API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 16th, 2017
847
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.46 KB | None | 0 0
raw download clone embed print report
  1. firewall {
  2. all-ping enable
  3. broadcast-ping disable
  4. ipv6-name WANv6_IN {
  5. default-action drop
  6. description "WAN inbound traffic forwarded to LAN"
  7. enable-default-log
  8. rule 10 {
  9. action accept
  10. description "Allow established/related sessions"
  11. state {
  12. established enable
  13. related enable
  14. }
  15. }
  16. rule 20 {
  17. action drop
  18. description "Drop invalid state"
  19. state {
  20. invalid enable
  21. }
  22. }
  23. }
  24. ipv6-name WANv6_LOCAL {
  25. default-action drop
  26. description "WAN inbound traffic to the router"
  27. enable-default-log
  28. rule 10 {
  29. action accept
  30. description "Allow established/related sessions"
  31. state {
  32. established enable
  33. related enable
  34. }
  35. }
  36. rule 20 {
  37. action drop
  38. description "Drop invalid state"
  39. state {
  40. invalid enable
  41. }
  42. }
  43. rule 30 {
  44. action accept
  45. description "Allow IPv6 icmp"
  46. protocol ipv6-icmp
  47. }
  48. rule 40 {
  49. action accept
  50. description "allow dhcpv6"
  51. destination {
  52. port 546
  53. }
  54. protocol udp
  55. source {
  56. port 547
  57. }
  58. }
  59. }
  60. ipv6-receive-redirects disable
  61. ipv6-src-route disable
  62. ip-src-route disable
  63. log-martians enable
  64. name WAN_IN {
  65. default-action drop
  66. description "WAN to Internal"
  67. enable-default-log
  68. rule 10 {
  69. action accept
  70. description "Allow established/related"
  71. log enable
  72. protocol all
  73. state {
  74. established enable
  75. invalid disable
  76. new disable
  77. related enable
  78. }
  79. }
  80. rule 20 {
  81. action drop
  82. description "Drop invalid state"
  83. log enable
  84. protocol all
  85. state {
  86. established disable
  87. invalid enable
  88. new disable
  89. related disable
  90. }
  91. }
  92. }
  93. name WAN_LOCAL {
  94. default-action drop
  95. description "WAN to router"
  96. enable-default-log
  97. rule 10 {
  98. action accept
  99. description "Allow established/related"
  100. log disable
  101. protocol all
  102. state {
  103. established enable
  104. invalid disable
  105. new disable
  106. related enable
  107. }
  108. }
  109. rule 20 {
  110. action drop
  111. description "Drop invalid state"
  112. log disable
  113. protocol all
  114. state {
  115. established disable
  116. invalid enable
  117. new disable
  118. related disable
  119. }
  120. }
  121. }
  122. options {
  123. }
  124. receive-redirects disable
  125. send-redirects enable
  126. source-validation disable
  127. syn-cookies enable
  128. }
  129. interfaces {
  130. bridge br0 {
  131. aging 300
  132. bridged-conntrack disable
  133. description "br0 - Telefonie"
  134. hello-time 2
  135. max-age 20
  136. priority 32768
  137. promiscuous disable
  138. stp false
  139. }
  140. ethernet eth2 {
  141. description "eth2 - FTTH"
  142. duplex auto
  143. mtu 1512
  144. speed auto
  145. vif 4 {
  146. address dhcp
  147. description "eth2.4 - IPTV"
  148. dhcp-options {
  149. client-option "send vendor-class-identifier "IPTV_RG";"
  150. client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
  151. default-route no-update
  152. default-route-distance 210
  153. name-server update
  154. }
  155. }
  156. vif 6 {
  157. description "eth2.6 - Internet"
  158. mtu 1508
  159. pppoe 0 {
  160. default-route auto
  161. dhcpv6-pd {
  162. no-dns
  163. pd 0 {
  164. interface eth0 {
  165. prefix-id :1
  166. service slaac
  167. }
  168. prefix-length /48
  169. }
  170. rapid-commit disable
  171. }
  172. firewall {
  173. in {
  174. ipv6-name WANv6_IN
  175. name WAN_IN
  176. }
  177. local {
  178. ipv6-name WANv6_LOCAL
  179. name WAN_LOCAL
  180. }
  181. }
  182. idle-timeout 180
