API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 20th, 2017
45
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.19 KB | None | 0 0
raw download clone embed print report
  1. network:
  2.  
  3. config interface 'loopback'
  4. option ifname 'lo'
  5. option proto 'static'
  6. option ipaddr '127.0.0.1'
  7. option netmask '255.0.0.0'
  8.  
  9. config globals 'globals'
  10. option ula_prefix 'fd9a:9147:4d5c::/48'
  11.  
  12. config interface 'lan'
  13. option type 'bridge'
  14. option ifname 'eth1'
  15. option proto 'static'
  16. option netmask '255.255.255.0'
  17. option ip6assign '60'
  18. option ipaddr '10.0.0.1'
  19.  
  20. config interface 'wan2'
  21. option _orig_ifname 'eth0'
  22. option _orig_bridge 'false'
  23. option proto 'pppoe'
  24. option username 'O2'
  25. option password 'O2'
  26. option ipv6 'auto'
  27. option ifname 'eth0.3'
  28. option metric '20'
  29.  
  30. config interface 'wan6'
  31. option ifname 'eth0'
  32. option proto 'dhcpv6'
  33.  
  34. config switch
  35. option name 'switch0'
  36. option reset '1'
  37. option enable_vlan '1'
  38.  
  39. config switch_vlan
  40. option device 'switch0'
  41. option vlan '1'
  42. option vid '1'
  43. option ports '0 2 3 4'
  44.  
  45. config switch_vlan
  46. option device 'switch0'
  47. option vlan '2'
  48. option ports '5 6'
  49. option vid '2'
  50.  
  51. config interface 'wan'
  52. option ifname 'eth0'
  53. option _orig_ifname 'eth0'
  54. option _orig_bridge 'false'
  55. option proto 'dhcp'
  56. option metric '10'
  57.  
  58. config switch_vlan
  59. option device 'switch0'
  60. option vlan '3'
  61. option vid '3'
  62. option ports '0t 1 6t'
  63.  
  64. mwan:
  65.  
  66. config rule 'o2_tv'
  67. option dest_ip 'o2tv.cz'
  68. option proto 'all'
  69. option sticky '0'
  70. option use_policy 'wan2_only'
  71.  
  72. config rule 'pref_vdsl_mila'
  73. option proto 'all'
  74. option sticky '0'
  75. option use_policy 'wan2_only'
  76. option src_ip '10.0.0.11'
  77.  
  78. config rule 'pref_vdsl_harrier'
  79. option proto 'all'
  80. option sticky '0'
  81. option use_policy 'wan2_only'
  82. option src_ip '10.0.0.10'
  83.  
  84. config rule 'https'
  85. option sticky '1'
  86. option dest_port '443'
  87. option proto 'tcp'
  88. option use_policy 'wan_wan2'
  89.  
  90. config rule 'youtube_cz'
  91. option dest_ip 'youtube.cz'
  92. option proto 'all'
  93. option sticky '0'
  94. option use_policy 'wan_only'
  95.  
  96. config rule 'youtube_com'
  97. option dest_ip 'youtube.com'
  98. option proto 'all'
  99. option sticky '0'
  100. option use_policy 'wan_only'
  101.  
  102. config rule 'stream_cz'
  103. option dest_ip 'stream.cz'
  104. option proto 'all'
  105. option sticky '0'
  106. option use_policy 'wan_only'
  107.  
  108. config rule 'twitch_tv'
  109. option dest_ip 'twitch.tv'
  110. option proto 'all'
  111. option sticky '0'
  112. option use_policy 'wan_only'
  113.  
  114. config rule 'default_rule'
  115. option dest_ip '0.0.0.0/0'
  116. option proto 'all'
  117. option sticky '0'
  118. option use_policy 'wan_wan2'
  119.  
  120. config interface 'wan'
  121. option enabled '1'
  122. list track_ip '8.8.4.4'
  123. list track_ip '8.8.8.8'
  124. list track_ip '208.67.222.222'
  125. list track_ip '208.67.220.220'
  126. option reliability '2'
  127. option count '1'
  128. option timeout '2'
  129. option interval '5'
  130. option down '3'
  131. option up '8'
  132.  
  133. config interface 'wan2'
  134. list track_ip '8.8.8.8'
  135. list track_ip '208.67.220.220'
  136. option reliability '1'
  137. option count '1'
  138. option timeout '2'
  139. option interval '5'
  140. option down '3'
  141. option up '8'
  142. option enabled '1'
  143.  
  144. config member 'wan_m1_w3'
  145. option interface 'wan'
  146. option metric '1'
  147. option weight '3'
  148.  
  149. config member 'wan_m2_w3'
  150. option interface 'wan'
  151. option metric '2'
  152. option weight '3'
  153.  
  154. config member 'wan2_m1_w2'
  155. option interface 'wan2'
  156. option metric '1'
  157. option weight '2'
  158.  
  159. config member 'wan2_m2_w2'
  160. option interface 'wan2'
  161. option metric '2'
  162. option weight '2'
  163.  
  164. config policy 'wan_only'
  165. list use_member 'wan_m1_w3'
  166.  
  167. config policy 'wan2_only'
  168. list use_member 'wan2_m1_w2'
  169.  
  170. config policy 'balanced'
  171. list use_member 'wan_m1_w3'
  172. list use_member 'wan2_m1_w2'
  173.  
