP server addresses"
- }
- },
- "network-group": {
- "captive_portal_subnets": {
- "description": "captive portal subnets"
- },
- "corporate_network": {
- "description": "corporate subnets",
- "network": [
- "10.50.1.0/24"
- ]
- },
- "guest_allow_subnets": {
- "description": "allow subnets for guests"
- },
- "guest_network": {
- "description": "guest subnets",
- "network": [
- "10.50.2.0/24"
- ]
- },
- "guest_restricted_subnets": {
- "description": "restricted subnets for guests"
- },
- "remote_user_vpn_network": {
- "description": "remote user vpn subnets"
- },
- "voip_network": {
- "description": "voip subnets"
- }
- },
- "port-group": {
- "DNS_PORT": {
- "description": "customized",
- "port": [
- "53"
- ]
- },
- "guest_portal_ports": {
- "description": "guest portal ports"
- },
- "guest_portal_redirector_ports": {
- "description": "guest portal redirector ports",
- "port": [
- "39080"
- ]
- },
- "unifi_controller_ports-tcp": {
- "description": "unifi tcp ports",
- "port": [
- "8080"
- ]
- },
- "unifi_controller_ports-udp": {
- "description": "unifi udp ports",
- "port": [
- "3478"
- ]
- },
- "voip_sip_server_ports": {
- "description": "voip sip server udp ports",
- "port": [
- "5060",
- "10000-10100"
- ]
- }
- }
- },
- "ip-src-route": "disable",
- "ipv6-receive-redirects": "disable",
- "ipv6-src-route": "disable",
- "log-martians": "enable",
- "name": {
- "AUTHORIZED_GUESTS": {
- "default-action": "drop",
- "description": "authorization check packets from guest network"
- },
- "GUEST_IN": {
- "default-action": "accept",
- "description": "packets from guest network",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow DNS packets to external name servers",
- "destination": {
- "port": "53"
- },
- "protocol": "udp"
- },
- "3002": {
- "action": "accept",
- "description": "allow packets to captive portal",
- "destination": {
- "group": {
- "network-group": "captive_portal_subnets"
- },
- "port": "443"
- },
- "protocol": "tcp"
- },
- "3003": {
- "action": "accept",
- "description": "allow packets to allow subnets",
- "destination": {
- "group": {
- "address-group": "guest_allow_addresses"
- }
- }
- },
- "3004": {
- "action": "drop",
- "description": "drop packets to restricted subnets",
- "destination": {
- "group": {
- "address-group": "guest_restricted_addresses"
- }
- }
- },
- "3005": {
- "action": "drop",
- "description": "drop packets to intranet",
- "destination": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3006": {
- "action": "drop",
- "description": "drop packets to voip",
- "destination": {
- "group": {
- "network-group": "voip_network"
- }
- }
- },
- "3007": {
- "action": "drop",
- "description": "drop packets to remote user",
- "destination": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- }
- },
- "3008": {
- "action": "drop",
- "description": "authorized guests white list",
- "destination": {
- "group": {
- "address-group": "authorized_guests"
- }
- }
- },
- "6001": {
- "action": "accept",
- "description": "accounting defined network 10.50.2.0/24",
- "source": {
- "address": "10.50.2.0/24"
- }
- },
- "88": {
- "action": "accept",
- "description": "allow open dns ns1",
- "destination": {
- "address": "208.67.222.222"
- },
- "log": "disable",
- "protocol": "tcp_udp"
- },
- "89": {
- "action": "accept",
- "description": "allow open dns ns2",
- "destination": {
- "address": "208.67.222.220"
- },
- "log": "disable",
- "protocol": "tcp_udp"
- },
- "90": {
- "action": "drop",
- "description": "Block all other DNS",
- "destination": {
- "port": "53"
- },
- "log": "disable",
- "protocol": "tcp_udp"
- }
- }
- },
- "GUEST_LOCAL": {
- "default-action": "drop",
- "description": "packets from guest network to gateway",
- "rule": {
- "2002": {
- "action": "drop",
- "description": "block guest to spin network",
- "destination": {
- "group": {
- "address-group": "ADDRv4_eth1"
- }
- },
- "protocol": "all"
- },
- "3001": {
- "action": "accept",
- "description": "allow DNS",
- "destination": {
- "port": "53"
- },
- "protocol": "udp"
- },
- "3002": {
- "action": "accept",
- "description": "allow ICMP",
- "protocol": "icmp"
- }
- }
- },
- "GUEST_OUT": {
- "default-action": "accept",
- "description": "packets forward to guest network",
- "rule": {
- "2001": {
- "action": "drop",
- "description": "blcok guest to spin network",
- "destination": {
- "group": {
- "address-group": "ADDRv4_eth1"
- }
- },
- "protocol": "all"
- },
- "6001": {
- "action": "accept",
- "description": "accounting defined network 10.50.2.0/24",