  183. ipv6 {
  184. address {
  185. autoconf
  186. }
  187. dup-addr-detect-transmits 1
  188. enable {
  189. }
  190. }
  191. mtu 1500
  192. name-server auto
  193. password kpn
  194. user-id 00-4A-77-59-C4-14@internet
  195. }
  196. }
  197. }
  198. ethernet eth0 {
  199. address 192.168.2.254/24
  200. description "eth0 - LAN"
  201. duplex auto
  202. ipv6 {
  203. dup-addr-detect-transmits 1
  204. router-advert {
  205. cur-hop-limit 64
  206. link-mtu 0
  207. managed-flag false
  208. max-interval 600
  209. name-server 2001:4860:4860::8888
  210. name-server 2001:4860:4860::8844
  211. other-config-flag false
  212. prefix ::/64 {
  213. autonomous-flag true
  214. on-link-flag true
  215. valid-lifetime 2592000
  216. }
  217. radvd-options "RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 {};"
  218. reachable-time 0
  219. retrans-timer 0
  220. send-advert true
  221. }
  222. }
  223. speed auto
  224. }
  225. loopback lo {
  226. }
  227. }
  228. protocols {
  229. igmp-proxy {
  230. interface eth2.4 {
  231. alt-subnet 0.0.0.0/0
  232. role upstream
  233. threshold 1
  234. }
  235. interface eth0 {
  236. alt-subnet 0.0.0.0/0
  237. role downstream
  238. threshold 1
  239. }
  240. }
  241. static {
  242. interface-route6 ::/0 {
  243. next-hop-interface pppoe0 {
  244. }
  245. }
  246. route 213.75.112.0/21 {
  247. next-hop 10.39.164.1 {
  248. }
  249. }
  250. }
  251. }
  252. service {
  253. dhcp-server {
  254. disabled false
  255. global-parameters "option vendor-class-identifier code 60 = string;"
  256. global-parameters "option broadcast-address code 28 = ip-address;"
  257. hostfile-update disable
  258. shared-network-name LAN {
  259. authoritative enable
  260. subnet 192.168.2.0/24 {
  261. default-router 192.168.2.254
  262. dns-server 8.8.8.8
  263. dns-server 8.8.4.4
  264. lease 86400
  265. start 192.168.2.100 {
  266. stop 192.168.2.250
  267. }
  268. }
  269. }
  270. }
  271. dns {
  272. forwarding {
  273. cache-size 150
  274. listen-on eth0
  275. name-server 8.8.8.8
  276. name-server 8.8.4.4
  277. options listen-address=192.168.2.254
  278. }
  279. }
  280. gui {
  281. https-port 443
  282. }
  283. nat {
  284. rule 5000 {
  285. description IPTV
  286. destination {
  287. address 213.75.112.0/21
  288. }
  289. log disable
  290. outbound-interface eth2.4
  291. protocol all
  292. source {
  293. }
  294. type masquerade
  295. }
  296. rule 5010 {
  297. description "KPN Internet"
  298. log enable
  299. outbound-interface pppoe0
  300. protocol all
  301. source {
  302. address 192.168.2.0/24
  303. }
  304. type masquerade
  305. }
  306. }
  307. ssh {
  308. port 22
  309. protocol-version v2
  310. }
  311. }
  312. system {
  313. host-name ubnt
  314. name-server 2001:4860:4860::8888
  315. name-server 2001:4860:4860::8844
  316. name-server 8.8.8.8
  317. name-server 8.8.4.4
  318. ntp {
  319. server 0.ubnt.pool.ntp.org {
  320. }
  321. server 1.ubnt.pool.ntp.org {
  322. }
  323. server 2.ubnt.pool.ntp.org {
  324. }
  325. server 3.ubnt.pool.ntp.org {
  326. }
  327. }
  328. offload {
  329. ipv4 {
  330. forwarding enable
  331. pppoe enable
  332. vlan enable
  333. }
  334. ipv6 {
  335. forwarding enable
  336. pppoe enable
  337. }
  338. }
  339. package {
  340. repository wheezy {
  341. components "main contrib non-free"
  342. distribution wheezy
  343. password ""
  344. url http://mirror.leaseweb.com/debian
  345. username ""
  346. }
  347. repository wheezy-security {
  348. components main
  349. distribution wheezy/updates
  350. password ""
  351. url http://security.debian.org
  352. username ""
  353. }
  354. }
  355. syslog {
  356. global {
  357. facility all {
  358. level notice
  359. }
  360. facility protocols {
  361. level debug
  362. }
  363. }
  364. }
  365. time-zone UTC
  366. traffic-analysis {
  367. dpi enable
  368. export enable
  369. }
  370. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!