  174. config policy 'wan_wan2'
  175. list use_member 'wan_m1_w3'
  176. list use_member 'wan2_m2_w2'
  177.  
  178. config policy 'wan2_wan'
  179. list use_member 'wan_m2_w3'
  180. list use_member 'wan2_m1_w2'
  181.  
  182. firewall:
  183.  
  184. config defaults
  185. option syn_flood '1'
  186. option input 'ACCEPT'
  187. option output 'ACCEPT'
  188. option forward 'REJECT'
  189.  
  190. config zone
  191. option name 'lan'
  192. option input 'ACCEPT'
  193. option output 'ACCEPT'
  194. option forward 'ACCEPT'
  195. option network 'lan'
  196.  
  197. config zone
  198. option name 'wan'
  199. option input 'REJECT'
  200. option output 'ACCEPT'
  201. option forward 'REJECT'
  202. option masq '1'
  203. option mtu_fix '1'
  204. option network 'wan wan6 LTE wan2 test'
  205.  
  206. config forwarding
  207. option src 'lan'
  208. option dest 'wan'
  209.  
  210. config rule
  211. option name 'Allow-DHCP-Renew'
  212. option src 'wan'
  213. option proto 'udp'
  214. option dest_port '68'
  215. option target 'ACCEPT'
  216. option family 'ipv4'
  217.  
  218. config rule
  219. option name 'Allow-Ping'
  220. option src 'wan'
  221. option proto 'icmp'
  222. option icmp_type 'echo-request'
  223. option family 'ipv4'
  224. option target 'ACCEPT'
  225.  
  226. config rule
  227. option name 'Allow-IGMP'
  228. option src 'wan'
  229. option proto 'igmp'
  230. option family 'ipv4'
  231. option target 'ACCEPT'
  232.  
  233. config rule
  234. option name 'Allow-DHCPv6'
  235. option src 'wan'
  236. option proto 'udp'
  237. option src_ip 'fc00::/6'
  238. option dest_ip 'fc00::/6'
  239. option dest_port '546'
  240. option family 'ipv6'
  241. option target 'ACCEPT'
  242.  
  243. config rule
  244. option name 'Allow-MLD'
  245. option src 'wan'
  246. option proto 'icmp'
  247. option src_ip 'fe80::/10'
  248. list icmp_type '130/0'
  249. list icmp_type '131/0'
  250. list icmp_type '132/0'
  251. list icmp_type '143/0'
  252. option family 'ipv6'
  253. option target 'ACCEPT'
  254.  
  255. config rule
  256. option name 'Allow-ICMPv6-Input'
  257. option src 'wan'
  258. option proto 'icmp'
  259. list icmp_type 'echo-request'
  260. list icmp_type 'echo-reply'
  261. list icmp_type 'destination-unreachable'
  262. list icmp_type 'packet-too-big'
  263. list icmp_type 'time-exceeded'
  264. list icmp_type 'bad-header'
  265. list icmp_type 'unknown-header-type'
  266. list icmp_type 'router-solicitation'
  267. list icmp_type 'neighbour-solicitation'
  268. list icmp_type 'router-advertisement'
  269. list icmp_type 'neighbour-advertisement'
  270. option limit '1000/sec'
  271. option family 'ipv6'
  272. option target 'ACCEPT'
  273.  
  274. config rule
  275. option name 'Allow-ICMPv6-Forward'
  276. option src 'wan'
  277. option dest '*'
  278. option proto 'icmp'
  279. list icmp_type 'echo-request'
  280. list icmp_type 'echo-reply'
  281. list icmp_type 'destination-unreachable'
  282. list icmp_type 'packet-too-big'
  283. list icmp_type 'time-exceeded'
  284. list icmp_type 'bad-header'
  285. list icmp_type 'unknown-header-type'
  286. option limit '1000/sec'
  287. option family 'ipv6'
  288. option target 'ACCEPT'
  289.  
  290. config rule
  291. option name 'Allow-IPSec-ESP'
  292. option src 'wan'
  293. option dest 'lan'
  294. option proto 'esp'
  295. option target 'ACCEPT'
  296.  
  297. config rule
  298. option name 'Allow-ISAKMP'
  299. option src 'wan'
  300. option dest 'lan'
  301. option dest_port '500'
  302. option proto 'udp'
  303. option target 'ACCEPT'
  304.  
  305. config include
  306. option path '/etc/firewall.user'
  307.  
  308. config redirect
  309. option target 'DNAT'
  310. option src 'wan'
  311. option dest 'lan'
  312. option proto 'tcp udp'
  313. option src_dport '60899'
  314. option dest_ip '10.0.0.10'
  315. option dest_port '60899'
  316. option name '60899'
  317.  
  318. routes:
  319.  
  320. root@LEDE:~# ip route show
  321. default via 192.168.1.1 dev eth0 proto static src 192.168.1.100 metric 10
  322. default via 88.103.200.* dev pppoe-wan2 proto static metric 20
  323. 10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.1
  324. 88.103.200.* dev pppoe-wan2 proto kernel scope link src 90.177.49.*
  325. 192.168.1.0/24 dev eth0 proto static scope link metric 10
  326. 192.168.1.1 dev eth0 proto static scope link src 192.168.1.100 metric 10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!