- "destination": {
- "address": "10.50.2.0/24"
- }
- }
- }
- },
- "LAN_IN": {
- "default-action": "accept",
- "description": "packets from intranet",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "packets from unifi to voip",
- "destination": {
- "group": {
- "network-group": "voip_network"
- }
- },
- "source": {
- "group": {
- "address-group": "unifi_controller_addresses"
- }
- }
- },
- "3002": {
- "action": "drop",
- "description": "packets from intranet to voip",
- "destination": {
- "group": {
- "network-group": "voip_network"
- }
- }
- },
- "6001": {
- "action": "accept",
- "description": "accounting defined network 10.50.1.0/24",
- "source": {
- "address": "10.50.1.0/24"
- }
- }
- }
- },
- "LAN_LOCAL": {
- "default-action": "accept",
- "description": "packets from intranet to gateway",
- "rule": {
- "2000": {
- "action": "drop",
- "description": "RyanTEst2",
- "destination": {
- "group": {
- "address-group": "RyanTest"
- }
- },
- "protocol": "tcp"
- }
- }
- },
- "LAN_OUT": {
- "default-action": "accept",
- "description": "packets forward to intranet",
- "rule": {
- "2000": {
- "action": "drop",
- "description": "dns block",
- "destination": {
- "group": {
- "address-group": "ADDRv4_eth1.20"
- }
- },
- "protocol": "all",
- "source": {
- "group": {
- "port-group": "DNS_PORT"
- }
- }
- },
- "6001": {
- "action": "accept",
- "description": "accounting defined network 10.50.1.0/24",
- "destination": {
- "address": "10.50.1.0/24"
- }
- }
- }
- },
- "VOIP_IN": {
- "default-action": "accept",
- "description": "packets from voip to intranet",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "icmp to unifi",
- "destination": {
- "group": {
- "address-group": "unifi_controller_addresses"
- }
- },
- "protocol": "icmp"
- },
- "3002": {
- "action": "accept",
- "description": "inform to unifi",
- "destination": {
- "group": {
- "address-group": "unifi_controller_addresses",
- "port-group": "unifi_controller_ports-tcp"
- }
- },
- "protocol": "tcp"
- },
- "3003": {
- "action": "accept",
- "description": "stun to unifi",
- "destination": {
- "group": {
- "address-group": "unifi_controller_addresses",
- "port-group": "unifi_controller_ports-udp"
- }
- },
- "protocol": "udp"
- },
- "3004": {
- "action": "accept",
- "description": "allow established/related sessions",
- "destination": {
- "group": {
- "address-group": "unifi_controller_addresses"
- }
- },
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3005": {
- "action": "drop",
- "description": "drop invalid state",
- "destination": {
- "group": {
- "address-group": "unifi_controller_addresses"
- }
- },
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- },
- "3006": {
- "action": "drop",
- "description": "drop VoIP to LAN traffic",
- "destination": {
- "group": {
- "network-group": "corporate_network"
- }
- }
- },
- "3007": {
- "action": "drop",
- "description": "drop VoIP to GUEST traffic",
- "destination": {
- "group": {
- "network-group": "guest_network"
- }
- }
- },
- "3008": {
- "action": "drop",
- "description": "drop VoIP to REMOTE USER traffic",
- "destination": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- }
- }
- }
- },
- "VOIP_LOCAL": {
- "default-action": "drop",
- "description": "packets from voip to gateway",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow DNS",
- "destination": {
- "port": "53"
- },
- "protocol": "udp"
- },
- "3002": {
- "action": "accept",
- "description": "allow ICMP",
- "protocol": "icmp"
- },
- "3003": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3004": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- }
- }
- },
- "VOIP_OUT": {
- "default-action": "accept",
- "description": "packets forward to voip"
- },
- "WAN_IN": {
- "default-action": "drop",
- "description": "packets from internet to intranet",
- "rule": {
- "2000": {
- "action": "reject",
- "description": "block all traffic",
- "destination": {
- "group": {
- "port-group": "DNS_PORT"
- }
- },
- "protocol": "all",
- "source": {
- "group": {
- "address-group": "ADDRv4_eth1.20"
- }
- }
- },
- "3001": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3002": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- }
- }
- },
- "WAN_LOCAL": {
- "default-action": "drop",
- "description": "packets from internet to gateway",
- "rule": {
- "3001": {
- "action": "accept",
- "description": "allow established/related sessions",
- "state": {
- "established": "enable",
- "invalid": "disable",
- "new": "disable",
- "related": "enable"
- }
- },
- "3002": {
- "action": "drop",
- "description": "drop invalid state",
- "state": {
- "established": "disable",
- "invalid": "enable",
- "new": "disable",
- "related": "disable"
- }
- },
- "3003": {
- "action": "accept",
- "description": "allow ICMP",
- "protocol": "icmp"
- }
- }
- }
- },
- "options": {
- "mss-clamp": {
- "interface-type": [
- "pppoe",
- "pptp"
- ],
- "mss": "1412"
- }
- },
- "receive-redirects": "disable",
- "send-redirects": "enable",
- "source-validation": "disable",
- "syn-cookies": "enable"
- },
- "interfaces": {
- "ethernet": {
- "eth0": {
- "address": [
- "dhcp"
- ],
- "dhcp-options": {
- "client-option": [
- "retry 60;"
- ],
- "default-route": "update",
- "default-route-distance": "210",
- "name-server": "no-update"
- },
- "duplex": "auto",
- "firewall": {
- "in": {
- "name": "WAN_IN"
- },
- "local": {
- "name": "WAN_LOCAL"
- }
- },
- "speed": "auto"
- },
- "eth1": {
- "address": [
- "10.50.1.1/24"
- ],
- "duplex": "auto",
- "firewall": {
- "in": {
- "name": "LAN_IN"
- },
- "local": {
- "name": "LAN_LOCAL"
- },
- "out": {
- "name": "LAN_OUT"
- }
- },
- "speed": "auto",
- "vif": {
- "20": {
- "address": [
- "10.50.2.1/24"
- ],
- "firewall": {
- "in": {
- "name": "GUEST_IN"
- },
- "local": {
- "name": "GUEST_LOCAL"
- },
- "out": {
- "name": "GUEST_OUT"
- }
- }
- }
- }
- },
- "eth2": {
- "disable": "''",
- "duplex": "auto",
- "speed": "auto"
- }
- },
- "loopback": {
- "lo": "''"
- }
- },
- "port-forward": {
- "auto-firewall": "disable",
- "hairpin-nat": "enable",
- "lan-interface": [
- "eth1"
- ],
- "wan-interface": "eth0"
- },
- "service": {
- "dhcp-server": {
- "disabled": "false",
- "hostfile-update": "enable",
- "shared-network-name": {
- "SPIN_NETWORK_10.50.1.0-24": {
- "authoritative": "enable",
- "description": "vlan1",
- "subnet": {
- "10.50.1.0/24": {
- "default-router": "10.50.1.1",
- "dns-server": [
- "8.8.8.8",
- "8.8.4.4"
- ],
- "lease": "86400",
- "start": {
- "10.50.1.6": {
- "stop": "10.50.1.254"
- }
- }
- }
- }
- },
- "wifi_guest_10.50.2.0-24": {
- "authoritative": "enable",
- "description": "vlan20",
- "subnet": {
- "10.50.2.0/24": {
- "default-router": "10.50.2.1",
- "dns-server": [
- "208.67.222.222",
- "208.67.220.220"
- ],
- "lease": "2700",
- "start": {
- "10.50.2.6": {
- "stop": "10.50.2.254"
- }
- }
- }
- }
- }
- }
- },
- "dns": {
- "forwarding": {
- "cache-size": "500",
- "except-interface": [
- "eth0"
- ],
- "options": [
- "host-record=unifi,10.29.1.250"
- ]
- }
- },
- "gui": {
- "https-port": "443"
- },
- "lldp": {
- "interface": {
- "eth0": {
- "disable": "''"
- }
- }
- },
- "nat": {
- "rule": {
- "6001": {
- "description": "MASQ corporate_network to WAN",
- "log": "disable",
- "outbound-interface": "eth0",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "corporate_network"
- }
- },
- "type": "masquerade"
- },
- "6002": {
- "description": "MASQ voip_network to WAN",
- "log": "disable",
- "outbound-interface": "eth0",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "voip_network"
- }
- },
- "type": "masquerade"
- },
- "6003": {
- "description": "MASQ remote_user_vpn_network to WAN",
- "log": "disable",
- "outbound-interface": "eth0",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "remote_user_vpn_network"
- }
- },
- "type": "masquerade"
- },
- "6004": {
- "description": "MASQ guest_network to WAN",
- "log": "disable",
- "outbound-interface": "eth0",
- "protocol": "all",
- "source": {
- "group": {
- "network-group": "guest_network"
- }
- },
- "type": "masquerade"
- }
- }
- },
- "ssh": {
- "port": "22",
- "protocol-version": "v2"
- }
- },
- "system": {
- "host-name": "ubnt",
- "login": {
- "user": {
- "admin": {
- "authentication": {
- "encrypted-password": "$1$ZuCuMuwt$aGx0O2S7wRZkUWDzXKQ1i/"
- },
- "level": "admin"
- }
- }
- },
- "name-server": [
- "8.8.8.8"
- ],
- "ntp": {
- "server": {
- "0.ubnt.pool.ntp.org": "''"
- }
- },
- "offload": {
- "ipsec": "enable",
- "ipv4": {
- "forwarding": "enable",
- "pppoe": "enable",
- "vlan": "enable"
- },
- "ipv6": {
- "forwarding": "enable",
- "vlan": "enable"
- }
- },
- "static-host-mapping": {
- "host-name": {
- "setup.ubnt.com": {
- "alias": [
- "setup"
- ],
- "inet": [
- "10.50.1.1"
- ]
- }
- }
- },
- "syslog": {
- "global": {
- "facility": {
- "all": {
- "level": "notice"
- },
- "protocols": {
- "level": "debug"
- }
- }
- }
- },
- "time-zone": "America/New_York",
- "traffic-analysis": {
- "dpi": "disable"
- }
- },
- "unifi": {
- "mgmt": {
- "cfgversion": "477a718272a15f9f"
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement